Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SBS 2008 - Code Signing Certificate Expiring

Posted on 2014-02-17
10
Medium Priority
?
1,386 Views
Last Modified: 2014-05-27
We recently started getting EVENT 64's in our Event log.  Which, normally, I would point to being a problem with the self-issued certificate for the SBS sites or the Exchange certificate for SMTP.  But when I checked the certificates, I found that it is the "Code Signing" Certificate.  How can I Renew this?  Microsoft's documentation is confusing at best, and I am concerned that doing any of it on an SBS server could break it.  Any ideas on how to fix this?

Event Log: Application
Windows Event Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Windows Event ID: 64
Windows Event Level: Warning
Windows Event Message: Certificate for local system with Thumbprint bd 46 7f f9 79 e6 e6 69 3a 0d 02 de 9f 3d dd 0e 9b b4 22 18 is about to expire or already expired.

Also, attached is a screen shot of the certificate authority
CodeSigning.JPG
0
Comment
Question by:CoastalSlns
  • 6
  • 4
10 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39866144
That message is definitely because your SSL certificate is about to expire.

Since its self-signed, you just need to renew it by doing the following:

1. In the SBS Console, click on Network Tab > Connectivity Tab
2. Click on the certificate icon, then click the “view certificate properties” in the right pane. On the General tab of the new window, it will show the dates that the self-signed certificate is valid.
3. In the “Connectivity Tasks” area, click “setup your Internet address”, go through the wizard to renew your self-signed certificate.
4. Re-check the certificate properties to verify it is now valid for another couple of years
0
 

Author Comment

by:CoastalSlns
ID: 39867222
Jeff,

It's not the certificate for the remote web workplace, OWA, etc.  It's something completely different.  

I found a few other servers we manage have a similar certificate, and it looks like it was issued the day we installed Exchange 2007 SP3.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39868970
Please just run the Wizard in the SBS Console because that will take care of everything your server needs.

Jeff
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 

Author Comment

by:CoastalSlns
ID: 39877970
That does not work.  I have tried running the wizard in the SBS Console, the code signing cert still shows as expiring soon.

I am not sure this certificate is even needed, however, it is interesting that it appeared the same day we installed Exchange 2007 SP3 on these servers.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880293
Ah... does it appear anymore?  Because it would be normal for that error to show during installation of Exchange 2007 SP3.

Jeff
0
 

Author Comment

by:CoastalSlns
ID: 39880572
The code signing certificate is listed a certificate on the server, which is generating the event listed above.  This same event is used to show when any certificate on the server is expiring, so, I monitor event logs for that alert to make sure none of the web services certificates are not expiring.

I think I'll try and delete it and see what happens.  Will report back.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880638
Actually -- I just now saw that the latest Rollup for Exchange 2007 SP3 has been re-released due to this specific problem:
http://exchangeserverpro.com/microsoft-re-releases-exchange-server-update-rollups-due-to-code-signing-issue/


Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880642
So, you'll want to be sure that gets reapplied:
http://www.microsoft.com/en-us/download/details.aspx?id=34959
0
 

Author Comment

by:CoastalSlns
ID: 39882491
Exchange 2007 SP3 latest update rollup is 12, which was applied to the server.  Additionally,  Update Rollup 8-v2 was applied to these servers back when it was released.  Update Rollup 8 was never installed.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 39884966
So, I just looked at an SBS 2008 that I installed for a client a few years ago.  The CodeSigning Certificate was issued for a year, and expired on 1/13/2012.  

I've never had a problem with this server -- so I would say you can safely ignore the warning as SBS 2008 doesn't use that certificate.

Jeff
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question