Exchange WEbMail Certificate expired

Hi All,
Exchange Webmail SSL certificate for our workplace got expired yesterday, there are few other branches in different regions who uses the same webmail as us. So i tried the following steps, but i was not able to renew the certificate.
1) In Exchange Powershell tried this;
Get-ExchangeCertificate -thumbprint “BFC6AA7FB004A32FFDCC20B822D6EFBC49CBFAA0” | New-ExchangeCertificate
didnt work...
2)Tried this powershell command....
New-ExchangeCertificate -domainname mail.google.com, google.com, google.local, autodiscover.google.com, server01.google.com, server01 -Friendlyname google.com -generaterequest:$true -keysize 2048 -path c:\certrequest.txt -privatekeyexportable:$true -subjectname "c=US, o=Google Inc., cn=server01.google.com, s=California, l=Mountain View, ou=IT"
That created the text file and a certificate as well, when i went to mmc, under Personal root, it was there, i moved it to Trusted Root Certificate Authority, but its not working, i had a look at the Certificate Path for this certificate....it just says Webmail.domain.com, but its not pointing to Microsoft Exchange, could this be the problem? how it can be fixed.
Do i need to purchase a SSL certificate from GoDaddy to make the webmail work?
LVL 8
LeoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LeoAuthor Commented:
Output for this command, i.e. Get-ExchangeCertificate |FL ;


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
NotAfter           : 2/08/2016 2:38:28 PM
NotBefore          : 2/08/2015 2:38:28 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 2432AE43855FA29B4023186319F7E89F
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
Thumbprint         : 432FB48C6ADBB08D062C710352A312E5C34E32DF

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
NotAfter           : 2/08/2016 9:30:53 AM
NotBefore          : 2/08/2015 9:10:53 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 089E8CE5EC74AE8849F23EE15100A74B
Services           : None
Status             : Valid
Subject            : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint         : 2CDC28049F1727CBE6CD24C64C83AD9B8C482821

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
NotAfter           : 2/08/2016 3:37:08 AM
NotBefore          : 2/08/2015 3:17:08 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 3FE5A404B66E04AE4D7EFA993C0CDABF
Services           : None
Status             : Valid
Subject            : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
Thumbprint         : BFC6AA7FB004A32FFDCC20B822D6EFBC49CBFAA0

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 2/08/2016 3:07:16 AM
NotBefore          : 2/08/2015 3:07:16 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 47FCF1127BDAD29647614998DBF14CE8
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 5A2DEF3EBD6A951D64F97A2972932088EF4E649C

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 2/08/2016 12:53:37 AM
NotBefore          : 2/08/2015 12:53:37 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 68AF331B53583F9149BD161E9716AB8D
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 9769CA59E79A263A0FB7DFD457D07A643B3B7F83

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 1/08/2016 10:31:32 PM
NotBefore          : 1/08/2015 10:31:32 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 3819607C9454F9B54B8EFDB9C6C0C5F6
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 06824E13CCE4514424168FF105DC54A732B1FCAF

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 1/08/2016 9:34:03 PM
NotBefore          : 1/08/2015 9:34:03 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 27AE24DA4D6734914E0ACDA0EDEF5D6B
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 05560459698E1D8865216F271E41CD40109E3CB9

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter           : 1/08/2015 11:25:34 AM
NotBefore          : 1/08/2013 11:25:34 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 659034A700010000016B
Services           : IMAP, POP, IIS, SMTP
Status             : DateInvalid
Subject            : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint         : 94A80E70EFF1B2C5932009B164CF988CD653E525

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter           : 25/05/2014 3:13:21 PM
NotBefore          : 25/05/2012 3:13:21 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 76BA831E0001000000DD
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=webmail.domain.com.au, O=local domain South Pacific Holdings Pty Ltd, C=AU
Thumbprint         : 575B73C9CB836D40ED799790EA297A1DB7640CFD
0
Andrew DavisManagerCommented:
This is a self issued certificate, as such it will not be trusted. You need to purchase a (preferably UC) certificate from a trusted authority. The provider will generally have a guide for how to install it.

You dont mention what version of server you are running, but they have guides for most.

Cheers
Andrew
0
MAS (MVE)EE Solution GuideCommented:
Please post the result of the command
Get-ExchangeCertificate | fl issuer,IsSelfSigned,NotAfter,thumbprint

Open in new window


Please use this to create new CSR
http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LeoAuthor Commented:
Output for this command, i.e. Get-ExchangeCertificate |FL ;


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
NotAfter           : 2/08/2016 2:38:28 PM
NotBefore          : 2/08/2015 2:38:28 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 2432AE43855FA29B4023186319F7E89F
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=webmail.domain.com.au, OU=”IT”, O=”localdomain”, L=”Brisbane”, S=”QLD”, C=AU
Thumbprint         : 432FB48C6ADBB08D062C710352A312E5C34E32DF

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
NotAfter           : 2/08/2016 9:30:53 AM
NotBefore          : 2/08/2015 9:10:53 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 089E8CE5EC74AE8849F23EE15100A74B
Services           : None
Status             : Valid
Subject            : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint         : 2CDC28049F1727CBE6CD24C64C83AD9B8C482821

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
NotAfter           : 2/08/2016 3:37:08 AM
NotBefore          : 2/08/2015 3:17:08 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 3FE5A404B66E04AE4D7EFA993C0CDABF
Services           : None
Status             : Valid
Subject            : C=AU, S=”QLD”, L=”Brisbane”, O=”localdomain”, OU=”IT”, CN=webmail.domain.com.au
Thumbprint         : BFC6AA7FB004A32FFDCC20B822D6EFBC49CBFAA0

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 2/08/2016 3:07:16 AM
NotBefore          : 2/08/2015 3:07:16 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 47FCF1127BDAD29647614998DBF14CE8
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 5A2DEF3EBD6A951D64F97A2972932088EF4E649C

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 2/08/2016 12:53:37 AM
NotBefore          : 2/08/2015 12:53:37 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 68AF331B53583F9149BD161E9716AB8D
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 9769CA59E79A263A0FB7DFD457D07A643B3B7F83

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 1/08/2016 10:31:32 PM
NotBefore          : 1/08/2015 10:31:32 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 3819607C9454F9B54B8EFDB9C6C0C5F6
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 06824E13CCE4514424168FF105DC54A732B1FCAF

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {BNEMES01, BNEMES01.ttsp.internal}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=BNEMES01
NotAfter           : 1/08/2016 9:34:03 PM
NotBefore          : 1/08/2015 9:34:03 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 27AE24DA4D6734914E0ACDA0EDEF5D6B
Services           : SMTP
Status             : Valid
Subject            : CN=BNEMES01
Thumbprint         : 05560459698E1D8865216F271E41CD40109E3CB9

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter           : 1/08/2015 11:25:34 AM
NotBefore          : 1/08/2013 11:25:34 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 659034A700010000016B
Services           : IMAP, POP, IIS, SMTP
Status             : DateInvalid
Subject            : CN=webmail.domain.com.au, OU=IT, O=localdomain, L=Brisbane, S=QLD, C=AU
Thumbprint         : 94A80E70EFF1B2C5932009B164CF988CD653E525

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.Crypt
                     oKeyAccessRule}
CertificateDomains : {webmail.domain.com.au, evault.domain.com.au, webmail.local.domain.com.au, autodiscover.domain.com.au, autodiscover.local.domain.com.au,
                      autodiscover.elamotors.com.pg, autodiscover.asco.com.fj, autodiscover.ela.com.sb, autodiscover.asco.vu, autodiscover.asco.com.to, autodis
                     cover.asco.ws, autodiscover.asco.as, ttcars.domain.com.au, bnemes01.ttsp.internal, bnevlt01.ttsp.internal, evault.ttsp.internal...}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=TTSP-CA, DC=ttsp, DC=internal
NotAfter           : 25/05/2014 3:13:21 PM
NotBefore          : 25/05/2012 3:13:21 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 76BA831E0001000000DD
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=webmail.domain.com.au, O=local domain South Pacific Holdings Pty Ltd, C=AU
Thumbprint         : 575B73C9CB836D40ED799790EA297A1DB7640CFD
0
MAS (MVE)EE Solution GuideCommented:
0
LeoAuthor Commented:
do i need to purchase single site SSL certificate or multi site SSL certificate?
0
LeoAuthor Commented:
MAS Step1 of your instructions for the first link is to install the certificate, which certificate i am installing?
0
MAS (MVE)EE Solution GuideCommented:
You need to have multiple domain (UC) certificate from a 3rd party CA
Create CSR using my tool provided above.
Let them issue the certificate and then download the certificate from the control panel of the 3rd party CA portal.
Then install using the link provided above

You need 2 names if you have only 1 email domain.
1. mail.emaildomain.com
2. autodiscover.emaildomain.com
It is explained my article above regarding the names required
0
LeoAuthor Commented:
Certification has been installed and emails have started coming, but now on outlook and on some websites we are getting the following error attached.
Website-Error.jpg
Exchange-Email-cert-fail-1.JPG
0
MAS (MVE)EE Solution GuideCommented:
First error seems like you didn't enable IIS services on the right certificate.
Remove all the expired certificates using command
Remove-exchangecertificate -thumbprint xxxxxxxxxxxxx

Second  error is due to incorrect configuration of URLs.
Please check my article and make sure all the URLs configured properly.
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html
0
LeoAuthor Commented:
The errors are still not fixed :-(
[PS] C:\Windows\system32>get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
C941FFCAB21DC6BCD1FC5F0F2E4955351CE83767  IP.WS      CN=webmail.domain.com.au, OU=Domain Control Validated
5A2DEF3EBD6A951D64F97A2972932088EF4E649C  ....S      CN=BNEMES01
9769CA59E79A263A0FB7DFD457D07A643B3B7F83  ....S      CN=BNEMES01
575B73C9CB836D40ED799790EA297A1DB7640CFD  IP..S      CN=webmail.domain.com.au, O=local South Pacific Holdings Pty Ltd, C=AU

for the top one i.e. C941FFCAB21DC6BCD1FC5F0F2E4955351CE83767, what do I have to do , so that for its services, it will display....IP..S
0
Kash2nd Line EngineerCommented:
Enable-ExchangeCertificate -Server 'EXCH-H-868' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'C941FFCAB21DC6BCD1FC5F0F2E4955351CE83767'

should do the trick
0
LeoAuthor Commented:
That certificate is only purchased for webmail (From GoDaddy). So still I should enable it for IMAP,POP and SMTP?
0
LeoAuthor Commented:
getting this error when i run the command you listed.....

Enable-ExchangeCertificate : A parameter cannot be found that matches parameter name 'Server'.
At line:1 char:35
+ Enable-ExchangeCertificate -Server <<<<  'Exchange' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'C941FFCAB21DC6BCD1FC5F0F2E4955351CE83767'
    + CategoryInfo          : InvalidArgument: (:) [Enable-ExchangeCertificate], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Exchange.Management.SystemConfigurationTasks.EnableExchangeCertificate
0
MAS (MVE)EE Solution GuideCommented:
Please run this on all servers and let me know
Enable-ExchangeCertificate -Services 'IMAP, POP, IIS, SMTP' -Thumbprint <Thumbprint-of-the-new-certificate>

Open in new window

0
LeoAuthor Commented:
Thanks guys, on browser, its still tying to refer to old cert, even though I have deleted it.
We have a TMG server as well, do I have to do anything on it? I have already imported the certificate on TMG server.
kindly see the attached error.
Cert.jpg
0
MAS (MVE)EE Solution GuideCommented:
Did you try restarting transport service? If not please do that
Are you getting this error from internal network?
If yes then you enabled services on the certificate issued by certificate autority named "CA" not 3rd party CA.
Please run this command to check you enabled services on the right certirtificate (i.e. not self signed certificate)
Get-ExchangeCertificate | ft Services,IsSelfSigned

Open in new window

0
LeoAuthor Commented:
The one I posted is the expired one, and I got the new cert from GoDaddy, the old one is already deleted......under services for new cert it shows  IP.WS
0
LeoAuthor Commented:
I believe it should show IP..S ?
0
MAS (MVE)EE Solution GuideCommented:
It shouls be like this on the new Godaddy certificate
IP.WS  
IMAP, POP, IIS, SMTP  (command result)
0
LeoAuthor Commented:
So what do I have to do, so that on browser it starts pointing to new cert?
0
MAS (MVE)EE Solution GuideCommented:
post the result of this command
Get-ExchangeCertificate | fl Services,IsSelfSigned,Thumbprint

Open in new window

0
LeoAuthor Commented:
Services     : IMAP, POP, IIS, SMTP
IsSelfSigned : False
Thumbprint   : C941FFCAB21DC6BCD1FC5F0F2E4955351CE83000
0
MAS (MVE)EE Solution GuideCommented:
This is correct.
Anyway please check the certificate thumbprint when you open OWA by clicking view certificate.
If it is not the same then there is some intermediate device is in play
0
LeoAuthor Commented:
When I access owa it gives IIS7 screen.
Are there any further checks I can do?
0
MAS (MVE)EE Solution GuideCommented:
open OWA by typing https://mail.domain.com/owa
0
LeoAuthor Commented:
Already tried this, getting this message....
The webpage at https://mail.domian.com/owa might be temporarily down or it may have moved permanently to a new web address.
0
LeoAuthor Commented:
I can access it by IP address, not by mail.domain.com name.....
0
MAS (MVE)EE Solution GuideCommented:
If you cannot access your OWA by your external name, that means you don't have splitDNS configured or A record created for mail.externaldomain.com
0
LeoAuthor Commented:
ok, how can I check it if its splitDNS or not?
and how can I resolve it?
0
Andrew DavisManagerCommented:
what IP is returned when you ping mail.domain.com
it should return the IP of the server, not the IP of your external interface.

To get it to return the IP of your server you need to create a primary zone in your DNS server for domain.com and then create an a record for mail that points to the server. This is called a split DNS as the IP returned is different from internal to external.

Cheers
Andrew
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LeoAuthor Commented:
Exceptional assistance, too good, thanks to all experts for there assistance...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.