MSSC_support
asked on
Exchange CAS certificate expired and renewed and replaced but all Outlook clients still getting Certification expired error.
Our SSL certificate recently expired and was renewed but Outlook 2010 Clients are still getting SSL errors. We use Exchange 2010. We use DNS to point to our external certificate and have the following in place to cater for that:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceIntern alUri https://mail.contoso.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDire ctory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx
Our Outlook Web Access is getting the correct certificate and it seems to be only affecting our internal clients. When I run the Get-exchangeservercertific ate command the correct certificates are in place. The old certificate is not visible anywhere yet I still get the error. I have even checked the registry and also under MMC but cannot find the reference point for the old certificate anywhere. Can anyone help?
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceIntern
Set-WebServicesVirtualDire
Our Outlook Web Access is getting the correct certificate and it seems to be only affecting our internal clients. When I run the Get-exchangeservercertific
What are the Errors in the event logs of CAS server, check that and update us here.
ASKER
I've got this one error but this does not make sense.
This certificate is not one on the list when executing GET-EXCHANGECERTIFICATE | FL. The above is our old certificate.
Log Name: Application
Source: MSExchangeTransport
Date: 05/03/2014 16:04:22
Event ID: 12023
Task Category: TransportService
Level: Warning
Keywords: Classic
User: N/A
Computer: V-EXCHCAS1.sea-cadets.org
Description:
Microsoft Exchange could not load the certificate with thumbprint of CF414B5D61320B56C88AADCEB8FD5CDEF52F 75CC from the personal store on the local computer. This certificate was configured for authentication with other Exchange servers. Mail flow to other Exchange servers could be affected by this error. If the certificate with this thumbprint still exists in the personal store, run Enable-ExchangeCertificate CF414B5D61320B56C88AADCEB8 FD5CDEF52F 75CC -Services SMTP to resolve the issue. If the certificate does not exist in the personal store, restore it from backup by using the Import-ExchangeCertificate cmdlet, or create a new certificate for the FQDN or the server enabled for SMTP by running the following command: New-ExchangeCertificate -DomainName serverfqdn -Services SMTP. Meanwhile, the certificate with thumbprint A799EBE84C069ED91755EB73FD E9AF4FF92A 3689 is being used.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchangeTransport"/>
<EventID Qualifiers="32772">12023</EventID>
<Level>3</Level>
<Task>12</Task>
<Keywords>0x80000000000000</Keywords >
<TimeCreated SystemTime="2014-03-05T16:04:22.0000 00000Z" />
<EventRecordID>364065</EventRecordID >
<Channel>Application</Channel>
<Computer>V-EXCHCAS1.sea-cadets.org< /Computer>
<Security />
</System>
<EventData>
<Data>CF414B5D61320B56C88AADCEB8FD5C DEF52F75CC </Data>
<Data>A799EBE84C069ED91755EB73FDE9AF 4FF92A3689 </Data>
</EventData>
</Event>
This certificate is not one on the list when executing GET-EXCHANGECERTIFICATE | FL. The above is our old certificate.
ASKER
I have tried to assign the certificate to services which asked to overwrite the old certificate but I still get the certificate errors.
ASKER
Since then the error logs have stopped but I still receive the certificate warning message.
ASKER
Any ideas?
Hi,
Please go through below technet article, this may help you.
Please go through below technet article, this may help you.
ASKER
Can you please send me the link to the article?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much. Using the article I was able to identify that we had two cas servers on DNS for the same certificate address and the second CAS server although it had the correct certificate, was not assigned in IIS. After setting this and rebooting all is well.
Its nice to hear that your issue has been resolved.
So please accept your desired answer so that others can be benifited if they found any issue related to this.
So please accept your desired answer so that others can be benifited if they found any issue related to this.
ASKER
This resolved our issue over DNS and hence installing the correct Certificates on all other Servers.
However, I also required another KB article:
support.microsoft.com/kb/9 40726
This completed the fix.
However, I also required another KB article:
support.microsoft.com/kb/9
This completed the fix.