Solved

Exchange/Outlook 2010 Security Alert - Certificates

Posted on 2013-06-20
3
3,364 Views
Last Modified: 2013-06-28
Exchange 2010 SP2 server
Windows Server 2008 R2 SP1
Outlook 2010


Hey guys and girls,

I just started seeing a certificate pop-up when users open up Outlook 2010.

Security Alert
Servername.domain.com
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

X The application experienced an internal error loading the SSL libraries.

The site should not be trusted.

Also looking thru the Event Logs I found hundreds of the following event;

Event ID:
Schannel      36885      When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.

Some of the googling Ive done points to a fix possibly being removing some of the 360 Certs that are listed in the 'Trusted Root Certification Authorities' MMC... but Im not sure thats the fix, also, how would I know what is used and what isnt?

Any ideas? Thanks in advance.
0
Comment
Question by:GCTTechs
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
Dave earned 500 total points
ID: 39264430
If its a server it doesn't need to trust any, other than those it uses for downloads, and those for any certs it has installed.. This KB

http://support.microsoft.com/kb/2801679

suggests deleting and then running windows update to put the missing ones back. Providing you back up the registry key its an easy change to back out....
0
 

Author Comment

by:GCTTechs
ID: 39264476
This is actually an Exchange server.
0
 
LVL 12

Expert Comment

by:Dave
ID: 39264520
Is external TLS enabled for external connections or is it just port 25? If its just port 25 its not making outbound encrypted sessions, so just the locak certs...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Large Outlook files lead to various unwanted errors and corruption issues. Furthermore, large outlook files can also make Outlook take longer to start-up, search, navigate, and shut-down. So, In this article, i will discuss a method to make your Out…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video discusses moving either the default database or any database to a new volume.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now