Solved

SBS 2011 Server won't allow clients to connect

Posted on 2016-08-28
4
46 Views
Last Modified: 2016-08-28
Windows Machines in a SBS 2011 network can't seem to connect to the Exchange. When we open outlook we are prompted for username and password. Don't think anything changed with the server. Running Exchange 2010 SP3 Update Rollup 14

I replaced the firewall last night, things were fine.
I looked this morning, people are able to login using OWA but just not with outlook.

I tried setting up a new profile for a user, it does not find the account/server. Just keeps searching over and over

Event log errors:

Event ID: 12016 MSExchangeTransport
There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of <servername.domainname.local> The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of <servername.domainname.local> should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task

Event ID: 12015   MSExchangeTransport
Thumbprint : ojpoj23po54j23p4oj32pj2     An internal transport certificate expired.

These warnings and errors have been coming up in the event logs for a long time.
I believe they are related to the Exchange SSL Certificate including the host name of the server which is no longer valid / supported.


Again, the mail is flowing to OWA.
I can hit https://mail.companyname.com/owa just fine. All mail is being delivered. Just can't use Outlook to connect.
0
Comment
Question by:mnitman
  • 3
4 Comments
 
LVL 9

Accepted Solution

by:
bas2754 earned 500 total points
ID: 41774167
Can you confirm all the exchange services that are set for automatic as the start type or actually started? The errors you're seeing regarding the expired certificate are not causing this issue. Most of the time when I see these errors and is usually due to something going on with either the database or one of the services not started or want to service needed to be restarted. So I would start with checking to make sure all the services that are set for automatic for exchange or actually started and working. Second step to try simply restarting the server  and see if the error is corrected.  Rather than restarting the server you can also try just restarting all of the exchange services.
1
 

Author Comment

by:mnitman
ID: 41774177
I checked the services. They are all looking good.

The DHCP Server wasn't happy.
That was stopped

Google Update Service is stopped
Microsoft .Net Framework NGen v4.0 is stopped (x86) is stopped
Microsoft .Net Framework NGen v4.0 is stopped (x64)  is stopped


I would usually think this is a problem with IIS.
An interesting item I noticed when setting up a brand new profile for a user is that when it prompts him for his login, it's prompting him for his full email address as the username versus the domain and username only for the domain.

Not sure if some how the authentication changed???

I am searching for anything else out of the ordinary.
2016-08-28_20h25_14.png
0
 

Author Comment

by:mnitman
ID: 41774187
Yesterday, I put a Fortigate 100D in and since that point, I have noticed little intricacies on the network that have changed.

The outlook thing... slowness logging in..... DHCP (crud)

The DHCP server on the Fortgate was enabled. I know I turned it off, but there it is enabled.

The SBS server has been performing the DHCP since its inception.
I think that was the issue. May even be causing the outlook to prompt for credentials.....
I am rebooting some computers to see if the performance issues are fixed.
0
 

Author Closing Comment

by:mnitman
ID: 41774189
Thank you for reminding me to check the simple things.
A service that should be started in this case like the DHCP Server had me checking the firewall (new) installed yesterday and there it was. The DHCP service on the Fortigate was running.

Things appear to be ok now.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question