Solved

SBS 2008 - Code Signing Certificate Expiring

Posted on 2014-02-17
10
1,207 Views
Last Modified: 2014-05-27
We recently started getting EVENT 64's in our Event log.  Which, normally, I would point to being a problem with the self-issued certificate for the SBS sites or the Exchange certificate for SMTP.  But when I checked the certificates, I found that it is the "Code Signing" Certificate.  How can I Renew this?  Microsoft's documentation is confusing at best, and I am concerned that doing any of it on an SBS server could break it.  Any ideas on how to fix this?

Event Log: Application
Windows Event Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Windows Event ID: 64
Windows Event Level: Warning
Windows Event Message: Certificate for local system with Thumbprint bd 46 7f f9 79 e6 e6 69 3a 0d 02 de 9f 3d dd 0e 9b b4 22 18 is about to expire or already expired.

Also, attached is a screen shot of the certificate authority
CodeSigning.JPG
0
Comment
Question by:CoastalSlns
  • 6
  • 4
10 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39866144
That message is definitely because your SSL certificate is about to expire.

Since its self-signed, you just need to renew it by doing the following:

1. In the SBS Console, click on Network Tab > Connectivity Tab
2. Click on the certificate icon, then click the “view certificate properties” in the right pane. On the General tab of the new window, it will show the dates that the self-signed certificate is valid.
3. In the “Connectivity Tasks” area, click “setup your Internet address”, go through the wizard to renew your self-signed certificate.
4. Re-check the certificate properties to verify it is now valid for another couple of years
0
 

Author Comment

by:CoastalSlns
ID: 39867222
Jeff,

It's not the certificate for the remote web workplace, OWA, etc.  It's something completely different.  

I found a few other servers we manage have a similar certificate, and it looks like it was issued the day we installed Exchange 2007 SP3.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39868970
Please just run the Wizard in the SBS Console because that will take care of everything your server needs.

Jeff
0
 

Author Comment

by:CoastalSlns
ID: 39877970
That does not work.  I have tried running the wizard in the SBS Console, the code signing cert still shows as expiring soon.

I am not sure this certificate is even needed, however, it is interesting that it appeared the same day we installed Exchange 2007 SP3 on these servers.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880293
Ah... does it appear anymore?  Because it would be normal for that error to show during installation of Exchange 2007 SP3.

Jeff
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:CoastalSlns
ID: 39880572
The code signing certificate is listed a certificate on the server, which is generating the event listed above.  This same event is used to show when any certificate on the server is expiring, so, I monitor event logs for that alert to make sure none of the web services certificates are not expiring.

I think I'll try and delete it and see what happens.  Will report back.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880638
Actually -- I just now saw that the latest Rollup for Exchange 2007 SP3 has been re-released due to this specific problem:
http://exchangeserverpro.com/microsoft-re-releases-exchange-server-update-rollups-due-to-code-signing-issue/


Jeff
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39880642
So, you'll want to be sure that gets reapplied:
http://www.microsoft.com/en-us/download/details.aspx?id=34959
0
 

Author Comment

by:CoastalSlns
ID: 39882491
Exchange 2007 SP3 latest update rollup is 12, which was applied to the server.  Additionally,  Update Rollup 8-v2 was applied to these servers back when it was released.  Update Rollup 8 was never installed.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 39884966
So, I just looked at an SBS 2008 that I installed for a client a few years ago.  The CodeSigning Certificate was issued for a year, and expired on 1/13/2012.  

I've never had a problem with this server -- so I would say you can safely ignore the warning as SBS 2008 doesn't use that certificate.

Jeff
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now