Exchange 2013 don't unassign IIS Services from Certificate Self-Sign

Hi,
I Imported a new Public certificate to Exchange 2013 SP1 and assigned IIS Service, but IIS service keep assign to certificate self signed. Now, I have ISS services
assigned in two certificate (self signed and public certificate), someone have seen it? What do I do now?
Another question, Can I remove self-signed certificate? Is it any one service tied to Exchange?

Hi,
If possible, please provide more parameters(Status, IsSelfSigned etc.) about the certificate with IIS service:
Get-ExchangeCertificate -Thumbprint
382E9DCC4CCA38DA488345F7B46114BA91EBB8F0 | FL
Get-ExchangeCertificate -Thumbprint
86EE0029EBC8FDCC9F98572602E69F65226BAB76 | FL
Please restart IIS service by running iisreset /noforce from a command prompt window. If the public certificate is configured correctly and has included all namespaces used for all Internal and external Exchange connections,
we can remove the self-signed certificate safely.
Thanks,
Winnie Liang
TechNet Community Support

Similar Messages

Exchange 2013 ECP/OWA Error 503 Service Unavailable

Hi,
Hoping that someone can clarify or assist with an issue relating to Exchange 2013 CU3..
Both roles installed on a single 2012 server, mailboxes created, able to login to ECP/OWA using ht tps://servername.int.domain.com/ecp using the out of the box internally generated SSL certificate.
Virtual directory internal and external settings for all directories were configured to be ht tps://mail.domain.com/owa /ecp /EWS etc and a UCC certificate (containing mail.domain.com, autodiscover.domain.com)from GoDaddy was imported and assigned to
IIS and SMTP, internal DNS records were setup internally and externally for mail.domain.com and full propagated, Outlook Anywhere enabled and configured to mail.domain.com, external access configured for all virtual directories
The issue is that ECP and OWA can only be accessed internally by the full internal server FQDN URL ht tps:// serverame.int.domain.com/ecp whereas it should be accessible at this point by ht tps:// mail.domain.com/ecp
Error received both internal and external when trying ht tps://mail.domain.com / owa / rpc etc is error 503 Service Unavailable
I know that the ECP and OWA sites are up and running as I can login and do anything by internal servername URL but no joy at all using the external (which is to be used for internal clients aswell for seamless access)
The only way it works is by adding a host name to the 2 x 443 bindings in IIS for the front end website and set it to mail.domain.com but this means autodiscover.domain.com internally and externally wont work
Is this normal and required for Exchange 2013 or is there a way to resolve this?
Thanks in advance!

Hi,
I found a article might help you, for you reference:
http://support.microsoft.com/kb/2619402
Generally, this error occurs if the application pool that is associated with the web application doesn't start.
To troubleshoot this issue, follow these steps:
In Event Viewer, view the System log to find errors from the Microsoft-Windows-WAS source. An event is frequently logged in the System log if the application pool fails to start.
If you don't find any relevant events in the System log, search for relevant entries in the HTTPERR log file. The httperr1.log file is located in the following system folder:
c:\windows\system32\logfiles
In the file, search on "503" to locate any relevant information about why the application pool failed. For example, you may see an entry that resembles the following:
2011-12-08 18:26:42 ::1%0 6721 ::1%0 443 HTTP/1.1 GET /owa 503 3 N/A SharePoint+Web+Services+Root
Thanks.
Niko Cheng
TechNet Community Support

Exchange 2013 - can no longer move mailboxes from Exchange 2010 to Ex 2013.

Migrating to Exchange 2013 from Exchange 2010. Created Ex 2013, moved some mailboxes OK. Then could no longer move mailboxes. No errors. The Migration email says complete. Synced: none, Total Mailboxes: none.
Tried several mailboxes. Same result.
Ex 2010 is SP3 RU6, (at least it says RU6 is installed in Programs/Features. The build is for SP3 w/o RU6???)
Ex 2013 is SP1 aka CU4.
How to proceed???
john11

After many attempts to fix the issue (move remaining 4 mailboxes from Exchange 2010 to Exchange 2013) I contacted Microsoft and we resolved the issue. Here's how.
btw - Thanks for the suggestions from Ed. However, they did not seem to move us forward.
What did work:
1. On the Exchange 2010 box, create a new database. (Someone else suggested this also). Then move the remaining Exchange 2010 mailboxes to this new db. Then after that, move the 4 mailboxes to Exchange 2013 using the GUI on Ex 2013. This only worked for one
of the four mailboxes. The other 3 failed.
2. Apparently, we need to restart the Microsoft Exchange Mailbox Replication service on the Exchange 2013 after several failed move attempts to clear cache related to the moves.
3. Then on the Exchange 2013 box, use this Exchange shell command:
New-MoveRequest -identity "[email protected]" -TargetDatabase "Exchange 2013 DB name" -BadItemLimit '500' -verbose
This moved the remaining 3 mailboxes including the Discovery mailbox. It took some time. But we could check the progress using
Get-MoveRequest
The MS Tech was terrific. Really knew his stuff. And all mailboxes are on Exchange 2013. Well, the last one is still moving, but I am optimistic.
Thanks for the suggestions. I had to get this done and the MS Tech made that happen.
john11

Exchange 2013 CU3 Can't Access ECP from Office365 Enabled Account

We recently upgraded our Exchange 2013 server to CU3 to fix the OWA redirection error. Unfortunately, we've now noticed that any admin mailboxes that have been 'moved' to Office365 can not access ECP and instead get a redirect warning to OWA.
I had to create a new, onprem admin account to access in the meantime. This is the message I see:
Use the following link to open this mailbox with the best performance:
http://outlook.com/owa/ACME.onmicrosoft.com
X-FEServer: EXCHANGE
Date: 12/3/2013 6:13:23 PM
more detail...
I assume this is due to the fix for OWA redirection? How do I manage Exchange with my 'oncloud' mailbox accounts?

Hi,
I think it will be more suitable to ask this question on Exchange Online forum:
http://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=onlineservicesexchange
Thanks,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support

Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

Hello,
is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
We would like to secure external access to the mailboxes via Outlook by using CBA.
Thanks a lot in advance!
Regards,
André

Hi,
Let’s begin with the answer in the following thread:
http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
If you have any question, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support

Issue Installing Exchange 2013 CU1: Mailbox role:Mailbox service

I receive this error when Installing Cumulative Update 1.
Error:
The following error was generated when "$error.Clear();
            if ($RoleIsDatacenter -ne $true)
            if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
            $sysMbx = $null;
            $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
            $dispName = "Microsoft Exchange";
            Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");
            $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );
            if ($mbxs.Length -eq 0)
            Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");
            $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
            if ($dbs.Length -ne 0)
            Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");
            $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
            if ($arbUsers.Length -ne 0)
            Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");
            $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0].Identity;
            else
            if ($mbxs[0].DisplayName -ne $dispName )
            Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");
            Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;
            $sysMbx = $mbxs[0];
            # Set the Organization Capabilities needed for this mailbox
            if ($sysMbx -ne $null)
            # We need 1 GB for uploading large OAB files to the organization mailbox
            Write-ExchangeSetupLog -Info ("Setting mailbox properties.");
                set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions:$true -MailRouting:$true -MessageTracking:$true -MaxSendSize
1GB -Force;
            else
            Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
            else
            Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
        " was run: "Database is mandatory on UserMailbox.".
Error:
The following error was generated when "$error.Clear();
            if ($RoleIsDatacenter -ne $true)
            if (Test-ExchangeServersWriteAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue)
            $sysMbx = $null;
            $name = "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}";
            $dispName = "Microsoft Exchange";
            Write-ExchangeSetupLog -Info ("Retrieving mailboxes with Name=$name.");
            $mbxs = @(Get-Mailbox -Arbitration -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1 );
            if ($mbxs.Length -eq 0)
            Write-ExchangeSetupLog -Info ("Retrieving mailbox databases on Server=$RoleFqdnOrName.");
            $dbs = @(Get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController);
            if ($dbs.Length -ne 0)
            Write-ExchangeSetupLog -Info ("Retrieving users with Name=$name.");
            $arbUsers = @(Get-User -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1);
            if ($arbUsers.Length -ne 0)
            Write-ExchangeSetupLog -Info ("Enabling mailbox $name.");
            $sysMbx = Enable-Mailbox -Arbitration -Identity $arbUsers[0] -DisplayName $dispName -database $dbs[0].Identity;
            else
            if ($mbxs[0].DisplayName -ne $dispName )
            Write-ExchangeSetupLog -Info ("Setting DisplayName=$dispName.");
            Set-Mailbox -Arbitration -Identity $mbxs[0] -DisplayName $dispName -Force;
            $sysMbx = $mbxs[0];
            # Set the Organization Capabilities needed for this mailbox
            if ($sysMbx -ne $null)
            # We need 1 GB for uploading large OAB files to the organization mailbox
            Write-ExchangeSetupLog -Info ("Setting mailbox properties.");
                set-mailbox -Arbitration -identity $sysMbx -UMGrammar:$true -OABGen:$true -GMGen:$true -ClientExtensions:$true -MailRouting:$true -MessageTracking:$true -MaxSendSize
1GB -Force;
            else
            Write-ExchangeSetupLog -Info ("Cannot find arbitration mailbox with name=$name.");
            else
            Write-ExchangeSetupLog -Info "Skipping creating E15 System Mailbox because of insufficient permission."
        " was run: "Database is mandatory on UserMailbox. Property Name: Database".
Can Anyone help me figure out how I can resolve this error?

Hello,
Please make sure you have these permission " Schema Admins", "Domain Admins" and "Enterprise Admins".
Here is the article for your reference.
Prepare Active Directory and Domains
http://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx
Cara Chen
TechNet Community Support

Going from a self signed certificate to a 3rd party certificate....

Hello all...
I have an Apache webserver running both the GroupWise WebAccess and the
Netware FTP server. Up until now, I have used self signed SSL certificates
on each of them to provide security. Now, we are going to a 3rd party issued
certificate for both of them.
Any idea how I set up the apache server so it will use the 3rd party cert
instead of the self signed one...?
Also, if you know how to set it up with the FTP server as well, it would
help.
(And, yes I know this is not the right forum, but in the interest of not
repeating my work, I was hoping to bend the rules some.....)
Thanks in advance....
Delon E. Weuve
Senior Network Engineer
Office of Auditor of State
State of Iowa
USA

As far as the FTP goes, can you be more specific? Where is this ini file
that I need to modify? And how do I modify it?
Thanks.
Delon E. Weuve
Senior Network Engineer
Office of Auditor of State
State of Iowa
USA
>>> On 6/25/2008 at 2:34 PM, in message
<[email protected]>, Richard Beels
[SysOp]<[email protected]> wrote:
> close enough on the group... :-)
>
> for apache, it's easy peasy, find the bit in your httpd.conf and where
> it says:
>>>>
> SecureListen 443 "SSL CertificateDNS"
>>>>
>
> change it to whatever you've neamed the new cert, such as:
>>>>
> SecureListen 443 "DigiCert"
>>>>
>
> which should give you a clue as to what I recc. for 3rd party certs.
> :-)
>
>
> As to ftp, it should be the same, i.e. ini file fiddly bit...
>
>
> --
> Cheers!
> Richard Beels
> ~ Network Consultant
> ~ Sysop, Novell Support Connection
> ~ MCNE, CNE*, CNA*, CNS*, N*LS

Certificate Authority for Exchange 2013

Dear,
I will install exchange 2013, whether to install the Certificate Authority role also?
If it is necessary, to install this CA, is simply combined with ADDS server, Exchange Server or a separate server?
Thanks

Hi,
As all above says, Exchange 2013 can use Self-signed Exchange certificate which is installed automatically after Exchange 2013 installation. But please note that this self-signed certificate would be not trusted for Exchange using.
If your Exchange 2013 is not internet-facing, we can use the self-signed certificate in your internal domain environment. If you want to publish your Exchange 2013 to the internet and send/receive external mails, we need to have a valid and trusted certificate
for Exchange using.
To get trusted certificate, we can deployed an
Enterprise root CA which self-signs its own CA certificate and uses Group Policy to publish that certificate to the Trusted Root Certification Authorities store of all servers and workstations in the domain. Or we can directly buy a third-party certificate
for using.
About where to install the CA, my personal suggestion is to install ADCS (Active Directory Certificate Services) on a standalone server. You can also install it with your DC. About how to install a
Root Certification Authority, please refer to:
http://technet.microsoft.com/en-us/library/cc731183.aspx
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013 CU2, Alert for OWA Health set unhealthy from SCOM 2012

I am facing issue in Exchange 2013 CU2, I got this alert from SCOM 2012 atleast 5-6 times a day, OWA health set is unhealthy, I have done all the steps mentioned in this web link. Authentication type for OWA Virtual directory is integrated windows and Basic.
I have 2 CAS servers, and this alert generated from both of them.
http://technet.microsoft.com/en-us/library/ms.exch.scom.OWA(EXCHG.150).aspx?v=15.0.712.24
Alert: Health Set unhealthy
Source: EX-CAS - OWA
Path: EX-CAS;EX-CAS
Last modified by: System
Last modified time: 1/5/2014 8:15:08 PM
Alert description: Outlook Web Access logon is failing on ClientAccess server EX-CAS.
Availability has dropped to 0%. You can find protocol level traces for the failures on C:\Program Files\Microsoft\Exchange Server\V15\Logging\Monitoring\OWA\ClientAccessProbe.
Incident start time: 1/6/2014 4:05:08 AM
Last failed result:
Failing Component - Owa
Failure Reason - CafeFailure
Exception:
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Microsoft.Exchange.Net.MonitoringWebClient.ScenarioException:
Microsoft.Exchange.Net.MonitoringWebClient.ScenarioException:
Failure source: Owa
Failure reason: CafeFailure
Failing component:Owa
Exception hint: CafeErrorPage: CafeFailure Unauthorized Inner exception: Microsoft.Exchange.Net.MonitoringWebClient.CafeErrorPageException
ErrorPageFailureReason: CafeFailure, RequestFailureContext: FailurePoint=FrontEnd, HttpStatusCode=401, Error=Unauthorized, Details=, HttpProxySubErrorCode=, WebExceptionStatus=
Microsoft.Exchange.Net.MonitoringWebClient.CafeErrorPageException: An error occurred on the Client Access server while processing the request
WebExceptionStatus: Success
GET https://localhost/owa/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; MSEXCHMON; ACTIVEMONITORING; OWACTP)
Accept: */*
Cache-Control: no-cache
X-OWA-ActionName: Monitoring
Cookie:
HTTP/1.1 401 Unauthorized
request-id: 211474d2-a43e-4fab-8038-3aab35353568
X-FailureContext: FrontEnd;401;VW5hdXRob3JpemVk;;;
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="localhost"
X-Powered-By: ASP.NET
X-FEServer: EX-CAS
Date: Mon, 06 Jan 2014 04:14:47 GMT
Content-Length: 0
Response time: 0s
---> Microsoft.Exchange.Net.MonitoringWebClient.CafeErrorPageException: Microsoft.Exchange.Net.MonitoringWebClient.CafeErrorPageException
ErrorPageFailureReason: CafeFailure, RequestFailureContext: FailurePoint=FrontEnd, HttpStatusCode=401, Error=Unauthorized, Details=, HttpProxySubErrorCode=, WebExceptionStatus=
Microsoft.Exchange.Net.MonitoringWebClient.CafeErrorPageException: An error occurred on the Client Access server while processing the request
WebExceptionStatus: Success
GET https://localhost/owa/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; MSEXCHMON; ACTIVEMONITORING; OWACTP)
Accept: */*
Cache-Control: no-cache
X-OWA-ActionName: Monitoring
Cookie:
HTTP/1.1 401 Unauthorized
request-id: 211474d2-a43e-4fab-8038-3aab35353568
X-FailureContext: FrontEnd;401;VW5hdXRob3JpemVk;;;
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate,NTLM,Basic realm="localhost"
X-Powered-By: ASP.NET
X-FEServer: EX-CAS
Date: Mon, 06 Jan 2014 04:14:47 GMT
Content-Length: 0
Response time: 0s
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Net.MonitoringWebClient.BaseExceptionAnalyzer.Analyze(TestId currentTestStep, HttpWebRequestWrapper request, HttpWebResponseWrapper response, Exception exception, Action`1 trackingDelegate)
   at Microsoft.Exchange.Net.MonitoringWebClient.HttpSession.AnalyzeResponse[T](HttpWebRequestWrapper request, HttpWebResponseWrapper response, Exception exception, HttpStatusCode[] expectedStatusCodes, Func`2 processResponse)
   at Microsoft.Exchange.Net.MonitoringWebClient.HttpSession.EndSend[T](IAsyncResult result, HttpStatusCode[] expectedStatusCodes, Func`2 processResponse, Boolean fireResponseReceivedEvent)
   at Microsoft.Exchange.Net.MonitoringWebClient.HttpSession.EndGet[T](IAsyncResult result, HttpStatusCode[] expectedStatusCodes, Func`2 processResponse)
   at Microsoft.Exchange.Net.MonitoringWebClient.Authenticate.AuthenticationResponseReceived(IAsyncResult result)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Net.MonitoringWebClient.BaseTestStep.EndExecute(IAsyncResult result)
   at Microsoft.Exchange.Net.MonitoringWebClient.Owa.OwaLogin.AuthenticationCompleted(IAsyncResult result)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Net.MonitoringWebClient.BaseTestStep.EndExecute(IAsyncResult result)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Bool
States of all monitors within the health set:
Note: Data may be stale. To get current data, run: Get-ServerHealth -Identity 'EX-CAS' -HealthSet 'OWA'
State
Name
TargetResource                     HealthSet
AlertValue     ServerComponent
NotApplicable       OwaCtpMonitor
OWA
Unhealthy      None
States of all health sets:
Note: Data may be stale. To get current data, run: Get-HealthReport -Identity 'EX-CAS'
State
HealthSet
AlertValue     LastTransitionTime
MonitorCount
NotApplicable       ActiveSync
Healthy        1/3/2014 5:21:13 AM
2
NotApplicable       AD
Healthy        11/24/2013 6:54:18 AM
10
NotApplicable       ECP
Healthy        1/5/2014 3:03:05 AM
1
Online
Autodiscover.Proxy
Healthy        11/20/2013 10:06:37 AM
1
NotApplicable       Autodiscover
Healthy        1/3/2014 10:18:17 PM
2
Online
ActiveSync.Proxy
Healthy        11/20/2013 10:06:37 AM
1
Online
ECP.Proxy
    Healthy
11/21/2013 6:16:08 PM    4
Online
EWS.Proxy
Healthy        11/20/2013 10:06:37 AM
1
Online
OutlookMapi.Proxy
Healthy        11/24/2013 6:54:28 AM
4
Online
OAB.Proxy
Healthy        11/19/2013 7:14:34 PM
1
Online
OWA.Proxy
Healthy        11/20/2013 10:06:37 AM
2
NotApplicable       EDS
Healthy        1/3/2014 5:19:56 AM
10
Online
RPS.Proxy
Healthy        1/3/2014 5:21:27 AM
13
Online
RWS.Proxy                     Healthy
1/3/2014 5:20:09 AM      10
Online
Outlook.Proxy
Healthy        1/3/2014 5:21:12 AM
4
NotApplicable       EWS
Healthy        1/3/2014 10:18:17 PM
2
Online
FrontendTransport
Healthy        1/5/2014 3:47:09 AM
11
Online
HubTransport
Healthy        1/5/2014 3:47:09 AM
29
NotApplicable       Monitoring
Unhealthy      1/5/2014 4:05:57 AM
9
NotApplicable       DataProtection
Healthy        1/3/2014 5:25:42 AM
1
NotApplicable       Network                       Healthy
1/4/2014 1:51:16 PM      1
NotApplicable       OWA
Unhealthy      1/5/2014 8:05:08 PM
1
NotApplicable       FIPS
Healthy        1/3/2014 5:21:12 AM
3
Online
Transport
Healthy        1/5/2014 4:11:00 AM
9
NotApplicable       RPS
Healthy        11/20/2013 10:07:12 AM
2
NotApplicable       Compliance
Healthy        11/20/2013 10:08:10 AM
2
NotApplicable       Outlook
Healthy        11/21/2013 6:12:54 PM
2
Online
UM.CallRouter
Healthy        1/5/2014 3:47:10 AM
7
NotApplicable       UserThrottling
Healthy        1/5/2014 4:16:42 AM
7
NotApplicable       Search
                Healthy
11/24/2013 6:55:06 AM    9
NotApplicable       AntiSpam
Healthy        1/3/2014 5:16:43 AM
3
NotApplicable       Security
Healthy        1/3/2014 5:19:28 AM
3
NotApplicable       IMAP.Protocol
Healthy        1/3/2014 5:21:14 AM
3
NotApplicable       Datamining
Healthy        1/3/2014 5:18:34 AM
3
NotApplicable       Provisioning
Healthy        1/3/2014 5:19:56 AM
3
NotApplicable       POP.Protocol
Healthy        1/3/2014 5:20:44 AM
3
NotApplicable       Outlook.Protocol
Healthy        1/3/2014 5:19:46 AM
3
NotApplicable       ProcessIsolation
Healthy        1/3/2014 5:19:26 AM
9
NotApplicable       Store
Healthy       1/3/2014 5:20:38 AM
6
NotApplicable       TransportSync
Healthy        11/24/2013 6:53:09 AM
3
NotApplicable       MailboxTransport
Healthy        1/3/2014 5:21:11 AM
6
NotApplicable       EventAssistants
Healthy        11/21/2013 6:22:01 PM
2
NotApplicable       MRS
Healthy        1/3/2014 5:20:29 AM
3
NotApplicable       MessageTracing
Healthy        1/3/2014 5:18:15 AM
3
NotApplicable       CentralAdmin
Healthy        1/3/2014 5:17:25 AM
3
NotApplicable       UM.Protocol
Healthy        1/3/2014 5:17:08 AM
3
NotApplicable       Autodiscover.Protocol
Healthy        1/3/2014 5:17:13 AM
3
NotApplicable       OAB
Healthy        1/3/2014 5:20:51 AM
3
NotApplicable       OWA.Protocol
Healthy        1/3/2014 5:20:52 AM
3
NotApplicable       Calendaring
Healthy        11/24/2013 6:56:59 AM
3
NotApplicable       PushNotifications.Protocol
Healthy        11/21/2013 6:16:05 PM
3
NotApplicable       EWS.Protocol
Healthy        1/3/2014 5:19:07 AM
3
NotApplicable       ActiveSync.Protocol
         Healthy
1/3/2014 5:20:16 AM      3
NotApplicable       RemoteMonitoring
Healthy        1/5/2014 3:47:09 AM
3
Any solution for this alert, how to rectify it, but OWA is running perfect for all users.

Hi,
Sorry for the late reply.
Do we have Exchange 2010 coexistence?
If it is the case, I know the following known issue:
Release Notes for Exchange 2013
http://technet.microsoft.com/en-us/library/jj150489%28v=exchg.150%29.aspx
Please note the "Exchange 2010 coexistence" session.
If it is not related to our problem, please check the IIS log.
If there is any detailed error code, like 401.1, 401.2, please let me know.
Hope it is helpful
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support

ActiveSync stops working after migrating from Exchange 2007 to Exchange 2013

We have started the migration from Exchange 2007 to Exchange 2013. We've followed best practices and everything is working great except ActiveSync. I've performed Exchange migrations in the past so this is nothing new for me. I've also been referring to
a great guide which has been a big help,
http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part1.html.
Once a user is migrated from Exchange 2007 to 2013, ActiveSync stops working properly. Email can be pulled to the device (Nokia Lumia 625 running Windows Phone 8) by performing a manual sync. But DirectPush is not working. The strange part is it's not affecting
everyone who's been migrated. Anyone who is still on Exchange 2007 is not affected.
At first I thought it was our wildcard certificate. 99% of our users are running Outlook 2013 on Windows 7 or higher but we do have a few terminal servers still running Outlook 2010. Outlook 2010 was giving us certificate errors. I realized it was the wildcard
certificate. Rather than making changes to the OutlookProvider I simply obtained a new SAN certificate. Although that resolved the issues for Outlook 2010 users, ActiveSync was still a problem.
Rebooting the phones and removing the email account from the user's device and re-adding it didn't resolve the issue either.
Then I performed an iisreset on the CAS server. This didn't help either. I didn't know it at the time, but I was getting closer...
I tried using the cmdlet Test-ActiveSyncConnectivity but it gave me the following error:
WARNING: Test user 'extest_0d9a45b025374' isn't accessible, so this cmdlet won't be able to test Client Access server
connectivity.
Could not find or sign in with user DOMAIN.com\extest_0d9a45b025374. If this task is being run without
credentials, sign in as a Domain Administrator, and then run Scripts\new-TestCasConnectivityUser.ps1 to verify that
the user exists on Mailbox server EX02.DOMAIN.COM
I started reviewing how Exchange 2013 proxied information from the CAS to the mailbox server and realized the issue may in fact be on the mailbox server.
I performed an iisreset on the mailbox server and all of a sudden ActiveSync started working again. Awesome!
I can't explain why. The only thing I can assume is when some users were migrated from 2007 to 2013 something wasn't being triggered on the Exchange 2013 side. Resetting IIS resolved the issue. I guess I'll have to do an IIS reset after I perform a batch
of migrations. Disabling ActiveSync and re-enabling it for the affected users didn't help - only the IISRESET resolved the issue.
If anyone has any information as to why this happens, please chime in. Also, if anyone knows why I can't run the Test-ActiveSyncConnectivity cmdlet, I'd appreciate the help.
Thanks.

Hi,
In Exchange 2013, the Public Folder is changed to Public Folder mailbox instead of Public Folder in Exchange 2007 database.
Due to the changes in how public folders are stored, legacy Exchange mailboxes are unable to access the public folder hierarchy on Exchange 2013 servers. However, user mailboxes on Exchange 2013 servers or Exchange Online can connect to legacy
public folders. Exchange 2013 public folders and legacy public folders can’t exist in your Exchange organization simultaneously. This effectively means that
there’s no coexistence between versions.
For this reason, it’s recommended that prior to migrating your public folders, you should
first migrate your all legacy mailboxes to Exchange 2013. For more information about migrating public folder from previous versions, please refer to:
http://technet.microsoft.com/en-us/library/jj150486(v=exchg.150).aspx
(Please note the What do you need to know before you begin part in this link)
Regards,
Winnie Liang
TechNet Community Support

Exchange active sync cannot connect to server after migration mailbox user from exchange 2007 to exchange 2013 coexistence

Hello, everyone, my name is rafl
I have a problem with exchange 2013 active sync.
I have installed exchange 2013 coexistence with legacy exchange 2007, I have to migrate user mailboxes: [email protected] from exchange 2007 to exchange 2013.
but any problem with active sync connection on the mobile device after moving mailbox user. I reconfigure the exchange ActiveSync external connection domain (latest.domain.com) on mobile device replacing legacy exchange ActiveSync external connection domain
(legacy.domain.com)
the process of moving mailboxes successfully without error.
Access OWA for exchange 2007 and exchange 2013 is running normally
access mail from Outlook running normally
Certificate request has been installed and has no problem with it
The OWA virtual directory is configured for internal and external connections and different from the legacy exchange
The autodiscover virtual directory is configured for internal and external connections and different from the legacy exchange
ActiveSync virtual directory is configured for internal and external connections and different from the legacy exchange
user mailboxes are still on exchange 2007 is not problematic.
only problem with Exchange Active Sync on mobile devices, where I set up an email with android, iphone, windows phone. the error message: cannot connect to the server.
but, if I create a new user and create user mailboxes directly in exchange server 2013, ActiveSync can run without error on mobile device, access through OWA, MsOutlook, Outlook Anywhere also run normally.
only the results of user migration from exchange 2007 to exchange 2013 which is troubled with exchange ActiveSync connection.
any ideas for this problem, and what should I check on the exchange server ..?

i have run the activesync test connectivity and get some error :
Testing TCP port 443 on host domain.co.id to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
A network error occurred while communicating with the remote host.
Elapsed Time: 3091 ms.
Testing TCP port 443 on host autodiscover.domain.co.id to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
A network error occurred while communicating with the remote host.
Elapsed Time: 21072 ms.
Testing TCP port 80 on host autodiscover.domain.co.id to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
A network error occurred while communicating with the remote host.
Elapsed Time: 21049 ms.
I have allowed access to port 443 (https) and 80 (http) on the firewall and re-run testconnectivity, but still with the same results. if I enable active sync for users who created directly in Exch 2013 there is no problem with the ActiveSync, just a problem
for users who moved from Exch 2007 to Exch 2013. @Android, iPhone, and Blackberry the error message "cannot connect to the server"

Seemingly successful install of Exchange 2013 SP1 turns into many errors in event logs after upgrade to CU7

I have a new Exchange 2013 server with plans to migrate from my current Exchange 2007 Server.
I installed Exchange 2013 SP1 and the only errors I saw in the event log seemed to be long standing known issues that did not indicate an actual problem (based on what I read online).
I updated to CU7 and now lots of errors have appeared (although the old ones seem to have been fixed so I have that going for me).
Currently the Exchange 2013 server is not in use and clients are still hitting the 2007 server.
Issue 1)
After each reboot I get a Kernel-EventTracing 2 error. I cannot find anything on this on the internet so I have no idea what it is.
Session "FastDocTracingSession" failed to start with the following error: 0xC0000035
I did read other accounts of this error with a different name in the quotes but still can’t tell what this is or where it is coming from.
Issue 2)
I am still getting 5 MSExchange Common 106 errors even after reregistering all of the perf counters per this page:
https://support.microsoft.com/kb/2870416?wa=wsignin1.0
One of the perf counters fails to register using the script from the link above.
66 C:\Program Files\Microsoft\Exchange Server\V15\Setup\Perf\InfoWorkerMultiMailboxSearchPerformanceCounters.xml
New-PerfCounters : The performance counter definition file is invalid.
At C:\Users\administrator.<my domain>\Downloads\script\ReloadPerfCounters.ps1:19 char:4
+    New-PerfCounters -DefinitionFileName $f
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo
: InvalidData: (:) [New-PerfCounters], TaskException
    + FullyQualifiedErrorId : [Server=VALIS,RequestId=71b6bcde-d73e-4c14-9a32-03f06e3b2607,TimeStamp=12/18/2014 10:09:
   12 PM] [FailureCategory=Cmdlet-TaskException] 33EBD286,Microsoft.Exchange.Management.Tasks.NewPerfCounters
But that one seems unrelated to the ones that still throw errors.
Three of the remaining five errors are (the forum is removing my spacing between the error text so it looks like a wall of text - sorry):
Performance counter updating error. Counter name is Count Matched LowFidelity FingerPrint, but missed HighFidelity FingerPrint, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The
exception thrown is : System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
   at System.Diagnostics.Process.GetProcessById(Int32 processId)
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
Performance counter updating error. Counter name is Number of items, item is matched with finger printing cache, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The exception thrown
is : System.InvalidOperationException: The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
   at System.Diagnostics.Process.GetProcessById(Int32 processId)
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
Performance counter updating error. Counter name is Number of items in Malware Fingerprint cache, category name is MSExchange Anti-Malware Datacenter Perfcounters. Optional code: 3. Exception: The exception thrown is : System.InvalidOperationException:
The requested Performance Counter is not a custom counter, it has to be initialized as ReadOnly.
   at System.Diagnostics.PerformanceCounter.InitializeImpl()
   at System.Diagnostics.PerformanceCounter.set_RawValue(Int64 value)
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.set_RawValue(Int64 value)
Last worker process info : System.ArgumentException: Process with an Id of 7384 is not running.
   at System.Diagnostics.Process.GetProcessById(Int32 processId)
   at Microsoft.Exchange.Diagnostics.ExPerformanceCounter.GetLastWorkerProcessInfo()
Issue 3)
I appear to have some issues related to the healthmailboxes.
I get MSExchangeTransport 1025 errors for multiple healthmailboxes.
SMTP rejected a (P1) mail from 'HealthMailbox23b10b91745648819139ee691dc97eb6@<my domain>.local' with 'Client Proxy <my server>' connector and the user authenticated as 'HealthMailbox23b10b91745648819139ee691dc97eb6'. The Active Directory
lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError
I reran setup /prepareAD to try and remedy this but I am still getting some.
Issue 4)
I am getting an MSExchange RBAC 74 error.
(Process w3wp.exe, PID 984) Connection leak detected for key <my domain>.local/Admins/Administrator in Microsoft.Exchange.Configuration.Authorization.WSManBudgetManager class. Leaked Value 1.
Issue 5)
I am getting MSExchange Assistants 9042 warnings on both databases.
Service MSExchangeMailboxAssistants. Probe Time Based Assistant for database Database02 (c83dbd91-7cc4-4412-912e-1b87ca6eb0ab) is exiting a work cycle. No mailboxes were successfully processed. 2 mailboxes were skipped due to errors. 0 mailboxes were
skipped due to failure to open a store session. 0 mailboxes were retried. There are 0 mailboxes in this database remaining to be processed.
Some research suggested this may be related to deleted mailboxes however I have never had any actual user mailboxes on this server.
If they are healthmailboxes or arbitration mailboxes that might make sense but I am unsure of what to do on this.
Issue 6)
At boot I am getting an MSExchange ActiveSync warning 1033
The setting SupportedIPMTypes in the Web.Config file was missing.
Using default value of System.Collections.Generic.List`1[System.String].
I don't know why but this forum is removing some of my spacing that would make parts of this easier to read.

Hi Eric
Yes I have uninstalled and reinstalled Exchange 2013 CU7 for the 3<sup>rd</sup> time.
I realize you said one issue per forum thread but since I already started this thread with many issues I will at least post what I have discovered on them in case someone finds their way here from a web search.
I have an existing Exchange 2007 server in the environment so I am unable to create email address policies that are defined by “recipient container”.
If I try and do so I get “You can't specify the recipient container because legacy servers are detected.”
So I cannot create a normal email address policy and restrict it to an OU without resorting to some fancy filtering.
Instead what I have done is use PS to modify extensionAttribute1 (otherwise known as Custom Attribute 1 to exchange) for all of my users.
I then applied an address policy to them and gave it the highest priority.
Then I set a default email address policy for the entire organization.
After reinstalling Exchange all of my system mailboxes were created with the internal domain name.
So issue number 3 above has not come up.
For issue number one above I have created a new thread:
https://social.technet.microsoft.com/Forums/office/en-US/7eb12b89-ae9b-46b2-bd34-e50cd52a4c15/microsoftwindowskerneleventtracing-error-2-happens-twice-at-boot-ex2013cu7?forum=exchangesvrdeploy
For issue number four I have posted to this existing thread where there is so far no resolution:
https://social.technet.microsoft.com/Forums/exchange/en-US/2343730c-7303-4067-ae1a-b106cffc3583/exchange-error-id-74-connection-leak-detected-for-key?forum=exchangesvradmin
Issue number Five I have managed to recreate and get rid of in more than one way.
If I create a new database in ECP and set the database and log paths where I want, then this error will appear.
If I create the database in the default location and then use EMS to move it and set the log path, then the error will not appear.
The error will also appear (along with other errors) if I delete the health mailboxes and let them get recreated by restarting the server or the Health Manager service.
If I then go and set the retention period for deleted mailboxes to 0 days and wait a little while, these will all go away.
So my off hand guess is that these are caused by orphaned system mailboxes.
For issue number six I have posted to this existing thread where there is so far no resolution:
https://social.technet.microsoft.com/Forums/exchange/en-US/dff62411-fad8-4d0c-9bdb-037374644845/event-1033-msexchangeactivesync-warning?forum=exchangesvrmobility
So for the remainder of this thread we can try and tackle issue number two which is the perf counters.
The exact same 5 perf counter were coming up and this had been true each time I have uninstalled and reinstalled Exchange 2013CU7.
Actually to be more accurate a LOT of perf counter errors come up after the initial install, but reloading the perf counters using the script I posted above reduces it to the same five.
Using all of your suggestions so far has not removed these 5 remaining errors either. Since there is no discernible impact other than these errors at boot I am not seriously bothered by them but as will all event log errors, I would prefer
to make them go away if possible.

Exchange 2013 Mail Receiving Issues

Hi everybody,
Yesterday I configured a new DC and Exchange on Hyper-V (Server 2012 and Exchange 2013)
All functions and rolls are configured and installed but i am having issues receiving external e-mails.
Almost all of the external mails are being deliverd a half hour to a hour after being sent.
To start of on the first level.
I got a Siemens Fiber modem with an external address connected to the WAN of my Draytek 2995 router.
Alle the needed ports are forwarded to the Draytek (80,443,25,1723).
The Draytek DHCP function is set to off.
192.168.168.2 (DC) -> 80 (HTTP IIS)
192.168.168.2 (DC) -> 1723 (RRAS)
192.168.168.3 (Exchange) -> 25 (SMTP)
192.168.168.3 (Exchange) -> 443 (SSL)
My Draytek router is connected through LAN1 to a HP switch (unmanaged).
The physical server has 3 NIC's, all of these are connected to the HP Switch
I Disabled Hyper-V Queuing on the NIC's because this causes an issue with slow network connections.
The network has been configured as following.
I configured the Server 2012 R2 on the hardware(physical server) with only the Hyper-V roll.
NIC1is setup for the physical server,
IP Address: 192.168.168.1
Subnet: 255.255.255.0
Gateway: 192.168.168.254 (Draytek address)
DNS: 192.168.168.254 (Draytek address)
The Server software firewall has been set to a private network through the local security policy.
I have setup 2 VM's through the Hyper-V roll.
The first VM is the Server 2012 R2 Domain controller.
For this VM I created a virtual switch connected to my second NIC(2).
I unchecked the box where my host can communicate with the NIC(2).
The DC has been configured as following:
Hostname: SERVER
IP Address: 192.168.168.2
Subnet: 255.255.255.0
Gateway: 192.168.168.254
DNS: 127.0.0.1
I can ping to all the adresses from this server (internal and external).
The server has been promoted to domain controller with the following rolls.
ActiveDirectory, Certificate Autohority, DHCP, DNS, RRAS, RDP.
Alle these rolls have been set and working. (all have been tested)
DHCP has all options configured (scope, router-192.168.168.254, dns-192.168.168.2)
A DNS simple and recursive test work fine.
I did no configuration on the DNS after the DC PROMO.
So i created users in the AD.
After that I created a second VM, this one is used for the Exchange.
I setup a second virtual switch connected to NIC3 and installed Server 2012 R2 with the following config.
Hostname: SERVER
IP Address: 192.168.168.3
Subnet: 255.255.255.0
Gateway: 192.168.168.254
DNS: 192.168.168.2 (pointing to the DC)
I joined this server to the domain, everything is working fine.
Both servers have internet and network.
Running portscans on 1723 and 80 all work like a charm.
No its time to install Exchange.
I ran all the prerequisits and PowerShell commands (IAcceptLicense. etc.)
Installed de needed API and filters.
Installed Frameworks 3.5 on both servers.
And the Exchange installation was succesfull.
CU3 is also installed.
I configured the send connector, accepted domains etc.
Created all needed certificates (self signed)
Did a portscan on 433 and 25 and they work.
All the hosting records are set mail.domain.nl etc. and MX records.
I created inboxes for the users and was able to connect them to the users in the Active Directory on the DC without any problems.
Connecting through the internet to OWA works perfect and i can login with users.
Sending e-mail internally works perfect, the messages are being deliverd in an instant.
Sending e-mail externally also works perfect, i receive mails in a few seconds on a person email address.
But when i reply or send e-mail to my new Exchange it can take up to hours to receive the mails!
I did online SMTP checks and e-mail checks, the all come out like it should.
One message from MX TOOLBOX on the SMTP:
SMTP Transaction Time
8.408 seconds - Not good! on Transaction Time
I have nog other receive connectors setup, just the standard connectors.
So i got into the Exchange ECP and under "server" i setup the DNS to listen to 192.168.168.2 (DC).
I've read that when this is set to all ip addresses it can cause mail delay, but no luck.
I ran the best practices analyzer and get about 23 errors and 20 warnings.
A lot of services are unhealt like the "ExchangeTransport).
I have no idea what is causing the issues and read almost every forum.
Does anyone have a clue what is going on?
Did i miss something, is there a misconfiguration?
Best regards,
Tim

The mailserver did not receive any e-mails in this timespan, it was not an issue with the connector to the user mailboxes.
The internal e-mail also works flawless.
The entire Exchange server just not received this mail in time.
I sent an e-mail from my personal accout with the option in my outlook to receive a delivery-reply.
I got the reply as soon as the mail was deliverd, this took about a half hour to a hour.
After you asked me about the firewall, i got a hunch..
It had to be on the incomming connection, so i checked every single firewall on the network and disabled them.
Still the same problem...
But there was still one ethernet device that could have a firewall, the internet modem!
This ATM modem receives multiple external IP's from the ISP, so I figured there was no firewall on this device. (Just like all the cable modems that are deliverd in our area by Ziggo(ISP).
But I was wrong, there was a firewall enabled on the modem!
All the ports in the modem had been forwarded but somehow the modem-firewall filtered the traffic,
creating the issue on the incomming e-mail.
I disabled the firewall and all the external e-mails are being received in an instant!
Re-enabled all the software firewalls on the servers and re-enabled the malware filter through powershell, after these steps I did another test, and everything still works like a charm!
Many thanks for your help Kjartan!

Introduce an "passive" Exchange 2013 in Exchange 2010 environment without user or administration impact.

Hi
We wish to introduce an Exchange 2013 server in our existing Exchange 2010 environment.
The Exchange 2013 server is only needed for migration purposes where we wish to leverage the new features of the migration-batch functionality.
It’s important that the Exchange 2013 server will not have any “visible” impact on the Exchange 2010 environment, or take over any functionality, right now, since the customer wish to stay on 2010.
Can you guys come up with anything to be aware of?
Oblivious we disable the Autodiscover SCP for the Exchange 2013 server, so that the clients will not hit this server. Nor will we point any URLs to the Exchange 2013
I can see that a new “Default Offline Address Book (Exch2013)” is created and set as default when EX2013 is installed. We will change this back to the default EX2010.
The server will properly take part in the Shadow Redundancy feature, and is doesn’t seem to be possible to exclude the server or avoid, unless disabling Shadow Reduncancy.
I can only come up with these 3 things that will have a "direct" impact on the environment, but any input will be highly appreciated!
BR,
Martin

Hi,
I agree with Li Zhen’s suggestion. If you don’t migrate from Exchange 2010 to Exchange 2013, we can disable add services in Exchange 2013 and don’t use it any more.
If you want that the Exchange 2013 server will not have any “visible” impact on the Exchange 2010 environment, or take over any functionality, please keep the published server to pointed to Exchange 2010. Then the original configuration in Exchange 2010
would not be changed to the new configuration in Exchange 2013.
If you want to use Exchange 2013, then we can point the published server to Exchange 2013 and configure the virtual directories in Exchange 2013. Though all mailboxes are still located in Exchange 2010, all external requests would be proxy or redirected
from CAS 2013 TO CAS 2010 automatically.
For more information about Client Connectivity in an Exchange 2013 Coexistence Environment, please refer to:
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Regards,
Winnie Liang
TechNet Community Support

I can not add a new certificate to my exchange 2013

Hi, I'm trying to create a certificate for my exchange 2013, I do everything correctly, gender certificate in place of my domain certifying entity, downloaded to the exchange server, I go to the window of certificates in the web interface of exchange 2013,
I click enable the certificate you had created earlier, open the wizard will introduce the route where is located the certificate and click finish me off the wizard window and delete from the list the certificate that had previously created, any suggestions
or ideas that may be happening ??? Greetings and thanks in advance.

Hi,
According to your description, I understand that there are some issues when install the certificate in EAC of Exchange 2013. How do you generate this certificate before you install it? Is it a self-signed certificate or third-party certificate?
Please run the following command to check your current certificate configuration:
Get-ExchangeCertificate | FL
If it is a third-party certificate but the installed certificate is not listed in the command result, we can try to install this certificate by using the following commands:
Import-exchangecertificate -path “C:\Certificates\GeneratedCert.pfx”
Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxx -Services POP,IMAP,IIS
If there is any error during the certificate importing, please share the error or events here for further analysis.
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013 don't unassign IIS Services from Certificate Self-Sign

Similar Messages

Maybe you are looking for