Clients getting a certificate warning of an expired certificate that doesn't exist

Running exchange 2010 and clients using Outlook 2007 and 2010, clients are getting the certificate warning dialog that the certificate is expired.  The name of the server in the certificate is correct, however when looking at the certificates installed
on the Exchange server, the one that is referenced with the issued and expiration dates doesn't show up on the server.
Where could the clients be getting this from?

You need to look at each Client Access Server.  A quick way to see what SSL cert is bound is to just look at the IIS splash page:
https://servername
You'll likely get a cert error, but just continue and the IIS splash page should load.  When it does, view the certificate that has been presented to the browser.  Ensure the expiration is good, the CA chain is trusted and the cert name (or SAN)
has the URL to the Client Access Array FQDN in the cert.
Normally, a self signed Exchange cert is not used in a production environment because the clients will not trust the publisher.  If you have more than one CAS, it's likely one of them is not using the correct cert.
Good luck!
- Chris Ream -
**Remember, if you find a post that is helpful, or is the answer, please mark it appropriately.**

Similar Messages

  • How to I get rid of an "Open With..." option that doesn't exist?

    I've tried to find out how to remove an element of the "Open With..." options but don't seem to be getting much traction. I have an old application listed in the "Open With..." pull down menu that doesn't exist anymore, but when I select the file, using command-i, to change which application opens the file, it works for that file. I want to change association using the "Change All" button, but when I do that, the "dead" application becomes the default application again and I'm back to square one. Is this fixable? How do I get rid of the useless option? Will I have do do this for each file?

    your link gave me a good starting place...
    /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchSe rvices.framework/Versions/A/Support/lsregister -kill -R -all -domain local -domain system -domain user
    this seemed to do the trick... I would have never have solved this without your suggestion.
    thanks.

  • HT1947 Is there a way to get a list view for movies? Something that doesn't truncate the titles?

    Is there a way to get a list view for movies? Something that doesn't truncate the titles?

    I don't think the following is too uncommon;
    total_training_ c1_getting_started_on_windows
    total_training_c2_getting_started_on_mac
    total_training_c3_orgainizing_photo_on_windows
    total_training_c4_organizing_photos_on_mac
    total_training_c5_fixing_common_problems
    total_training_c6_adjusting_exposure
    total_training_c7_adjusting_color
    total_training_c8_sharing_your_photos
    total_training_c9_work_with_text
    total_training_c10_retouching_your_photos
    total_training_c11_compositing_images_and_adding_effects
    total_training_c12_photoshop_elements_creations

  • How do I get into an account that has an email address that doesn't exist anymore?

    Some background info:
    Over the course of a decade I have downloaded a lot of songs with a bunch of different accounts. This all started way before home sharing and iCloud and all that jazz. Anyways, I was in middle school, so my songs came off my mom's account (which was a bellsouth email address). Later when we switched to Comcast she started using her Comcast email address and we downloaded songs off of that. Then when we stopped with comcast she started using a new address, and at this point I was able to just buy my own music so I created my own account. I think my sister has one too, which adds to the chaos.
    Anyways, now I'm trying to transfer my songs from my iPod to my laptop, and I've figured out most of the account passwords except for one: the bellsouth password. I tried to reset the Apple ID password but when I entered my mother's birthday is told me I was wrong. I tried my siblings', mine, and my father's to see if for some insane reason she didn't use hers, but none of them would be accepted. I then went to the AT&T website and tried to log in to that account so that I could access the account with one of those password change emails, but it wouldn't let me for similar reasons. Basically I'm not sure that that email account even exists anymore.
    This is an extremely frustrating issue. The songs have been purchased and paid for; why is it impossible to get them to play? Surely there's an easier way than this nonsense.
    INB4: You should have just used one account, you should have used home sharing, etc.
    Yeah, okay, great advice, lemme hop in my TARDIS and fix that.
    I'll be honest, I have no idea how home sharing even works and haven't bothered to learn because, honestly, what's the point if I can't even log into the accounts? I'm not even sure that the bellsouth one is the only other one.

    Customer service can merge both of your accounts into a single one.
    Unfortunately, only Adobe customer service can assist you with your issue. These are user forums; you are not addressing Adobe here.
    Click on the link below, and after that click on "Still need Help? Contact us."
    Then on the next page, click Chat
    There is also a phone option. 1 (800) 833-6687
    http://helpx.adobe.com/contact.html?step=PHXS_downloading-installing-setting-up_licensing- activation

  • How do I get rid of a computer that doesn't exist anymore from my iTunes account? The old computer has been recycled with my iTunes acoount on my current desktop. I neglected to remove iTunes prior to being recycled.

    I'm continuing to have major issues getting iTunes to recognized my son's iPod Touch. It was last sync'd to the old computer more than a year ago. I've backed up and updated all iTunes material; Uninstalled iTunes and reinstalled; confirmed other iPods will connect. The only issue I'm having is with my son's Touch.

    If you're referring to authorization, you cannot deauthorize a computer to which you no longer have access. Unless you've reached the limit of five authorizations, that shouldn't be a problem. If you have  reached five authorizations for that account, there will be a button in your iTunes Store account information that will allow you to deauthorize all systems associated with that account. Log into your Store account and you should see it. You can then reauthorize the computers you're using now.
    I'm not sure what this would have to do with an issue with an iPod touch, though. Can you please explain that issue in more detail?
    Regards.

  • An alert that doesn't exist keeps on popping up on my calendar... how do I get rid of it?

    Every time I go to iCloud.com, a the little red alert symbol pops up on my iCalendar, even though I do not have an event with an alert. If I do happen to have an event with an alert, I can't find it, and so I can't make the alert symbol go away. This is not necessarily a huge problem, but it is starting to get very, very annoying. Please help.

    If you're running Windows, go into it and run chkdsk or another tool on the Windows partition, drive, or image.
    (52958)

  • How do I uninstall Elements 11?  I get Error 1316 and file it is looking for doesn't exist.

    Nothing happens when I click on the Organizer button on the bottom of the screen in a new installation except it says Loading the Elements Organizer Workspace and then the message goes away. So I was going to uninstall and reinstall and got the error 1316 message "Network error occurred while attempting to read from the file C:\windows\installer\adobe photoshop elements 11.msi.  This file does not exist.  I have no network.  Can' find an answer that deals specifically with version 11.  Tried the Microsoft Fixit and that aborted with code 80072F8F.  Any solutions?

    You can try running the CS Cleaner tool from CS Cleaner Tool for installation problems | CCM, CS6, CS5.5, CS5, CS4, CS3 - http://helpx.adobe.com/creative-suite/kb/cs5-cleaner-tool-installation-problems.html.
    Were you previously trying to utilize the FixIt tool at http://support.microsoft.com/mats/program_install_and_uninstall/?

  • Keep getting an email that doesn't exist. Help?

    I've repeatedly gotten an email from "Frank Obi", saying "ARE YOU THERE??". But when I open the app there is no email. What's going on? It's incredibly ominous and creepy when they arrive.

    No idea what's going on but check this link out John Bill and Frank Obi have your $2.6Million ATM card

  • How do I get around certificates blocking me from a printer support web site?

    How do I get around certificates that are blocking me from a web site I am trying to get support from? I contacted the server people and they said they have no certificates to block that, would this be in Safari?

    What kind of error message do you see?
    Can you attach a screenshot?
    *http://en.wikipedia.org/wiki/Screenshot
    *https://support.mozilla.org/kb/how-do-i-create-screenshot-my-problem
    *Use a compressed image type like PNG or JPG to save the screenshot
    *Make sure that you do not exceed the maximum size of 1 MB

  • Remove SMTP Service from SA Certificate that was accidentally added

    I inadvertently assigned the SMTP service to an SA certificate that was meant for IIS only. I already tried to highlight the certificate and run "Assign Services to Certificate", uncheck SMTP, it runs, but doesn't remove it. I also tried to Export
    it, but when I attempt to Remove it, I get an error the it would stop the Transport service and cause instability. It won't remove it anyway, I just get an OK to check. I can certainly use the EMS, but is this going to work?
    The root issue is that Outlook clients get a certificate error as this stepped on the self-signed certificate. My concern is that I don't want to a CSR for a New Certificate and get a new one as the CA already issued this to me. Can someone give an
    assurance that I can:
    1. Stop Transport service.
    2. Export my SA Certificate.
    3. Remove the SA Certificate.
    4. Import the SA Certificate.
    5. Assign it to IIS Service only.
    At this point my SA certificate would be only assigned to IIS. Right now, both my internal and SA Certificates have SMTP assigned to them. I am assuming I will have to back and reissue the internal certificate for SMTP again to fix the Outlook client warnings?
    Michael Maxwell

    Depending upon the version of Exchange, yes there is different logic for selecting the SMTP cert.
    Cheers,
    Rhoderick
    Microsoft Senior Exchange PFE
    Blog:
    http://blogs.technet.com/rmilne 
    Twitter:   LinkedIn:
      Facebook:
      XING:
    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

  • I am having a hard time with a page that is working for everyone else. When I click on anything in the site I get a message that says "The page you were looking for doesn't exist."  This is happening on both my ipad 2 and my iphone 5. I cleared my cache

    When I click on anything in the site I get the message " The page you were looking for doesn't exist."  This website works for everyone else, but not on my iPad 2 or iPhone 5. I cleared my cache and history on the iPad, but it still isn't working.

    I live in Germany and my credit card is in my native country of Holland .. then it
    doesn't accept my credit card.
    Your first statement explains the second statement. To use the German iTunes Store, you need to prove that you're a resident of Germany (that is required by the content owners who will not allow cross-border sales) and the only way Apple can provide such a verification is by requiring that you enter in either a German credit card or a German-purchased iTunes prepaid card. Since I presume the former is not a possibility, you'll need to do the latter if you wish to purchase content from the iTunes Store. Again, this is not Apple's choice but is forced on them by the content owners as a requirement for Apple being allowed to sell the content. The EU is working on regulations that would force the content owners to allow access pan-EU, but that's still in the works.
    You do not need an iTunes Store account to activate and run your iPad, though; at least, I didn't need one for either of my two iPads. If you only want to set up an account so you can get free iPad apps, take a look here:
    http://support.apple.com/kb/HT2534
    Read the steps carefully as the order in which you follow them is apparently critical. This seems to come and go, or only apply to App Stores in specific countries, so you may not see the option for "None" when asked for a payment type.
    As to the German iTunes Store in English, you can comment to Apple on that via their feedback pages:
    http://www.apple.com/feedback
    Regards.
    P.S. Regarding "this is the only place for a complaint and that will no doubt get removed because
    I'm not full of happy joy sparkles.
    As stated in the terms of use to which we all agreed, this isn't a complaint forum, it's a technical support forum. You don't have to be full of "happy joy sparkles", but posts that are nothing but complaints may indeed be removed. If you want to complain to Apple, use the feedback pages.
    Message was edited by: Dave Sawyer

  • If server certificate expired, can that give my client SSLHandshakeExceptio

    If a servers certificate has expired, can that give my client a SSLHandshakeException?
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    Apple would not fix the camera they would replace the whole iPhone. If the iPhone has no physical or liquid damage and no unauthorised modifications or repairs then you will get a replacement free of charge under the warranty.

  • Clients connect to wifi with certificate that expires every month - correct way to handle expired certificates?

    Hi all
    I'm sorry if this is the wrong forum to ask this question. Also my knowledge in this area is somewhat limited, which I why I need your help :-)
    We use wireless networks primarily in my company for all our clients and use a certificate to authenticate to the network. This certificate expires after 1 month and we automatically renew them 1 week before expiry. Relatively often we have users that
    are not connected to the network for a few weeks or more and then the certificate expires before being renewed. Then we have to connect them to the wired network to get the certificate updated, so they can connect to the wireless network again.
    What is the correct approach to solve this issue? We feel extending the life of the certificate would be a too big security compromise. Is there some way you could automatically allow an expired certificate briefly with the sole purpose of renewing the certificate?
    Or how would you normally resolve this issue?
    Thanks for any help/knowledge you can provide :-)

    > Setting the validity period that high, means that the certificate could be cracked before expiry.
    then you should be scary of CAs which validity is 10 or more years. And they use the same cryptography as end-entity certificates (key length and signature algorithms). It is a paranoya. Just make sure if client certificates use at least 2048 bit long
    keys and use SHA1 (or better) signature algorithm. In this case there is a little chance that certificate will be successfully cracked in 2 years.
    If there is an evidence (or indications) of client private key compromise -- immediately revoke the certificate and publish new CRL ASAP. You cannot protect clients from key compromise by using short-living certificates, because key compromise is ususally
    achieved by gaining a control over the private key (malware on client computer). Therefore, there is nothing wrong in issuing client certificates with 1 or 2 year validity.
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

  • Internet Security Warning - The Server you are connected to is using security certificate that...

    Mail Client on Laptop is Windows Live Mail.  Mail server outgoing.yahoo.verizon.net.  DSL Internet.  Long time Verizon customer.  Client configuration settings correct according to Verizon.  I now get an Interenet Security Warning message whenever I start up the Live Mail Client and send an e-mail.  Only happens on sending e-mails.  The warning message comes back looking for a YES or NO answer.  The message is
    "The server you are connected to is using a security certificate that could not be verified."
    "A certificate chain processed, but terminated in a root certificate which is not trused by the trust provider."
    "Do you want to continue using the server?"      "YES    or   NO"
    I click YES in order to successfully send e-mail messages which I do not like to do.  I only have to press YES on the first e-mail message that I send.  The rest outgoing e-mail work correctly after that first one. 
    What has Verizonn done to cause the problem on my client software?  I have done nothing to change configurations on my Windows 7 and Windos Live Mail laptop.  I have done some research, and verified that my computer time and time zone is correct.  I am looking for an explanation on why this is happening from Verizon. 
    HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    If no one has a better idea you may want to unlink Yahoo from VZ. http://forums.verizon.com/t5/Verizon-net-Email/Unlinking-Verizon-email-from-Yahoo-portal/td-p/413475 It is possible to lose data as pointed out in the linked thread.
    OR Did you get any indication that your mail server settings were going to change at the end of Sept 2013? A mass email went out for "standard" verizon users earlier this year.  I am not sure if this effects Yahoo/VZ settings.
    If a forum member gives an answer you like, please give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem. Thanks !!!
    http://forums.verizon.com/t5/Verizon-net-Email/Fix-for-Missing-Inbox-sent-folders-etc-with-Internet-Explorer-11/m-p/647399

  • SG300-28 Firmware 1.1.2.0 and 1.2.7.76 - Dynamic VLAN+freeRADIUS - Client get rejected

    Hello ladies and gentlemen,
    I am using several SG300-28 Switches with firmware version 1.1.2.0.
    I have dynamic VLAN enabled. As RADIUS server I am using freeradius 2.1.12.
    Authentication is only based on the MAC address. (I configured that on the switches)
    On the switches I created three VLANs. VLAN100 for the authenticated clients, VLAN200 for Management interface and VLAN300 as Guest VLAN. After a wrong authentication the clients should be put into this Guest VLAN immediately (I configured this on the switches).
    I am using Windows XP and Windows 7 clients in my network. I did not configure any EAP settings because I just wnat to use the MAC address.
    In most cases the dynamic VLAN assignment and authentication is working fine. The switch log says that the client is authenticated and the same I can see on freeradius log. But in some (rare) cases the client is rejected. The CISCO log says "MAC aa:bb:cc:dd:ee:ff was rejected on port ge17" but when I look at the freeradius log then this MAC address was successfully authorized.
    The problem is that the client gets an IP address based on the Guest VLAN300 but after that the switch seems to "switch" the VLAN on the port and then the client is authenticated correctly on the right VLAN but the client does not request a new IP on the new VLAN.
    If I unplug and re-plug the LAN cable in most cases the client get the correct VLAN and the correct IP.
    This is happening randomly on nearly all my PCs.
    I would really appreciate your help. Do I have to set some timers higher ? I don't think it is a problem between switch and RADIUS but a problem between communication of the host and the switch.
    Thank you very much for your help!
    Regrads
    Alexander Wilke

    This is from my CISCO log. The computer is always online but there are repeatingly rejects and then with a delay of some minutes an accept.
    2147483395
    2012-Aug-09 21:40:05
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483396
    2012-Aug-09 21:38:23
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483397
    2012-Aug-09 21:38:23
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483398
    2012-Aug-09 21:16:05
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483399
    2012-Aug-09 21:13:42
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483400
    2012-Aug-09 21:13:42
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483401
    2012-Aug-09 21:04:04
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483402
    2012-Aug-09 21:03:50
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483403
    2012-Aug-09 21:03:50
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483404
    2012-Aug-09 20:52:02
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483405
    2012-Aug-09 20:49:02
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483406
    2012-Aug-09 20:49:02
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483407
    2012-Aug-09 20:40:04
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483408
    2012-Aug-09 20:39:10
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483409
    2012-Aug-09 20:39:10
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483410
    2012-Aug-09 20:16:06
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483411
    2012-Aug-09 20:14:29
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483412
    2012-Aug-09 20:14:29
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483413
    2012-Aug-09 19:28:01
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483414
    2012-Aug-09 19:25:08
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483415
    2012-Aug-09 19:25:08
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483416
    2012-Aug-09 19:15:59
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483417
    2012-Aug-09 19:15:16
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483418
    2012-Aug-09 19:15:16
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483419
    2012-Aug-09 19:04:00
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483420
    2012-Aug-09 19:00:27
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483421
    2012-Aug-09 19:00:27
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized       
    2147483422
    2012-Aug-09 18:27:59
    Informational
    %SEC-I-PORTAUTHORIZED: Port gi8 is Authorized       
    2147483423
    2012-Aug-09 18:25:55
    Warning
    %SEC-W-SUPPLICANTUNAUTHORIZED: MAC 00:19:99:0b:8d:b3 was rejected on port gi8        
    2147483424
    2012-Aug-09 18:25:55
    Warning
    %SEC-W-PORTUNAUTHORIZED: Port gi8 is unAuthorized    
    Any ideas ?

Maybe you are looking for

  • Crystal Reports 2008 download

    Hi I'm using Crystal Reports 2008 since 01.01.2008 - we bought it when it was Crystal Decisions Crystal Reports - not SAP Crystal Reports. Now I want to obtain new installation with all SP included (system reinstallation) but it's impossible - all do

  • Can I search for keywords in the bookmarks only?

    For example, I have a 400 page document. There are a ton of headers which I have bookmarked each, and many have the same name - I may have 13 headers with the word "selections", yet the word "selections"  may be repeated within the document 700 tmes.

  • Spooling unwanted output

    Hi i have script as below SET MARKUP HTML ON ENTMAP ON SPOOL ON PREFORMAT OFF; set linesize 125 set numwidth 20 set pagesize 50 col TEXT FOR A30 col ELAPSED_TIME_SEC for 99999999 set serveroutput off; SET ECHO OFF; undefine MAX_SNAP undefine MIN_SNAP

  • The Unusual Case of The Invisible Font.

    Strange problem with AppleCasual font. I used it not too long ago. Today I go to access it and it is not listed in the font list. So...I go into Font Book and there it is, active and listed. I make sure that there is no problem with it and validate t

  • How can I import .pdf forms into RoboHelp 11.0.3.268 without garbling fields?

    When I try to import .pdf forms into RoboHelp 11, the fields get garbled. Is there any way around this?