Solved

SBS2008: Issue with expired security certificate

Posted on 2014-07-21
5
298 Views
Last Modified: 2014-07-24
I have small SBS2008 network I inherited a while back. Two Windows 7 Pro clients. Recently the clients started getting a security certificate error for their local domain (remote.domain.local) when they launch Outlook. See attached graphic. I did find that there were valid certificates on file and that the latest one had just expired. As they do NOT access this server remotely and have no need of the certificate, I would prefer to disable the certificate checking process.

I found this article: http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx and followed the steps down to step 5.2. The rest of the procedure was over my head so I didn't go beyond that step. Suffice to say, whatever I did up to step 5.2 did not fix the problem. Ideally I would like to disable the clients from attempting to use this certificate so they don't have to renew it. Thanks.
certificate-error.JPG
0
Comment
Question by:tcianflone
  • 2
  • 2
5 Comments
 
LVL 22

Accepted Solution

by:
David Atkin earned 300 total points
ID: 40209021
Hello,

The answer here is not to uninstall the Certification Authority but to simply renew the certificate.

You may have caused further issues by following that article.  SBS and Exchange rely on the certificates to function correctly.

Start by opening the SBS Console> Go to the networking tab and then connectivity.  Run the fix my network wizard.  Let us know what it finds.
0
 
LVL 4

Assisted Solution

by:xaichen
xaichen earned 200 total points
ID: 40209096
Hello. I agree with David Atkin.

You can renew the self signed certificate with just a few clicks from the SBS Console.

Windows SBS Console > Network Tab > Connectivity Tasks > Setup your Internet address

Follow the Wizard through to renew the certificate.

There are options to disable encryption on most email clients and to configure the server to allow unencrypted connection, bu the work involved and the security reduction it would cause would make it inadvisable.

Best regards.
0
 
LVL 1

Author Comment

by:tcianflone
ID: 40211372
Thanks for engaging on this topic. I ran the fix network wizard; results in attached graphic. I also ran the Set Up Your Internet Address wizard. Status of the certificate went from unknown to self-signed. I'm not on site, but have sent an email to the users to find out if the error pop-up has gone away. Will update status as soon as I know.
netfixwizard.jpg
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40211555
Great let us know the outcome but with any luck that should have sorted you out.

The DHCP warning and the warning about the ports isn't a major concern.
0
 
LVL 1

Author Comment

by:tcianflone
ID: 40216592
Thanks for the help! I didn't understand about the self-signed certificate on these SBS machines, so this really helped me out. The wizard seems to get you through it pretty well. Regarding the other network "errors" the wizard found, yes, the server is not doing DHCP here so that was expected. And they are not accessing any of the SBS functionality outside the office so those ports are all closed. Cheers!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now