Exchange 2010 SSL certificate and internal names

So I received an email from Digicert stating our certificate contains .local internal domain names and we need to remove the names and re-issue our cert. Our cert currently contains the following names:
CN: mail.ourdomain.org
mail.ourdomain.org
mailservername.ourdomain.local
autodiscover.ourodmain.org
autodiscover.ourdomain.local
So after removing all .local names and re-issuing/re-installing the certificate, is there any additional configuration I need to do on the Exchange side? We already have an internal DNS A record pointing mail.ourdomain.org to internal IP of Exchange server.
This topic first appeared in the Spiceworks Community

Similar Messages

Exchange 2010 OWA access on internal LAN login form not working as expected

hi
We have exchange 2010 sp3 installed and working. we have two sites
Site a
1 x CAS
2 X MBX
Site b
1 x cas
2x mbx
site A is the primary site we currently publish owa our through our TMG server located in the DMZ this is working as expected and carries out the forms authentication. our internal domain is company.local but our external domain is company.com
we have created split DNS so that we could use a wildcard cert and to deal with CA new rules. All URL's in Exchange are configured to use the external reference of company.com/
on the IIS server we have a redirection on the root of the site to redirect the requests through to OWA folder and we have basic Authentication enabled. on the OWA folder we have basic and windows authentication.
The problem we have is that when users try to access OWA internally we get username and password box appears once you login with this it then takes you through to the the normal login screen and you have tyo login again I'm thinking that this is the windows
authentication that is causing this but not sure?
also would be good to get an understanding as to what the Authentication, SSL and redirection setting should be set to on your CAS servers as looking at the ECP and autodiscover folder within IIS this currently has a redirect set to go to OWA surely that
cannot be right,
thanks
J

Hi
you are correct, the immediate concern is the double login to owa i do however want to also know what the settings/configuration for Authentication redirection and SSL should be set to on all virtual directories.
we do not have any additional OWA virtual directories just the default
These are the current live servers
Identity                      : ACAS01\owa (Default Web Site)
Url                           : {}
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://email.Company.com.com/owa
ExternalUrl                   : https://email.Company.com/owa
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Fba}
Identity                      : BCAS01\owa (Default Web Site)
Url                           : {}
Exchange2003Url               : https://www.Companyt.co.uk/
FailbackUrl                   :
InternalUrl                   : https://webmail.Company.com/owa
ExternalUrl                   : https://webmail.Company.com/owa
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Fba}
These are the new servers which i have just installed
Identity                     : CAS05\owa (Default Web Site)
Url                           : {}
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://webmail.Company.com/owa
ExternalUrl                   : https://webmail.Company.com/owa
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Fba}
Identity                      : CAS06\owa (Default Web Site)
Url                           : {}
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://webmail.Company.com/owa
ExternalUrl                   : https://webmail.Company.com/owa
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Fba}
Identity                      : CAS04\owa (Default Web Site)
Url                           : {}
Exchange2003Url               :
FailbackUrl                   :
InternalUrl                   : https://webmail.Company.com/owa
ExternalUrl                   : https://webmail.Company.com/owa
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Fba}
I have noticed that FBA is set on the new servers does this need turning off and if so is this on IIS or in Exchange?
the link that you have provided talks about creating new Vdir for TMG we are looking at removing TMG and replacing it with KEMP load balancers would we still need to have two Vdir to make FBA work internally and externally
to make a new vdir do you need a new IP address? and what are the steps required in Exchange and IIS to get this working.
thanks
Jason

SSL certificates and Web Services Usage inside Oracle Database Questions!

We have implemented a specific business logic using PL/SQL for our client, so we open a file and process each line of this, doing something in the Database and also call a Web Services (Service1) using UTL_HTTP package. Service1 runs in a Windows 2008 Server in the DMZ as Database server.
Service1 is already working, and we can call the service from PL/SQL without troubles.
However, according with security client's policies they requires all Web services be consumed via https including Service1, so we must to follow the procedure established for Oracle in order to enable the calling of service1 via https from the Database.
Our client's DBA and IT Team are concerned about two subjects before to continue to follow the certificate installation:
     - SSL Certificates:
1- Can installed certificates in the Database put in risk the stability of the database?
          2- Can installed certificates in the Database generate performance issues?
          3- Can installed certificates reloading the Databases?
          2- Can installed certificates in the Database generate security issues?
     - Web services:
1- Can web services calling from the Database put in risk the stability of the database?
2- Can web services calling from the Database generate performance issues?
3- Can web services calling from the Database generate security issues in the DMZ?
Could you please give us any clues, about the possible negative impact related with the SSL certificates and Web Services Usage inside Oracle Database, if it’s the case this impact exists?.
Those are the links describing the procedure mentioned above.
1 -http://www.kotti.es/2009/11/oracle-wallet/
DB: Oracle 9i.
Average number of lines in file: 300
Periodicity: Twice at day.

Thiago:
You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
Regards,
Jason

Exchange 2010 management tools and others

Win2k8 domain, Exchange 2010 servers
We want to move to Win8.1 but we, the admins, are preventing it because our tools like the Exchange 2010 Management tool doesn't work with Win8.0 so we're stuck with Win7.
I've googled around and most suggestion never worked.
Does Microsoft have any plans at all to have Exchange 2010 management tools and other tools we use to manage our domain work with Win8.1?

Hi Rino,
Thanks for your sharing and efforts put on this issue.
This will benefit others who encounter the similar scenario as yours.
Happy holiday~
Kate Li
TechNet Community Support

SSL Certificate and SSL Authentication

Hi-
I'm hoping someone can shed some light on this issue.
First off, is there a difference between SSL Certificate and SSL Authentication?
I have a POP account. The Incoming port is set to 110. The Outgoing, 26. (This is according to Bluehost.com). The security settings for both incoming/outgoing are set to none. Everything works fine.
But if I want extra security, I'll set the incoming to 995 and outgoing to 465.
If I set the security settings to SSL, do I check "Use secure authentication", or do I have to purchase a SSL certificate to secure the authentication? This is where I'm confused. I tried asking the hosting company but they're not much help.
Any advice would be appreciated.
Thanks!

Hi Imagine,
You do not need to purchase your own SSL certificate to use secure authentication. The server handles this for you. You just need to make sure the port #s are correct and you simply check mark the SSL boxes and leave authentication on Password at least on most setups. Each host maybe different so you have to double check with them.
Hope That Helps,
Eric

Real-world experience with Exchange 2010 SP3 RU5+ and Powershell 4?

The support-ability matrix for Exchange (http://technet.microsoft.com/en-us/library/ff728623(v=exchg.150).aspx) says Exchange
2010 SP3 RU5+ and Powershell 4 are compatible. But, there is very little actual discussion about how well that works.
I use Powershell extensively for mission critical and somewhat complex processes, with Exchange 2010 on 2008 R2 and AD access/reads/updates.
Can I get a summary of the caveats and benefits from someone who has actually done this in a
real-world/production scenario (more than one server, managing from a separate non-Exchange server), and who has scripting experience with this configuration?
Also, how has this affected EMC operations?
As always thank you in advance!

I believe the matrix states that its supported to install Exchange into an environment where __ version of WMF is present. Exchange 2010, launched from a Win 2012 server, reports version 2.0 when you call $host. For example, calling the ActiveDirectory
module from EMS on an Win 2012 server (ps 3.0) fails.
I'll double check the extent of this scenario and get back to you.
Mike Crowley | MVP
My Blog --
Planet Technologies

Exchange 2010 - The certificate status could not be determined because the revocation check failed.

I have tried everything I have found online to get my DigiCert to work.
I have exported the cert and imported it into my child domains and they look perfect.
It is just my parent domain having issues.
netsh winhttp show proxy
does show my correct proxy server for http and https and port 8080
I have tried name, FQDN and IP address.
In the Bypass-list I have tried none, *.domain.com, and a list of all domains and child domains in my forest.
I have flushed the cache
certutil -urlcache crl delete
certutil -urlcache ocsp delete
and rebooted the Exchange 2010 (Windows 2008 R2) server
No matter what, I still see in my Server Configuration for the parent domain's DigiCert cert the message
The certificate status could not be determined because the revocation check failed.
with a red X on the left hand icon. Again, Child domains all say "The certificate is valid for Exchange Server usage."
Note: In spite of having the red X, I was able to assign via EMS the services.
Webmail works fine. Outlook Anywhere fails... I suspect it is due to my red X problem.
Suggestions?
Thanks in Advance
Jim.
Jim.

I have contacted DigiCert and they said the cert is working per their utility, hence the problem is outside the scope of their support.
I have followed, several times, http://support.microsoft.com/kb/979694
http://www.digicert.com/help/ reports all is well.
The DigiCertUtil.exe reports all is well and happy.
I have run
netsh winhttp set proxy proxy-server="http=myproxy:8080;https=myproxy:8080" bypass-list="*.mydomain.com"
Current WinHTTP proxy settings:
Proxy Server(s) : http=myproxy:8080;https=myproxy:8080
Bypass List : *.mydomain.com
I have flushed the cache using the commands
certutil -urlcache crl delete
certutil -urlcache ocsp delete
I still see in my Server Configuration for the parent domain's DigiCert cert the message
"The certificate status could not be determined because the revocation check failed."
with a red X on the left hand certificate icon.
To verify the cert via command line:
certutil -verify -urlfetch c:\mail_domain_com.cer
LoadCert(Cert) returned ASN1 bad tag value met. 0x8009310b (ASN: 267)
CertUtil: -verify command FAILED: 0x8009310b (ASN: 267)
CertUtil: ASN1 bad tag value met.
I suspect this is why I cannot get Outlook Anywhere to connect.
Child domains show a happy certificate icon. Parent domain does not.
Still scratching my head.
Thanks all!
Jim.

Exchange 2010 - Errors 4002 and Errors 4010

I have two CAS and two Mailbox servers. All are running Server 2008 R2 with Exchange 2010 SP3 RollUp 5.
On one of my mailbox servers i am getting the error every 5 minutes, MSExchange Availability 4002.
Process 4904: ProxyWebRequest CrossSite from S-1-1-0 to https://server.domain.org:443/ews/exchange.asmx failed. Caller SIDs: NetworkCredentials. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException:
System.Web.Services.Protocols.SoapException: The authenticated user doesn't have sufficient privileges to issue this request.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.FreeBusyApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling(). The request information is ProxyWebRequest type = CrossSite, url = https://server.domain:443/ews/exchange.asmx
Mailbox list = <lastname, firstname>SMTP:user@Domain, Parameters: windowStart = 2/1/2014 12:00:00 AM, windowEnd = 4/1/2014 12:00:00 AM, MergedFBInterval = 30, RequestedView = FreeBusy
. ---> System.Web.Services.Protocols.SoapException: The authenticated user doesn't have sufficient privileges to issue this request.
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.Proxy.Service.EndGetUserAvailability(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.FreeBusyApplication.EndProxyWebRequest(ProxyWebRequest proxyWebRequest, QueryList queryList, Service service, IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequest.EndInvoke(IAsyncResult asyncResult)
   at Microsoft.Exchange.InfoWorker.Common.Availability.AsyncWebRequest.EndInvokeWithErrorHandling()
   --- End of inner exception stack trace ---
. Name of the server where exception originated: Server. Make sure that the Active Directory site/forest that contain the user's mailbox has at least one local Exchange 2010 server running the Availability service. Turn up logging for the Availability
service and test basic network connectivity.
Every 10 minutes on my CAS servers i am getting the error MSExchange Availability 4010.
Process Microsoft.Exchange.InfoWorker.Common.Delayed`1[System.String]: Request from S-1-5-21-562707881-1060713641-168829947-11538 failed security checks.
I have adjusted the registry setting HKLM\System\CurrentControlSet\services\MSExchange Availability\Diagnostics from 0 to 5 on the CAS servers. I don't have an Availability Service under Services.
The errors keep occurring.

http://forums.msexchange.org/m_1800549466/printable.htm
Refer This Link
DushYant'

Exchange 2010 accepted domain and email address policy

So I need some help as to which accepted domain is right for us. We are a single forest single domain that is subbed to a parent domain.
sub.domain.com
We run our own exchange 2010 separate from domain.com. We want all mail to show up as @domain.com for our users. The @domain.com will be configured to forward to @sub.domain.com. This is free Linux mail server that is separate from us.
In order to configure an email address policy for @domain.com I need to pick from the 3 types. I am pretty sure we are not authoritative for @domain.com (they are the parent). So it is either an internal relay or external relay. We all
use the same networking, and our DNS servers point to domain.com as forwarders and they host a secondary copy of our DNS.
It is a little unclear as to which to use. I have gone to each account individually to test, and that works perfectly, but I would like to set this Globally.
Thanks
Tim

Hello,
Thank you for your post.
This is a quick note to let you know that we are performing research on this issue.
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support

Email Delivery problem from Mailman to Exchange 2010 SP3 - Invalid Character Set Name in Message Subject

Dear all,
we have a problem in the email delivery from Mailman 2.6 List Server to Exchange 2010 SP3 CU7,
related to the encoding name of the Message Subject.
The error we receive is the following:
#550 5.6.0 CAT.InvalidContent.Exception: InvalidCharsetException, Character set name (iso8859-7) is invalid or not installed.;
cannot handle content of message with InternalId
First of all, we can notice that given an encoding name as 'iso-8859-X', it is transformed by the Mailman to 'iso8859-X' (without the first dash).
Our previous Exchange version ( Exchange 2003) didn't have any problem with this, but now,
Microsoft Exchange 2010 doesn't like the form of the encoding name without the dash,
and bounces the emails from Mailman.
The strange is that other email systems like Gmail, Yahoo accept the transformed encoding name.
Any help would be appreciated.
Kind Regards
Panagiotis Kontogiannis

Hi Panagiotis,
Base on my search, I found a similar issue which was caused by the antivirus software in exchange server.
I recommend you try to disable all the antivirus services and check if any helps.
The similar thread for you reference:
https://social.technet.microsoft.com/Forums/en-US/5bcf3098-2fe7-442f-a0bd-b720d703c6d0/problem-with-microsoft-exchange-2010-on-sbs-2011-550-560-catinvalidcontentexception?forum=exchangesvrdevelopment
Best regards,
Niko Cheng
TechNet Community Support

SSL certificates and GWIA

I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
Any suggestions would be welcome !
Thanks !

Hi, I very recently had a similar problem...our existing 3rd party ssl external Verisign certificate expired!!!!
I have'nt been able to in the past configure a 3rd party ssl certificate into our current Groupwise 7 system due to lots of various methods of doing this task....i got quite confused and if you do not do things in the correct order the whole process will need to ber started over again.
Ive managed to eventually cracked it and figure out a simple and more structured approach to setting this up.
The following was in relation to applying the 3rd party external certificate to WEBACCESS
This was the steps i took:
Firstly ensure you have the registered details you completed already with your 3rd party SSL supplier, they should have provided you with a:
OU
O
L
S
C
the CN is the webaddress or DNS name your users will hit to access your secured page - we will add this later.
1) Highlight the container where your server is located which will be the host application part of the webaccess that the ssl is assigned to.
(my setup is, i have my main grpwise system in one tree, my application - webaccess component in a separate tree) - we need to re-create the SSL object in the second tree or the container where the application component is located.
2) Right-click to create an object > from the list choose > NDSPKI:Key Material.
3) Give a name for the certificate name object > then select the second option > Custom.
(This will allow you to enter more specific information relating to the 3rd party ssl certificate)
4) The next screen select "External Certificate authority" - this would be your 3rd party ssl. Click next
5) Next screen asks for the Key size, accept the default value of "2048 bits" > tick "Allow private key to be exported", click next.
6) Next screen asks for the Certificate Parameters, depending on the order of your, CN, OU,O,L,S,C
I clicked the edit button and then clicked the small arrow icon to switch the SSL URL around so that my .cn=webserver url address will be read first then the - OU,O,L,S,C.
(PLEASE NOTE: The (OU,O,L,S,C) should be identical to what was initially registered with your 3rd party SSL supplier.
7)Once you are happy with the details click "Finish".
8) You will immediately be asked where to save the "b64" file that will be generated which will be sent off to your 3rd party supplier for re-minting.
choose a file name - ensure no hyphens,or special characters etc are used and keep to the 8.3 naming length just to avoid any long name issues, i do believe that by adding a hyphen may cause problems as the system automatically puts a hyphen to separate the names automatically hence that is why its advised not to use this.
I saved my file to root of my c:\
9)Once this has been done and you click save, send the file off to your 3rd party SSL supplier, they will re-mint the "b64" file and you should get back 2 files:
a)file.cer
b)Intermediate.cer
(filenames could be anything)
10) Select the "KMO object" you created earlier in step 2, then goto the Certificate tab > Trusted Root certificate" tab to import the Intermediate.csr file sent to you.
Select import > then read from file and browse for the "Intermediate.csr" file - i chose root of my c:\ to save the re-minted 2 files sent back to me.
Select the Intermediate file, you should see some encrypted characters show in the blank screen, then select Ok or finish.
If you see a pop up window stating " Subject name mismatch error" dont worry this is merely a cosmetic issue due to the details not being in the exact naming order, it has been IMPORTED!!
Click OK.
Once you have done this you should see your first key pair file imported, check the subject name, Issuer name, effect date, expiration date, certificate status details, these should all show the 3rd party certificate details.
Then next part is to import the second key pair file.
Click Certificate>Public Key Certificate tab > import.
Select to read from file> then browse for the file.csr
You should see the encrypted characters, then select ok or finish.
Now you have competed the difficult part you now need to tell you application what SSL object to point to in order to use the SSL encryption.
For webaccess, you have to edit the apache conf files and enter the name of the SSL/KMO object you created earler.
11) Goto your application server that will use the ssl, then browse to:
server\sys\apache2\conf
edit a file called "httpd.conf"
then
amend or add the section:
SecureListen 443 "Verisign"
Save theses changes - then shut down your web services on the server, apache, etc. ie, type :
Apache shutdown commands:
ap2webdn
tc4stop
admsrvdn
Apache load commands:
apache2
ap2webup
tc4stop
admsrvup
wait a minute or so so that the services can be unloaded.
If you think its safer to do so, you can restart the server - that way you know for sure that everything has been unloaded and re-loaded cleanly.
ALL done.
SSL now in operation and working.
I carried out this method - my own steps and this worked for me.
Good luck!!!
Dennis
Originally Posted by shale999
I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
Any suggestions would be welcome !
Thanks !

SME 7.1 not working with Exchange 2010 SP3 UR8v2 and OnTap 8.2.3 7mode

Followed IMT and installed software that NetApp said would work.Ontap 8.2.3 7-modevmWare 5.0 SP3Microsoft Windows Server 2008 R2 SP1Exchange 2010 SP3 UR8v2NetApp Host Tools 6.0.2SnapDrive 7.1.1SME 7.1 Everything connects fine. SnapDrive sees my drives. SME connects to Exchange Server. However in the process of configuring SME, I get the following error. I have followed knowledge base article and increased the timeout of DFM connection in registry, but that has not solved the problem. Has anyone run into this before? SME 6.1 works fine, but is not compatible with SnapDrive 7.1.1 (causes verifications to fail because server can't mount clone) and lower SnapDrive versions are not compatible with Ontap 8.2.3. I am in a real bind here. Thanks in advance.

the following configuration for SME 7.1 is no longer supported: Windows Server 2008 R2Exchange 2010 SP3 RU1 – RU5WMF/PowerShell 3.0SME 7.1 The supported configuration will now be: Windows Server 2008 R2Exchange 2010 SP3 RU5WMF/PowerShell 4.0SME 7.1 this is because Microsoft does not support WMF 3.0 on Server 2008 R2 running Exchange 2010 SP3, with any RU version.SME 7.1 requires a minimum of PowerShell 3.0 (part of WMF 3.0) in order to run. Feel free to review the Exchange Server Supportability Matrix located here: https://technet.microsoft.com/en-us/library/ff728623%28v=exchg.150%29.aspx. All existing documentation (ISG, Admin Guide, IMT) will be updated shortly to reflect this change in requirements. hope that helps,Domenico.

Exchange 2010 - Management Console and Shell Very slow

Heya
I have an Exchange 2010 SP3 enviroment, with 2 HUBCAs and 5 MBX servers.
This servers were 2008 R2 standard, and they were working fine.
This weekend, in order to configure DAG, i upgrade 3 of them to server 2008 R2 enterprise with dsim. Is not the first tiem i do this, and never had problems before.
After the upgrade, the server started fine, the mailboxes, the database.. everything fine.. except, de mmc and the shell.
Both, the mmc and the shell wont start. It gives me the winrm error, but because a time out.
I have installed the installed the iss-winrm feature, delete on regedit and %appdata% the "cache" for the management console, checked the firewal... and nothing worked.
Well, thats not true, in one of the servers, the Management console started working fine, but the shell, it connect, but every command i launch it takes like 10-15 minutes to execute (for example, a get-mailboxdatabase).
In the other,, no the Management console, no the shell connects, i get a winrm timeout.
I dont know were to continue cchecking why happens this, just started after changing the 2008 R2 from standard to enterprise
Thanks for the help!!

Hi,
Please check that your time is in sync as well on your Exchange Server.
Please check whether this issue caused by performance.
More details in the following article:
Understanding Memory Configurations and Exchange Performance
http://technet.microsoft.com/en-us/library/dd346700(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/dd346699(v=exchg.141).aspx
Please also paste the detailed error message without sensitive information for the further troubleshooting.
Found some related blog for your reference:
Resolving WinRM errors and Exchange 2010 Management tools startup failures
http://blogs.technet.com/b/exchange/archive/2010/12/07/3411644.aspx
Troubleshooting Exchange 2010 Management Tools startup issues
http://blogs.technet.com/b/exchange/archive/2010/02/04/3409289.aspx
Thanks
Mavis
Mavis Huang
TechNet Community Support

Exchange 2010 calendar(free and busy) cannot work

Hi All
We have a new setup exchange 2010 server.
Everything(Webmail, outlook, autodiscover, out_of_office) is working fine.
When the user check other user calendar, it is not work(no matter in Outlook 2010 or OWA), is there any idea?
Thanks

Hi there
All the user is located in the same site.
The most weird problem is the user using the OWA for checking their own free and busy, it is show no information.
I have tried o use remote connectivity analyzer and the test-outlookwebservice
RunspaceId : b08124f2-b525-4e34-93f0-ca3c6c7134a9
Id : 1011
Type : Error
Message : When querying Availability for the recipient e-mail address abc@xxx, the following error code and
message were received: ErrorServiceDiscoveryFailed:Unable to find a Client Access server that can serve a
request for an intraforest mailbox <abc>SMTP:abc@xxx.
RunspaceId : b08124f2-b525-4e34-93f0-ca3c6c7134a9
Id : 1025
Type : Error
Message : [EXCH] Error contacting the AS service at https://xxx/EWS/Exchange.asmx. Elapsed time was
12 milliseconds.
RunspaceId : b08124f2-b525-4e34-93f0-ca3c6c7134a9
Id : 1013
Type : Error
Message : When contacting https://xxx/EWS/Exchange.asmx received the error The request failed with a
n empty response.
RunspaceId : b08124f2-b525-4e34-93f0-ca3c6c7134a9
Id : 1025
Type : Error
Message : [EXPR] Error contacting the AS service at https://xxx/EWS/Exchange.asmx. Elapsed time was
249 milliseconds.
But those ews path can be reach when using the browser
Thanks

Creating SSL certificate and configuring it with JBOSS 4.0.1

I have to post some data to a secured site from my application.
For this, I am creating connection to that site using URLConnection and to send data I create OutputStream using the connection.
But, while creating the stream it is showing SSLException and message is No trusted certificate found.
For this, I need to create SSL certificate (mostly using keytool command) and configure it with my application server which is JBOSS 4.0.1
Now, my problem is that I don't know the exact steps to create a certificate and configure it with JBOSS. Please provide the steps in detail.

I think you have this back to front. Unless this exception came from the server, in which case it is misconfigured, you don't have to create a certificate, you have to import the server's certificate, or that of one of its signers, into the client's truststore, and tell Java where the truststore is if it's in a non-standard location.
See http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html. You'll have to ask about the JBoss part in a JBoss forum.

Exchange 2010 SSL certificate and internal names

Similar Messages

Maybe you are looking for