SBS 2008 RWW and exchange stops functioning for approximately 1 hour then recovers .

The server has external Drives which are used for SBS backups . The drives are periodically swapped out , around the time this happens the RWW and exchange basically stops functioning for an period of time before self recovering . The drive swap is the only external factor that happens around the event but I am not sure there is any relationship .
The features of this issue are :
A person types in remote.the company.com and the browser just spins and spins with no timeout . The person just waits forever for a login screen .
Simultaneously the exchange system stops sending or receiving mail with no error messages on the clients side .

Have run Fix my network wizard and found no certificate errors .
This server is heavily used for remote access and email so I want to make sure that i am fixing this issue instead of doing anything that would break either exchange or RWW. Server downtime  must be minimum .

The event logs show the following error messages during the event :

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date:          8/21/2015 11:18:37 AM
Event ID:      64
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:    MAIN.local
Description:
Certificate for local system with Thumbprint 2d 5a 90 80 e0 59 68 09 aa a7 10 e9 bf 48 94 15 d1 c4 f0 ae is about to expire or already expired.


Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date:          8/21/2015 11:18:37 AM
Event ID:      64
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      -MAIN.local
Description:
Certificate for local system with Thumbprint ad 4d 74 86 1b 77 d7 87 c4 07 2a 17 b9 fb 9a 7d 9f af 41 82 is about to expire or already expired.

Log Name:      Application
Source:        Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date:          8/21/2015 11:18:37 AM
Event ID:      64
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:     -MAIN.local
Description:
Certificate for local system with Thumbprint 36 a2 4d af e3 ff 3e f4 81 9d 7a c1 84 49 14 87 3a 3b ee c0 is about to expire or already expired.

Log Name:      Application
Source:        MSExchangeTransport
Date:          8/21/2015 11:18:31 AM
Event ID:      12016
Task Category: TransportService
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      -MAIN.local
Description:
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of remote.the.com. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of remote.the.com should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
Andre PAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
it seems that your certificate is expired. Is it self signed certificate or third party certificate?
Andre PAuthor Commented:
I launched the MMC snapin and found the certificates with these thumbprints .
They expired in September and October of 2013 (2 years ago ) respectively .
They were both self signed.
The network solutions cert does not expire until march of next year.
systechadminConsultantCommented:
Kindly check if certificate is assigned to exchange services like IIS, SMTP

Get-ExchangeCertificate | fl

Paste results here.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Andre PAuthor Commented:
Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #45:

Forgot what the available parameters are on a cmdlet? Just use tab completion! T
ype:

 Set-Mailbox -<tab>

When you type a hyphen (-) and then press the Tab key, you will cycle through al
l the available parameters on the cmdlet. Want to narrow your search? Type part
of the parameter's name and then press the Tab key. Type:

 Set-Mailbox -Prohibit<tab>

[PS] C:\Windows\system32>Get-ExchangeCertificate | fl


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {servername-MAIN.servername.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=servername-servername-MAIN-CA
NotAfter           : 7/18/2016 9:19:00 PM
NotBefore          : 7/19/2015 9:19:00 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 1575D2AA000100000046
Services           : IMAP, POP
Status             : Valid
Subject            : CN=servername-MAIN.servername.local
Thumbprint         : D4C96D607D5B02B2B1BA6A7E83AFF268C46370D0

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {servername-servername-MAIN-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=servername-servername-MAIN-CA
NotAfter           : 7/18/2020 9:26:02 PM
NotBefore          : 7/19/2015 9:16:02 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 6149168B0E3F54BF4604AE46D62F0D21
Services           : None
Status             : Valid
Subject            : CN=servername-servername-MAIN-CA
Thumbprint         : 9105BFF322ACB73B90B07AD9C6BEF44E8CCC81F3

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {localhost}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=localhost
NotAfter           : 2/6/2025 7:00:00 PM
NotBefore          : 2/7/2015 7:05:48 PM
PublicKeySize      : 1024
RootCAType         : None
SerialNumber       : 087C922D5CA7FE8544893C40ADE9BFF7
Services           : None
Status             : Valid
Subject            : CN=localhost
Thumbprint         : 60794ED6E4BCAA9FB9BF86F6422F788402901E0B

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mycompany.com, mycompany.c
                     om, servername-MAIN.servername.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=servername-servername-MAIN-CA
NotAfter           : 10/4/2013 10:02:29 PM
NotBefore          : 10/5/2011 10:02:29 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 17B390A300000000001D
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=remote.mycompany.com
Thumbprint         : 2D5A9080E0596809AAA710E9BF489415D1C4F0AE

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mycompany.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Network Solutions DV Server CA, O=Network Solutions L.L
                     .C., C=US
NotAfter           : 3/19/2016 7:59:59 PM
NotBefore          : 10/5/2011 8:00:00 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 7CD5D0B8EBF24819F776D2B7F6F12CDE
Services           : IIS, SMTP
Status             : Valid
Subject            : CN=remote.mycompany.com, OU=nsProtect Secure X
                     press, OU=Domain Control Validated
Thumbprint         : 8B9B6E91FE283B1FD9CB4374E635E9E2FA58E935

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {remote.mycompany.com, mycompany.c
                     om, servername-MAIN.servername.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=servername-servername-MAIN-CA
NotAfter           : 9/28/2013 1:39:23 PM
NotBefore          : 9/29/2011 1:39:23 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 610EF47B00000000001B
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=remote.mycompany.com
Thumbprint         : 36A24DAFE3FF3EF4819D7AC1844914873A3BEEC0

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, servername-MAIN.servername.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=servername-servername-MAIN-CA
NotAfter           : 9/3/2011 3:05:04 PM
NotBefore          : 9/3/2009 3:05:04 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 610441DF000000000002
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=Sites
Thumbprint         : AD4D74861B77D787C4072A17B9FB9A7D9FAF4182

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {servername-servername-MAIN-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=servername-servername-MAIN-CA
NotAfter           : 9/3/2014 3:14:49 PM
NotBefore          : 9/3/2009 3:04:49 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 4256196235CDE8A9450C7315DAF19AED
Services           : None
Status             : DateInvalid
Subject            : CN=servername-servername-MAIN-CA
Thumbprint         : 8BA2B125D5D4AA3F3B355E904E4494BD1BA92D42

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-L54IFZ0IDFD}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-L54IFZ0IDFD
NotAfter           : 8/31/2019 8:38:39 PM
NotBefore          : 9/2/2009 8:38:39 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : CDB4CBC95A9520A54B028E2C6CC17D12
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-L54IFZ0IDFD
Thumbprint         : F2D13CEE5212F1AE8695881DCE4D6D97661C799D



[PS] C:\Windows\system32>
David Johnson, CD, MVPOwnerCommented:
from the emc shell
get-exchangecertificate | where ($_.notafter -le (get-date) | select $_.thumbprint | renew-certificate

Open in new window


or run the following

get-certificate -thumbprint 9105BFF322ACB73B90B07AD9C6BEF44E8CCC81F3 | renew-certificate

Open in new window

for each of these thumbprints
D4C96D607D5B02B2B1BA6A7E83AFF268C46370D0
9105BFF322ACB73B90B07AD9C6BEF44E8CCC81F3
60794ED6E4BCAA9FB9BF86F6422F788402901E0B
2D5A9080E0596809AAA710E9BF489415D1C4F0AE
36A24DAFE3FF3EF4819D7AC1844914873A3BEEC0
AD4D74861B77D787C4072A17B9FB9A7D9FAF4182
8BA2B125D5D4AA3F3B355E904E4494BD1BA92D42
F2D13CEE5212F1AE8695881DCE4D6D97661C799D

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pgm554Commented:
Just for the heck of it ,download  and run the SBS best practices analyzer and post results.

http://www.microsoft.com/en-us/download/details.aspx?id=6231
Andre PAuthor Commented:
David Johnson
This server is running 24/7 as a remote access system .
If I run get-certificate on the server ,is there a chance it will break the remote access for the users ?
I support this server remotely . Could it then lock me out ?

I will also run Best Practices shortly .
We are currently migrating to a cloud backup system and this has become temporarily not as hot an issue .
Will be tackling it in a week .
David Johnson, CD, MVPOwnerCommented:
updating certificates will not lock you out of the system under any circumstances. Especially since these certificates are invalid/expired at this time.. I can see where if a certificate expires that it could cause connection problems with clients that rely on a valid certificate
Andre PAuthor Commented:
I will be acting on this in the beginning of the month for budgetary reasons .
I have not abandoned this thread
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.