How create a new certificate by using the New-ExchangeCertificate task.

When users open Outlook they get a “Microsoft Outlook” dialog box pop up.
**********************
Allow this website to configure (users email address) server settings
https://remote.domainname.com/autodiscover/autodiscovery.xml

Your account was redirected to this website for settings
You should only allow settings from sources you know and trust

Allow or Cancel
*********************
Another dialog box pops up called “Security Alert”
The Security certificate has expired or is not yet valid


The server is reporting:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.nardonepridgeon.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.nardonepridgeon.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.

ISSUE:
When I try to create a new certificate using the "Exchange Management Shell", I get constant "Access Denied"
Basically I must be doing something wrong. Any help would be appreciated
LVL 1
Andreas GieryicComputer Networking, OwnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David AtkinTechnical DirectorCommented:
Hello,

Are you trying to use a self signed or trusted certificate?

If you have SBS 2008, open the SBS Console> Network Tab> Connectivity sub tab

Run the Fix My Network Wizard on the right hand side.  This should repair the certificate error for you.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I found this article on EE but it was blank
ID: 27205026  

tried following this article but was not able to resolve the issue
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
Yes,  I am trying to renew the certificate that was created in SBS2008
I did see where the certificate did expire on 12/13/2014 - 2 days ago
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Andreas GieryicComputer Networking, OwnerAuthor Commented:
I did run the "Fix My Network" and it saw that the certificate had expired. It said that it renewed. Do I need to restart the Exchange services - or at least the "Transport" service.
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
I opened a users Outlook and it came up with no certificate errors. I had no idea how easy the fix was you provided.
Everything I read dealt with Shell Commands - which kept coming back with "Access Denied" errors

I probably did not need to do so, but I restarted the server just to make sure all is clean

Is there a way to renew the certificate before it expires? I have 2 more SBS2008 servers
I am looking into getting a 3rd party certificate.
0
David AtkinTechnical DirectorCommented:
Hello,

No need to restart any of the exchange services - The fix my network should be the only thing needed for local users.  If you have some remote users you may have to install the certificate manually on them though.

You can replace a self signed certificate with a Trusted 3rd party certificate at any time, just re-run the 'Add a Trusted Certificate Wizard'. There isn't much point in renewing a self signed certificate until it has expired really.  Just make a note on your calendar to do this.
0
Andreas GieryicComputer Networking, OwnerAuthor Commented:
Much appreciated
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.