Exchange 2007 self assigned certificates

Hello
we are receiving the following event 12018.......
The STARTTLS certificate will expire soon: subject: remote.domain.com, hours remaining: BB13C8B6855C95ABDB325D7ED3254CAD19723E75. Run the New-ExchangeCertificate cmdlet to create a new certificate. We ran through the steps of creating a new certificate and
it expires in 2020.
Why are we continuing to receive this event?
Thank you

Hi,
The Event 12018 in your original posting indicates that the certificate BB13C8B6855C95ABDB325D7ED3254CAD19723E75 would be expired. You have 2020 hours to renew a certificate by using New-ExchangeCertificate cmdlet.
Please check whether there is any error when you use Exchange service. If the certificate issue still persists, please run the following command to check your Exchange certificate configuration:
Get-ExchangeCertificate | fl
Regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Winnie Liang
TechNet Community Support

Similar Messages

  • Why ASA creates self assigned certificate on each reboot

    Hi Everyone,
    I noticed
    "By default, the security appliance has a self-signed certificate  that is regenerated every time the device is rebooted. We can purchase  your own certificate from vendors, such as Verisign t, or you  can configure the ASA to issue an identity certificate to itself. This  certificate remains the same even when the device is rebooted.
    Need to know the reason behind the creation of self assigned certificate on each reboot?
    Regards
    MAhesh

    Hello Mahesh,
    As you mention that's by default and by desing,
    That would help us in the case we set a SSL session to the box (Anyconnect, ASDM) as we will not need to go a step further and manually create or generate an SSL certificate,
    Why?
    Because the firewall will do it automatically, altough if you purchase one from a CA you can overwrite it by installing the certificate and set it as the SSL certificate for any SSL session,
    For Networking Posts check my blog at http://laguiadelnetworking.com/
    Cheers,
    Julio Carvajal Segura

  • Renew Exchange 2007 self signed SSL cert : Warning

    Hi,
    We are getting an issue with the new SSL certificate being created. 
    WARNING: This certificate will not be used for external TLS connections with an
    FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
    '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
    connectors match that FQDN: Send to Internet. 
    Heres the code below:
    [PS] C:\Windows\System32>get-exchangecertificate | list
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                         .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                         X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
    NotAfter           : 7/23/2014 1:46:15 PM
    NotBefore          : 7/23/2012 1:46:15 PM
    PublicKeySize      : 2048
    RootCAType         : Enterprise
    SerialNumber       : 52F90CEC000000000005
    Services           : IMAP, POP, IIS
    Status             : Valid
    Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                         ph
    Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
                         [mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
    NotAfter           : 7/23/2014 11:44:05 AM
    NotBefore          : 7/23/2012 11:44:05 AM
    PublicKeySize      : 2048
    RootCAType         : Enterprise
    SerialNumber       : 5289341C000000000003
    Services           : IMAP, POP, SMTP
    Status             : Valid
    Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                         ph
    Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
    [PS] C:\Windows\System32>get-exchangecertificate 1B6705DB9755A75E94F5B05081AEDED
    3A0065D4A | New-ExchangeCertificate
    WARNING: This certificate will not be used for external TLS connections
    with an FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate
    with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
    precedence. The following connectors match that FQDN: Default PPLOEX2K7.
    WARNING: This certificate will not be used for external TLS connections
    with an FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate
    with thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes
    precedence. The following connectors match that FQDN: Send to Internet.
    Confirm
    Overwrite existing default SMTP certificate,
    '99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB' (expires 7/23/2014 11:44:05
    AM), with certificate 'F835E526BC8D3805E7AA230A17C5971872D3759C'
    (expires 7/22/2015 10:17:51 AM)?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
    (default is "Y"):y
    Thumbprint                                Services  
    Subject
    F835E526BC8D3805E7AA230A17C5971872D3759C  .....      C=ph, S=NCR, L=Pasig, O...
    [PS] C:\Windows\System32>get-exchangecertificate | list
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                         ssControl.CryptoKeyAccessRule}
    CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                         .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                         X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
                         om
    NotAfter           : 7/22/2015 10:17:51 AM
    NotBefore          : 7/22/2014 10:17:51 AM
    PublicKeySize      : 2048
    RootCAType         : None
    SerialNumber       : 6B5A6E27C63C36A54FDD3E07FF982497
    Services           : IMAP, POP, SMTP
    Status             : Valid
    Subject            : C=ph, S=NCR, L=Pasig, O=Mydomain, OU=IT, CN=mail1.mydomain.c
                         om
    Thumbprint         : F835E526BC8D3805E7AA230A17C5971872D3759C
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail1.[mydomain.com], mail1.[mydomain.ph], autodiscover.mydomain
                         .com, autodiscover.[mydomain.ph], PPLOEX2K7.[mydomain.ph], PPLOE
                         X2K7, mail1, localhost, [mydomain.com], [mydomain.ph]}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
    NotAfter           : 7/23/2014 1:46:15 PM
    NotBefore          : 7/23/2012 1:46:15 PM
    PublicKeySize      : 2048
    RootCAType         : Enterprise
    SerialNumber       : 52F90CEC000000000005
    Services           : IMAP, POP, IIS
    Status             : Valid
    Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                         ph
    Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail1.[mydomain.com], autodiscover.[mydomain.ph], autodiscover.
                         [mydomain.com], pploex2k7.[mydomain.ph], mail1.[mydomain.ph]}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=mydomain-WIN-0RCZ5TKMHLV-CA, DC=mydomain, DC=ph
    NotAfter           : 7/23/2014 11:44:05 AM
    NotBefore          : 7/23/2012 11:44:05 AM
    PublicKeySize      : 2048
    RootCAType         : Enterprise
    SerialNumber       : 5289341C000000000003
    Services           : IMAP, POP, SMTP
    Status             : Valid
    Subject            : CN=mail1.[mydomain.com], OU=IT, O=Mydomain, L=Pasig, S=NCR, C=
                         ph
    Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
    Services: [PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint F835E5
    26BC8D3805E7AA230A17C5971872D3759C -Service IIS, SMTP, IMAP, POP
    WARNING: This certificate will not be used for external TLS connections with an
    FQDN of 'PPLOEX2K7.[mydomain.ph]' because the CA-signed certificate with
    thumbprint '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The
    following connectors match that FQDN: Default PPLOEX2K7.
    WARNING: This certificate will not be used for external TLS connections with an
    FQDN of 'mail1.[mydomain.com]' because the CA-signed certificate with thumbprint
    '1B6705DB9755A75E94F5B05081AEDED3A0065D4A' takes precedence. The following
    connectors match that FQDN: Send to Internet.
    [PS] C:\Windows\System32>

    Hi Jammizi,
    I collect some information from the command results as below:
    1. When run Get-ExchangeCertificate | FL command, it returned 2 certificates.
    •Certificate01
    Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
    IsSelfSigned       : False
    Services           : IMAP, POP, IIS
    •Certificate02
    Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
    IsSelfSigned       : False
    Services           : IMAP, POP, SMTP
    2. When run Get-ExchangeCertificate 1B….4A (Certificate01) | New-ExchangeCertificate, got warning.
       Overwrite Certificate02 (99…BB) to Certificate03 (F8…9C).
    3. When run Get-ExchangeCertificate | FL command, it returned 3 certificates.
    •Certificate03
    Thumbprint         : F835E526BC8D3805E7AA230A17C5971872D3759C
    IsSelfSigned       : True
    Services           : IMAP, POP, SMTP
    •Certificate01
    Thumbprint         : 1B6705DB9755A75E94F5B05081AEDED3A0065D4A
    IsSelfSigned       : False
    Services           : IMAP, POP, IIS
    •Certificate02
    Thumbprint         : 99A3CAC2E18E2FA4AB4C855A3FA07E3369AA4ABB
    IsSelfSigned       : False
    Services           : IMAP, POP, SMTP
    4. When run Enable Certificate03 command, got warning.
    According to the information above, please notice that both Certificate01 and Certificate02 are not Self-signed certificate. And the New-ExchangeCertifiate command in Exchange 2007 server is to new an Exchange Self-signed certificate. I suggest double check
    whether your org has self-signed certificates. If your org only need 3rd party certificates without self-signed certifcate, I suggest apply a new certificate from CA.
    Thanks
    Mavis
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Mavis Huang
    TechNet Community Support

  • Changing/Replacing Exchange 2007 MBX VM

    Hello folks,
    I'm currently having Exchange 2007 Mailbox Role
    in separate VM and HUB/CAS on separate VM. The current Mailbox VM having
    problem and seems the VMX file of the VM got corrupted and Backup on
    Veeam and Symantec taking hell of time to finish and even the mailbox
    server itself very slow. There is a tedious workaround to rectify this
    issue, and seems to me the old the solution would be; 
    Build new VM.
    Install Exchange 2007 Enterprise
    Assign new Disks and create new DBs.
    Move mailboxes
    What precaution i should take care of during this process?
    The
    current Exchange 2007 Role has almost 2500 Mailboxes and the size range
    between 100MB to 5GB and all the mailboxes are on different databases
    almost 20 DBs are hosting those mailboxes. All the DBs are defined on
    separate VMDK disks and all the Logs of those DBs are on different VMDK
    disk.
    What I'm planning to do is to combine multiple Databases
    into single Disks to reduce the number of disks that's hosting the DBs.
    What is the best approach to achieve this?
    Regards,

    Hi,
    Just go ahead.
    Create a new VM, prepare Windows Server, install Exchange 2007, move to the new VM.
    Find information for your reference:
    XADM: How to Move Exchange Server to a New Computer That Has the Same Name
    http://support.microsoft.com/kb/155216/en-us
    How do I move Exchange Server to a new server?
    http://windowsitpro.com/windows/how-do-i-move-exchange-server-new-server
    Thanks

  • Virtual Machine Manager. Assigning certificate.

    Hi all.
    I'm deploying hyper-v cluster with VMM managment.
    I have wildcard certificate for my domain.
    I've attached this certificate to AppController, installed this certificate according to this article (http://technet.microsoft.com/en-us/library/dn469415.aspx) and installed it to hyper-v
    nodes.
    Access to AppController works fine.
    But when I try to launch Console to VM, I've got error:
    Your remote desktop connection failed because the remote computer cannot be authenicated.
    And I see, that there using Self-assigned certificate.
    How can I change used self-assigned certificate to new wildcard?
    Thanks you.

    Hi,
    if you try to connect via RDP to the VMs, you must change the self signed certificate for the RDP listener on the VMs:
    http://www.it-training-grote.de/download/RDS-2012R2-SelfSignedCertificate.pdf
    (german article but hopefully the screenshots give you some ideas how to do this).
    It is also possible and IMHO recommended to use Group policies to issue certificates to all VMs:
    http://blogs.msdn.com/b/rds/archive/2010/04/09/configuring-remote-desktop-certificates.aspx?PageIndex=2
    best regards Marc Grote - www.it-training-grote.de

  • Hi, is there any way to forbid access to web site with self-signed certificate or obsolete certificate and disable exceptions, in Firefox V17+ ?

    (There should be the warning message, without the ability to add any exceptions.)

    Hi,
    There are Certificate preferences in Options> Advanced, I recommend exploring these options and testing a few self-assigned certificates.
    Third Party Reference:
    [http://www.hackerfactor.com/blog/index.php?/categories/3-Network]

  • Exchange 2007 Renew Certificate via IIS Manager

    I am currently in the process of renewing the Exchange 2007 certs and have searched through forums in regards to this topic and can't seem to come across a proper answer. Is it possible to renew the Exchange 2007 cert using the IIS Manager or is Powershell
    the only way of doing so? Under the "IIS Manager > expanding server name > expand websites > default website properties > Directory Security > Server Certificate" you are presented with the option to renew the existing cert. This to
    me seems a lot easier than using shell to request a whole new cert. I am not a fan of the how Powershell can be a bit destructive when requesting a new cert and overwriting the existing one leaving your little ways of backing out if something goes wrong. Can
    someone confirm if using IIS manager is a viable way of renewing the Exchange 2007 cert. I prefer to keep the exact settings of the existing certificates.
    Thank you,
    Emmanuel
    Emmanuel Fumero Exchange Administrator

    Hi
    Yes its possible in Exchange  2010 through EMC . Not sure if this works in Exchange 2007 since i haven't tried renewing through GUI in exchange 2007 and currently do not have any customers running e2k7 to check this option. Probably you can give it
    a try in Exchange 2007 and see if these options are visible. Please check the following,
    When you right-click your Exchange Server, you can select New Exchange Certificate, which will launch the New Exchange Certificate Wizard.
    After defining a friendly name, you are ready to provide all needed information:
    After clicking Finish, you will have a certificate request that you can use ti get a certificate from your own CA, or from an external CA. The Exchange Management Console will show the request as well
    1.Start the Exchange Management Shell. Click Start > Programs > Microsoft Exchange Server 2007, and then click Exchange Management Console.
    2.Click the link to "Manage Databases", and then go to "Server configuration".
    3.Select your certificate from the menu in the center of the screen (The certificate will be listed by the Friendly Name you chose when creating the CSR), and then click the link in the Actions menu to "Complete Pending Request".
    4.Browse to the certificate file you just copied to your server, then click Open > Complete.
    URGENT!! You may receive the following error: "The source data is corrupted or not properly Base64 encoded." You can ignore this error
    5.Press F5 to refresh the certificate list. Verify that it says "False" under "Self Signed".( if its 3rd party or feom CA)
    6.To enable your certificate, return to the Exchange Management Console and click the link to "Assign Services to Certificate."
    Hope this helps
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as
    Answer” if a marked post does not actually answer your question. This can be beneficial to other
    community members reading the thread.
    Regards
    Sathish

  • Does a 2012 DC generate exchange certificates on Exchange 2007 server?

    The reason I ask is because we have a 2008 server environment with a few 2012 servers in the mix, one being a DC. It is time to renew our self-signed certificates on our exchange server and when I attempt to do this via the Get-ExchangeCertificate command,
    I get a warning stating the following: 
    WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail1.mymail.com.COM' because the self-signed certificate with thumbprint 'AAA-THUMBPRINT-AAAAAAA' takes precedence.
    On further investigation I noticed we have a certificate that I do not remember from years past nor do I ever remember getting that warning message before. We have not used third party CA's. Notice the items in bold, the certificate is an enterprise cert, not
    self signed and linked to our 2012 DC. There appear to be no services assigned to it but we still get that warning.
    AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {EXCHANGESERVERNAME.DOMAIN.NAME}
    HasPrivateKey : True
    IsSelfSigned : False
    Issuer : CN=DOMAIN-DC3-CA, DC=DOMAIN, DC=NAME
    NotAfter : 12/31/2014 4:36:02 PM
    NotBefore : 12/31/2013 4:36:02 PM
    PublicKeySize : 2048
    RootCAType : Enterprise
    SerialNumber : 2D00XXXXXXXXXXXXXXXXXXXXXXX
    Services : None
    Status : Valid
    Subject : CN=EXCHANGESERVERNAME.DOMAIN.NAME
    Thumbprint : 4886XXXXXXXXXXXXXXXXXXXXXXXXXX
    So my question is two-fold, why is this certificate here (was it generated by our 2012 DC) and will it effect anything when it expires? If so, how do I renew it?

    OK, so it is normal. We did add the 2012 DC to our existing server environment later on. It is not our primary DC.
    So, since there are no services assigned, when it expires in a few days, there will be no effect? If there will be an issue, how do I go about renewing it exactly?
    I am not aware of us requesting an Enterprise CA, however our previous manager could have. I am not familiar with the process.
    Basically, I ignored the "This certificate will not be used for external TLS connections warning" and created and enabled new self-signed certs for our mail server. The warnings in the event log that the old certs are about to expire have
    stopped. So that should be that then right?
    So as of now, we show 3 certificates, one being the enterprise one I mentioned which will expire in a few days. (Is this normal or should we just have one self signed cert that has all services?) I have a feeling this configuration isn't optimal.
    Thumbprint                                
    Services   Subject
    2038XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  ...WS     CN=WMSvc-MAILSERVERNAME
    B52BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  IP..S      CN=MAILSERVERNAME
    4886XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  .....        CN=MAILSERVERNAME.DOMAIN.NAME

  • Can we connect Outlook with Exchange 2013 with the default Self-signed certificate?

    Hi,
    the question is very simple, but after several days searching in this forums and in the web I have not been able to find a definitive answer YES or NOT. I know that Self-signed certificates are not for a production enviroment and only for labs and we must
    purchase a third party certificate or get one from a internal CA.
    Anyone can answer this question with no doubt?
    Thanks in advance!
    jspt

    Hi Abhi,
    I wrote this question because in a recent migration to 2013 from 2007 we've found with this problem: you can view it in the post http://social.technet.microsoft.com/Forums/exchange/en-US/1ddd1e81-1061-4461-95dd-13de653ef8fe/outlook-cant-connect-with-exchange-2013-after-migration-from-exchange-2007?forum=exchangesvrdeploy.
    Also I have installed a new exchange 2013 in a lab enviroment and I also have unabled to connect from a Outlook 2013. The problem is the same Outlook is unable to detect the exchange server. Many people in this forums told me that have to be a certificate
    problem and for that I posted this question. Honestly, I don't know how to do for Outlook can be connect with Exchange 2013. I don't know what I'm doing wrong.
    Anyway thanks for your answer.
    jspt

  • Ho to renew exchange 2007 certificate

    Hello,
    I am having a problem with a certificate that is expired. When I open an outlook 2007 client that is connected to exchange 2007 SP1, I get a message that the certificate is expired. I can choose yes to continue but I get the message everytime the clients restarts outlook.
    Can someone provide me with the steps to renew the certificate ?
    Best regards,
    Mark

    Refer below article to renew self signed cert in Exchange 2007...
    Exchange Server 2007: Renewing the self-signed certificate
    http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
    Amit Tank | MVP – Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

  • Unrecognized certificate when Outlook 2010 tries to connect to Exchange 2007 on SBS 2008

    Hi all,
    I believe this is a security issue rather than a connectivity or configuration problem.
    Running Outlook 2010 on Windows 7 trying to connect to Exchange 2007 on SBS 2008, I receive the following error:
    "The name of the security certificate is invalid or does not match the name of the site"
    When I view the certificate I see that it was issued to "zx-server" by "zx". This is NOT my domain CA nor is it a certificate I recognize. I use a self-issued certificate (i.e. issued by the SBS box). I also receive this certificate error when I browse to
    the internal website (companyweb). No other computers on the network are seeing this behaviour.
    I have checked the certificate stores in certmgr and I can't find any such certificate or CA. I have also searched the entire hard drive with no luck. I have run Kaspersky AV, Malwarebytes and MS Security Essentials several times but I can't find any malware.
    I also recently installed Comodo Firewall (the problem began after this).
    I need to find and remove the certificate and prevent it from being presented to me every time I try to connect to the server. All help, advice and suggestions appreciated.
    Aide

    Hi,
    It’s really a common issue.
    This issue occurs if the following conditions are true:
    You replace the default self-signed Exchange Server 2007 or Exchange Server 2010 certificate with a different certificate.
    Note The Setup program in Exchange Server 2007 or in Exchange Server 2010 creates a default self-signed certificate when Exchange Server 2007 or Exchange Server 2010 is installed.
    The common name on the replacement certificate does not match the fully qualified domain name (FQDN) of the URL that is stored in the following objects:
    o   
    The Service Connection Point object for the Autodiscover service
    o   
    The
    InternalUrl attribute of Exchange 2007 Web Service (EWS)
    o   
    The
    InternalUrl attribute of the Offline Address Book Web service
    o   
    The
    InternalUrl attribute of the Exchange unified messaging (UM) Web service
    By default, the URL that is stored in these objects references the NetBIOS name of the server. For example, a URL that resembles the
    following URL is stored:
    https://NetBIOS_name.contoso.com/autodiscover/autodiscover.xml
    This may differ from the host name that is used in the FQDN of the replacement certificate. For example, the replacement certificate
    may have an FQDN that resembles the following FQDN:
    mail.contoso.com
    This issue causes a name mismatch error to occur. Therefore, you receive the security warning message when you try to connect Outlook
    2007 to the mailbox.
    For more detailed information about the procedures to fix the issue, please refer to the following KB article:
    Title: Security warning when you start Outlook 2007 and then connect to a mailbox
    that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site"
    URL:
    http://support.microsoft.com/kb/940726
    Regards,
    James
    James Xiong
    TechNet Community Support

  • Renew certificate on two Exchange 2007 CAS servers

    Hi, there:
    Our environment: Exchange 2007 SP3 with two HUB/CAS servers, let's assum server name for these two CAS servers are: CAS1 and CAS2.
    Please note these two CAS servers are NOT running with NLB.
    Now the certificate(not self-signed) on these two servers are about to expired and I am planing to install new certificate on them.
    The old certificate is issued by internal CA server.
    My plan is as below:
    On CAS1:
    I am going to use "New-ExchangeCertificate" with -privatekeyexportable to generate the certificate request file then submit the request file to CA, after I get the
    .pfx file run "Import-ExchangeCertificate" to import the new certificate, after the old certificate is expired, run "enable service"
    to let exchange use the new certificate.
    On CAS2:
    repeat the above procedure.
    I did a serach on technet and found this:
    http://social.technet.microsoft.com/Forums/exchange/en-US/20adfb3d-2fa6-4ff9-b785-cb47a772ed58/3rd-part-certificate-renewal-for-exchange-2007-cas?forum=exchangesvrgenerallegacy
    the procedure mentioned in this thread is different. it export the newly created certificate from CAS1 and import it into CAS2.
    however the CAS server mentioned in that thread run with NLB.
    The two CAS servers in our environment is NOT NLB.
    Any suggestions?

    Both plans will work. You can generate a cert for each individual CAS with the correct subject names on each cert relative to the CAS that you will enable it on or create one cert with the correct subject names that cover both CAS and export and import
    the cert from one CAS to the other. Up to you.
    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

  • Some clients migrated from 2007 is presented with the self signed certificate in 2013

    I have migrated from 2007 to 2013. I did a couple of test migrations and on the ones with domain member computers Outlook is giving a certificate warning. The certificate they are presented with is the default self signed certificate on the 2013 server.
    Even though I have added a trusted public certificate to Exchange and checked of to use With IIS.
    I see that the default certificate is also checked of to use With IIS and it cant be removed in ECS. Shouldnt this be removed from IIS all together when adding a New certificate? And why does some Clients gets presented With the self signed and some With
    the Public? For instance owa is presented With the Public cert. Also and Outlook I tested from outside the domain.
    Regards

    Only the UCC certificate should be bound to IIS.
    Are any clients using POP or IMAP, which also use SMTP?  In this case clients can be presented with the "wrong" certificate as well.
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

  • SCCM 2007 - task sequence - prestaged media - self-signed certificates - error message 'Certificate has expired for this media'

    Hi there
    Quick scenario.
    We have created a task sequence prestaged media .wim file (SCCM 2007, client OS is Windows XP).
    Recently some of these swap-out machinses, on delivery and start up, have started showing this message:
    'Certificate has expired for this media'.
    This is because the self-signed certificate created during the prestaged media creation process has expired.
    My question is: is it possible to mount the image using dism or imagex and then inject an updated sertificate?
    Best regards
    John

    the disk that has the prestaged media applied must be the boot partition.
    create a task sequence to stage the prestaged media. In this task run a format and partition step which configures both the system disk and the os disk, though make the os disk the active boot partition. Then apply the prestage wim.
    On your deploy task, somewhere after the OS has applied create a group that runs only if the media is OEM (from memory  _SMSTSMedia =
    OEMMedia)
    in this group run the command bcdboot C:\Windows /s F: /f ALL where f: is the drive letter assigned to the system disk, then run another step that removes the drive letter and reboots. The deploy task will now continue and you will be booting to the system
    partition.
    So I wanted to get back to working on this issue.  I noticed that when I said it Worked that it was actually still booting from C drive instead of the reserved partition.  For the past few days I have been trying to get the prestaged to work like
    a network deploy but fail every time.  I cannot get the prestaged to boot from any other partition other then the partition where windows was imaged too.
    So where I am at today.  When I do as suggest above the D drive (The reserved Boot volume) return on reboot. it will not stay hidden.  also the OS is till booting from C and does not change to the D drive or no drive letter drive with the above
    commands.  I think there is some other command missing that tells it to boot from a new location that is not bcdboot.
    Has anyone seen any guides for how to use prestaged and bitlocker enabled task sequence?  I think that would help me figure out my current issues as with bitlocker you must have this other partition.

  • DPM 2012 - Protect Exchange 2007 in untrusted domain (either via Creds or Certificates)

    Hi,
    I am trying to protect an Exchange 2007 Server which is in an untrusted domain.
    I have tried using both credentials (isNonDomainServer) and via Certificates and have no joy.  Both methods work in terms of getting the agent installed and communicating with DPM.  The agent shows OK in the console and I can browse
    fine when creating a new PG.
    The problem I have is that "All Exchange Storage Groups" is not available as a selection to backup, obviously neither are any of the information stores.
    First question, is backup of Exchange supported in an untrusted domain?  This says it is:  http://technet.microsoft.com/en-us/library/hh757801.aspx  but I read conflicting advice elsewhere.
    Second question, this is the biggie - any ideas on how to get Exchange visible as a selection?
    So far I have:
    Confirmed that LCR is not configured (I am not sure if it *was* at some point though, because there is a disk on the server labled LCR)
    Checked in the DPM agent directory locally and I can see that ExchangeCmdletsWrapperCurr.errlog is created and/or updated when I expand the server name on the DPM server and the server and information stores are listed in the file.  This tells me communication
    is fine, and that the DPM agent on the exchange server can "see" exchange
    Checked the Exchange VSS writer and it is listed and in a healthy state
    Thanks!

    Upgraded to System Centre 2012 R2 and no difference.  I am assuming that its a compatability\support issue, i.e its not supported.  The documentation says otherwise, but its confusing to say the least.
    d

Maybe you are looking for

  • Insert forms and the back button

    Hi, I have a page that is transparent to the user and does a standard DW insert using ASP. It uses <body onLoad="document.form1.submit()"> to do this. The user clicks on a link, this page does the insert, and then they are redirected to a results pag

  • Free download with itunes 10

    I downloaded a free tv show from itunes store onto my laptop.  When I click it to play, it says my computer is not authorized and itunes will open for me to authorize it.  I go to authorize it and itunes tells me it is already authorized...which it i

  • STMS: how to hide the Import All Requests button in the import queue view?

    Hi All, I'd like to know how to hide the "Import all requests" button in the import queue view. Thanks a lot for your answers. G.

  • Trouble installing iTunes to Windows Vista PC

    When trying to install iTunes 11 to my Windows Vista PC, I get stuck in a continuous loop of clicking to install and accepting the terms of service. Nothing ever installs, it just checks for software and asks me to confirm the terms of service over a

  • Having both 1.4.2 and 1.5 plugins

    With 1.4.2 JRE plugin I was able to switch to other plugin versions for testing purposes. Now with the 1.5 plugin I dont know how to change my JRE. Any ideas?