Solved

Exchange/PowerShell SSL certicate error

Posted on 2013-05-23
4
1,931 Views
Last Modified: 2013-05-25
We are using MDM (Mobile device Management) solution (SaaS), which enables ActiveSync on users mailbox when user provision devices in MDM. The process had been working until last week. Now MDM solution console is generating below error message and PowerShell is not executed for any new devices provisioned in MDM:

Error message:
Exception Message: Connecting to remote server failed with the following error message : The server certificate on the destination computer (XXX.test.com:443) has the following errors:  The SSL certificate could not be checked for revocation. The server used to check for revocation might be unreachable.

There was recently a change implemented on Exchange/CAS server. The IIS for client certificates was set to "Ignore" in SSL Settings for ActiveSync folder. This was implemented because existing ActiveSync users were getting 403 certificate error on devices. Implementing the change resolved the connectivity issue for existing MDM provisioned devices

Not sure if the above changes has impacted executing powershell. But the error is now generated for executing PowerShell for new devices enrolling in MDM solution.

We are using Exchange 2010

Any resolution or solution will be appreciated
0
Comment
Question by:lbeach94
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Julian123 earned 500 total points
ID: 39193252
This can be caused by failure to connect to the certificate revocation list. Here are a couple of causes and options: http://exchangeserverpro.com/exchange-2010-certificate-revocation-checks-and-proxy-settings/
0
 

Author Comment

by:lbeach94
ID: 39193273
Thanks for the quick response. Where are these settings applied , on Exchange/CAS server ?
0
 
LVL 12

Expert Comment

by:Julian123
ID: 39193286
For ActiveSync, should be the CAS. I'd check the mailbox too if the CAS doesn't do it as I'm not sure offhand what the MDM server is connecting to.
0
 

Author Comment

by:lbeach94
ID: 39193296
MDM server connect to CAS servers to run powershell for user mailbox. The error generated is on MDM connectivity server
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question