Exchange on sbs03 server 'certificate failure'
Hi,
My exchange account can't get into my iphone.
I always get this error : 'unable to verify certificate'
I'm losing my patience now and really want to find the solution.
My exchange network is Exchange 2003 (small business server) with service pack 2 (version 6.5.7638.1)
I can login in Outlook Mobile Access on my iphone but i cant get it into my client.
When i click "next" when my iphone gives me the error , it also doesn't work. (some say it does)
Can someone give me the solution ?
Thx olivier
Hi Ivan,
It is really an odd issue. Working for a while, then crash.
According to your description, I found that we suspect it is a certificate issue.
If this issue really related to the certifcate mismatch or something additional, it shouldn't connect to Exchange server, even just for a while (As we
encountered).
I suggest double check our ECP VD configuration and Authentication method. Steps as below:
1. Please try to re-build ECP Virtual Directory, commands as below:
a. To remove current ECP VD:
Remove-EcpVirtualDirectory -Identity "Server01\ecp (default Web site)"
b. To check whether the Remove operation completed successfully:
Get-EcpVirtualDirectory -Server Server01
c. To create a new ECP VD:
New-EcpVirtualDirectory -Server SERVER01 -ExternalURL https://mail.contoso.com/ecp -InternalURL
https://mail.contoso.com/ecp
2. Please verify that the Microsoft Forms Based Authentication service is running on all Exchange servers.
a. To check:
Get-EcpVirtualDirectory -Server <server name> | fl *auth*
b. To enable:
Set-EcpVirtualDirectory -Identity "Server01\ecp (default Web site)" -FormsAuthentication
$true
3. Please also make sure the remote apps are all installing the trusted certificate.
4. Please also collect detailed App logs or error message in event viewer for the further troubleshooting.
Maybe I have not enough experiences, I am not sure whether the logs above that we provided is useful. Maybe others have different opinions.
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support
Similar Messages
-
Integrating Exchange 2013 & Lync Server 2013: can't use a certificate with Seth-AuthConfig
I'm trying to integrate Exchange and Lyn Server. One of the first steps is to bind a correct certificate to IIS on all of the CAS servers and set it as a main certificate in the global AuthConfig object. The certificate must be the same on all of the
CAS servers because the autodiscover.domain.local DNS record points to all of them, and Lync Server uses this FQDN to access Exchange servers. The thumbprint of this certificate must be specified in Set-AuthConfig command run on an Exchange server.
We have an internal enterprise CA. I generated a certificate on one of the CAS servers and bound it to all of the Exchange services. Then I exported it, imported it on the second CAS server and bound it to all of the services as well. Now Exchange correctly uses
it for OWA, for example, and IE gives no security warnings when I connect to OWA.
However, whenever I run Set-AuthConfig command on any server, it keeps telling me that
The certificate with thumbprint XXXX was found but is not valid for use with Exchange Server (reason: PrivateKeyNotAccessible).
The key IS accessible - I can export the certificate along with its private key. What's wrong?Here's the answer.
It seems that the -Server switch in the Set-AuthConfig command is only used to specify where you want to look for the certificate with the given thumbprint. However, it's impossible to predict which Exchange server will actually perform the operation
(the Server switch doesn't influence it a bit). It could be ANY server, even a mailbox one with no CAS role at all. And, of course, another Exchange server has no access to the certificate store of the CAS server where the certificate is actually stored. It
was exactly the case in my environment.
So in order to enable this certificate you must import it on ALL of your Exchange servers. You need't (and even shouldn't) enable it for any services on your mailbox servers if you don't want to, just import it. -
Mail for Exchange / Small Business Server
It appears that Nokia has overlooked a part of the market with its Mail for Exchange application. Apparently, M4E has difficulty communicating with Exchange if it is part of Small Business Server and a self signed certificate is used.
It would be a good idea if someone at Nokia reads this and cares to put it on a list of 'things we could do - to keep customers happy". Small Business Sever is Microsoft's Server product for up to 75 clients. That is a nice world wide market of small businesses that are known to adept quickly, unlike larger organizations.
This lack of "sweating the details" has caused me personally probably 20-30 hours, and judging from the the number of entries other people have also wasted lots of time.
In addition to the time wasted, we are now forced to purchased a commercial server certificate.
More details on the M4E/SBS issue can be found here: http://blogs.technet.com/sbs/archive/2006/12/07/using-a-nokia-device-to-sync-with-small-business-ser...Has this been corrected in 1.5.0? the realser notes state
"Support for Microsoft Small Business Server"
John32 -
Support for TLS 1.2 over Exchange 2013 on Server 2012?
Greetings,
We're trying to roll out TLS 1.2 in our test environment and can't seem to get Exchange to work with the protocol.
We've been using this method to enable TLS 1.2 (and disable the other protocols - TLS1.0, SSL2.0, SSL3.0, PCT1.0): http://www.adminhorror.com/2011/10/enable-tls-11-and-tls-12-on-windows_1853.html
We originally tried using Exchange 2010 on 2008 R2, but then I ran across this article saying that it is not supported: http://support.microsoft.com/kb/2709167/en-us
We've since tried to set it up with Exchange 2013 on Server 2012. Still no luck. The only time Exchange wants to work is when TLS1.0 is enabled.
I suspect that TLS1.1 and TLS 1.2 are also not supported on Exchange 2013, or that I'm changing the wrong registry keys, but I wanted to find confirmation. I've searched extensively and can't find any documentation leading me to believe one way or the other
if it's supported.
Any help or insight would be greatly appreciated. Thanks!
--Arichi All,
Even i have tried enabling TLS 1.2 on Exchange 2013 from registry. i followed the below article.
http://jackstromberg.com/2013/09/enabling-tls-1-2-on-iis-7-5-for-256-bit-cipher-strength/
When i check OWA in chrome and check the connection information it says "The connection uses TLS 1.2.
However when i run the below command to check for TLS 1.2 i get the following O/P.
Command: java -jar TestSSLServer.jar ns-ex13.gtestexchange.com 443
O/P:
Supported versions: SSLv3 TLSv1.0 TLSv1.1
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
SSLv3
RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
TLSv1.0
RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(TLSv1.1: idem)
Server certificate(s):
1979e6bdbd9b8e197d00c45534959eaba82b6f40: CN=ex10.gtestexchange.com, OU=Domain
Control Validated
Minimal encryption strength: strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)
BEAST status: vulnerable
CRIME status: protected
===================================================
It doesnt says anything about TLS 1.2.
Any suggestions from your side? -
Wired 802.1x EAP-TLS Server Certificate Problem
I have setup wired 802.1x authentication using EAP-TLS with ACS 3.3 and backend link to Active Directory. Root CA certificates are installed on the ACS and Client PC. Machine certificates and user certificates are also installed on Client PC. A Server certificate is installed on the ACS. All has been configured as detailed on the Cisco Web Site (numerous documents).
If I set the client to authenticate the Servers certificate I get a failure. The clients log (Cisco Secure Services Client) states:
11:48:53.088 Validating the server.
11:48:53.088 Server list is empty, trusted server can not be validated.
11:48:53.088 Server list is empty, trusted server can not be validated.
11:48:53.088 The server certificate is invalid, the common name ACS-One.rotherham.gov.uk does not match.
11:48:54.776 Port state transition to AC_PORT_STATE_UNAUTHENTICATED(AC_PORT_STATUS_ERR_SERVER_TLS_CERTIFICATE_REJECTED)
11:48:54.776 The authentication process has failed.
If I look at the Auth log on ACS (set to full logging) it states:
AUTH 08/27/2008 14:09:04 I 0701 1492 AuthenProcessResponse: process response for 'paul.kyte@domain' against Windows NT/2000
AUTH 08/27/2008 14:09:04 E 0350 1492 EAP: TLS: ProcessResponse: SSL handshake failed, status = 3 (SSL alert fatal:bad certificate)
If I configure the client to not check the servers certificate it all works ok.
Can anyone tell me why my server certificate is getting rejected?
Thanks,
PaulIf Cisco Secure ACS runs on a member server and any user is to be authenticated using EAP-TLS, you must complete additional configuration in Active Directory of the domain containing Cisco Secure ACS. The username that you configured to run all Cisco Secure ACS services must also have permission to read user properties in Active Directory, else EAP-TLS authentication fails.
-
Can't connect to Exchange 2007 SP2 server
When I try and set up a new Exchange account to our internal Exchange 2007 server I get the following error message:
"The Exchange Server '<server name>' doesn't have the minimum required version installed. To use Mail with Exchange, the server must be running Update Rollup 4 for Exchange Server 2007 Service Pack 1 or later. Contact your server administrator.'
in spite of Service Pack 2 being installed on the server.
Exchange Web Services are running as expected at the URL '/EWS/Exchange.asmx'.
If anyone has suggestion on how to diagnose the exact problem I would very much appreciate the assistance.
N.Hello,
I don't have any ideas yet but can chime in with "me too".
A customer has an Exchange 2003 SP2 server (MS Server 2003 for SBS). It has a self-signed SSL certificate that does not expire until June 2011.
One user has some species of Blackberry that can pick up his email (but not contacts or calendar) via OWA. I can see his accesses in the IIS log and they are coming from IP addresses resolving to (stuff).bise.na.blackberry.com and are not getting 404's.
Another user is trying to set up his new Blackberry via BIS. His accesses in the IIS log are coming from different IP addresses that resolve to (stuff).bis.ap.blackberry.com and these are getting 404's.
An ExpertsExchange.com article - http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Microsoft_IIS/Q_22806090.html - suggested putting the full email address into the OWA URL. This works fine in a browser but not in BIS. I still get the same error message from BIS and 404's in the IIS log. -
Profile Manager Enrollment - iOS - Server Certificate Invalid
I have been getting an error trying to enroll iOS devices into profile manager. My MacBook and iMac enroll just fine. However my iPhone and iPad do not.
When I enroll my MacBook Pro, I first log into https://(FQDN)/mydevices, select profiles, Install Trusted Profile. I then go back to devices, and click 'Enroll now'. When I check the Profiles section of System Preferences, I see that the 'Trusted Profile' has added two certificates refering to my server. I can only assume one matches the Self Signed I generated shortly after making my hostname public, and the other Apple Push generated for me.
However when I do this exact same process on my iPad/iPhone, when I attempt the 'Enroll Now' step, I get the error "The server certificate for "https://(FQDN)/devicesmanagement/api/device/ota_service" is invalid.
My searches for this issue have turned up issues close to this, but never exactly this, and the solutions don't seem to work for me. Here are some key points to note:
1. Tried demoting to standalone, re-promote to OD Master, then deleted all certificates, and regenerated all (including the Push cert from Apple)
2. Ran sudo changeip -checkhostname
3. DNS routes forward and reverse correctly in my local LAN
4. I had been getting "Remote Verification failed: (os/kern) failure" / "TEAVerifyCert() returned NULL" in my logs every 3 seconds until I did the steps listed in '1'
Looking forward to 10.7.1@hombre7777
Thanks for the info. That makes sence what you are telling me. Their instuctions are kind of bland and dont make sence as much as they should.
The only thing that scares me on this one is now we need to put a device in the dmz....
So now upgrading our xserv to 10.7 when it becomes stable would now be using the magic triangle, and trying to only have 1 to manage osx machines / and now ios devices. Edit our wiki's thats already in place, and have important databases on filemaker is now going to reside in the dmz....
So someone wasn't thinking on this one!!! haha
It looks like we will have to seperate things now, so ios devices are managed on their own machine in the dmz with now a hole leaked in the firewall for AD to authenticate so we can pull users down to associate profiles with them.
Our osx machine will then contain a seperate spot to manage osx devices bound to user accounts, as well as manage filemaker and wiki's that are in use already.
It would be nice if they had figured out a way to do this a little different so we wern't opening holes in the firewall.
The funny thing is I was able to get the ipad to bind and enroll the very first time when i was on a vpn tunnel from my house trying things out.
So I know you can do it, without having to go public, although the push service wasn't working properly and I was not able to bind osx and enroll. So i stared over.
Ill play around to see what I can figure out later. Thanks for the help. If you find out the port numbers please let me know as well! Im not able to move the box to an outside firewall right now. I have to much to do. I can probably do that next week. -
SSL VPN Failed to validate server certificate (cannot access https)
Hi all,
I have the next problem.
I've configured in an UC520 a SSL VPN.
I can access properly and I can see the labels, but I only can access urls which are http, not https:
I can access the default ip of the uc520 (192.168.1.10) but
When I try to get access to a secure url I get the msg: Failed to validate server certificate
I'm trying to access a Cisco Digital Media Manager, whose url is https://pc.sumkio.local:8080
Does the certificate of both hardware has to be the same?
How can I add a https?
Here is the config of the router:
webvpn gateway SDM_WEBVPN_GATEWAY_1
ip address 192.168.1.254 port 443
ssl trustpoint TP-self-signed-2977472073
inservice
webvpn context SDM_WEBVPN_CONTEXT_1
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
url-list "Intranet"
heading "Corporate Intranet"
url-text "DMM Sumkio" url-value "http://pc.sumkio.local:8080"
url-text "Impresora" url-value "http://192.168.10.100"
url-text "DMM" url-value "https://pc.sumkio.local:8443"
url-text "DMM 1" url-value "http://192.168.10.10:8080"
url-text "UC520" url-value "http://192.168.10.1"
policy group SDM_WEBVPN_POLICY_1
url-list "Intranet"
mask-urls
svc dns-server primary 192.168.10.250
svc dns-server secondary 8.8.8.8
default-group-policy SDM_WEBVPN_POLICY_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway SDM_WEBVPN_GATEWAY_1
max-users 10
inservice
Any help would be apreciatted.
Thank youHi, thanks for your advise.
I'm trying to copy the certificate via cut and paste, but I'm getting a
% Error in saving certificate: status = FAIL
I dont know if I'm doing this right.
I open the https page from the DMM with Mozilla Firefox, and in options I export the certificate in PEM format.
I get a file which if I open with notepad is like
-----BEGIN CERTIFICATE-----
MIICOzCCAaSgAwIBAgIET7EwyzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJV
KoZIhvcNAQEFBQADgYEAdk7n+tJi0igrTD2o7RD9ty8MLTyHN4uk8km+7DbpEy0g
mxLY0UZswYvbj15kPdd8QbeGEdDR6SXOYePsfIRJzL0mqMON4oiUhsqAK5y2yC6R
nqy4wWQ2fGVEYAeLpb1jGKdZWpuag/CO90NMHcMiobfBh+4eTqm7kRPTEyma6V0=
-----END CERTIFICATE-----
If I try to authenticate the trustpoint, I get that error.
how can I export the certificate from the DMM?
I think that this file is not the right file.
and then, do I have to make some changes in
webvpn gateway SDM_WEBVPN_GATEWAY_1?
Should I choose the new trustpoint?
I understand that the old trustpoint is for the outside connection, no for the LAN connection.
Dont worry about me, answer when you can but I really need to fix this.
Thank you so much -
AnyConnect 3.1 - removing Security Warning: Untrusted VPN Server Certificate!
Hi guys,
Is there a way to disable the warning generated from using self signed certs?
I would like to make the process as seamless as possible.
AnyConnect 3.1
ASA 8.4(2)
Thanks.Hi,
We had problem with the above error message with our certificate when we moved to AnyConnect 3.1
We were instructed to request a new one
Also here is the link to Cisco site we were provided that explains the changes in 3.1
IPSec and SSL connections require server certificates to contain Key Usage attributes of Digital Signature and Key Encipherment, as well as an Enhanced Key Usage attribute of Server Authentication or IKE Intermediate. Note that IPSec server certificates not containing a Key Usage are considered invalid for all Key Usages, and similarly an IPSec server certificate not containing an Enhanced Key Usage is considered invalid for all Enhanced Key Usages.
Link to document
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp1049936
Sadly I dont dable with certificates myself so I'm not really familiar with this.
- Jouni -
How to add a certificate to IIS global "Server Certificates" list using PowerShell?
Hi, been surfing the web for an example on how to add a certificate to the "global" IIS "Server Certificates" list using PowerShell but to no luck. I already have code in place on how to tie / associate a specific website with a specific cert but not how
to add the new .cer file using the "Complete Certificate Request..." wizard using PowerShell.... I dont expect the final code to become published but if someone had an idea on howto integrate / get an entry point on where to interact between the "Server Certificate"
list in IIS and POSH I would be super happy! :|
I am runnign IIS on a Windows 2008R2 x64 Standard Edition if that helps..... of course, I would saddle for an CLI if there is no other way, but POSH is of course the way to go! :)
Thanks for the help in advance guys, take care!
br4tt3Hi and thanks for the suggestions!
Although it comes close, the suggested code example points on howto import / incorporate .pfx files - I am getting fed by .cer files which I need to add into the IIS console using POSH.
I tried explore the IIS.CertObj object but was not able to work out if this one could be used for importing / adding .cer files into IIS! However, launching the following command from a POSH console with Import-Module Webadministration already
loaded into that shell;
$certMgr = New-Object -ComObject IIS.CertObj returns the following error message:
New-Object : Cannot load COM type IIS.CertObj
From an IIS perspective I have the following components installed;
[X] Web Server (IIS) Web-Server
[X] Web Server Web-WebServer
[ ] Common HTTP Features Web-Common-Http
[ ] Static Content Web-Static-Content
[ ] Default Document Web-Default-Doc
[ ] Directory Browsing Web-Dir-Browsing
[ ] HTTP Errors Web-Http-Errors
[ ] HTTP Redirection Web-Http-Redirect
[ ] WebDAV Publishing Web-DAV-Publishing
[X] Application Development Web-App-Dev
[ ] ASP.NET
Web-Asp-Net
[X] .NET Extensibility Web-Net-Ext
[ ] ASP
Web-ASP
[ ] CGI
Web-CGI
[ ] ISAPI Extensions Web-ISAPI-Ext
[ ] ISAPI Filters Web-ISAPI-Filter
[ ] Server Side Includes Web-Includes
[ ] Health and Diagnostics Web-Health
[ ] HTTP Logging Web-Http-Logging
[ ] Logging Tools Web-Log-Libraries
[ ] Request Monitor Web-Request-Monitor
[ ] Tracing
Web-Http-Tracing
[ ] Custom Logging Web-Custom-Logging
[ ] ODBC Logging Web-ODBC-Logging
[X] Security
Web-Security
[ ] Basic Authentication Web-Basic-Auth
[ ] Windows Authentication Web-Windows-Auth
[ ] Digest Authentication Web-Digest-Auth
[ ] Client Certificate Mapping Authentic... Web-Client-Auth
[ ] IIS Client Certificate Mapping Authe... Web-Cert-Auth
[ ] URL Authorization Web-Url-Auth
[X] Request Filtering Web-Filtering
[ ] IP and Domain Restrictions Web-IP-Security
[ ] Performance Web-Performance
[ ] Static Content Compression Web-Stat-Compression
[ ] Dynamic Content Compression Web-Dyn-Compression
[X] Management Tools Web-Mgmt-Tools
[X] IIS Management Console Web-Mgmt-Console
[X] IIS Management Scripts and Tools Web-Scripting-Tools
[ ] Management Service Web-Mgmt-Service
[ ] IIS 6 Management Compatibility Web-Mgmt-Compat
[ ] IIS 6 Metabase Compatibility Web-Metabase
[ ] IIS 6 WMI Compatibility Web-WMI
[ ] IIS 6 Scripting Tools Web-Lgcy-Scripting
[ ] IIS 6 Management Console Web-Lgcy-Mgmt-Console
[X] FTP Server Web-Ftp-Server
[X] FTP Service Web-Ftp-Service
[X] FTP Extensibility Web-Ftp-Ext
[ ] IIS Hostable Web Core Web-WHC
More or less the one thing that I am trying to get up and running is an automated FTPS solution - I just use the IIS console to be able to troubleshoot / compare how things scripted from POSH interacts in the MMC representation. The error I am getting
might be that I am lacking some IIS components to be in place to be able to automate some parts of the IIS - as suggested by the IIS.CertObj object listed in the example..... I will get back if I can track down which component needs to be added to be
able to reference the IIS.CertObj object.
Br4tt3 signing out...
br4tt3 -
How can I make Firefox trust a Server Certificate by Default?
I'm trying to distribute Firefox via Empirum. All settings are made using the CCK-Wizard Addon.
When I import our Certificates in CCK-Wizard, I can make trust-settings for CA's, but not for Server Certificates, and so the SC isn't trusted by default.
Is there any way to make the trust Settings for SC's in the install package, maybe through an option in about:config (didn't find any, but maybe somebody knows more than google :P )?
I tried to do it like PRF_1 suggested here https://support.mozilla.org/de/questions/687296#answer-112220 but in the last step I got an Error 1: C compiler cannot create executables.
Regards,
BowserHello,
'''Try Firefox Safe Mode''' to see if the problem goes away. Safe Mode is a troubleshooting mode, which disables most add-ons.
''(If you're not using it, switch to the Default theme.)''
* On Windows you can open Firefox 4.0+ in Safe Mode by holding the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
* On Mac you can open Firefox 4.0+ in Safe Mode by holding the '''option''' key while starting Firefox.
* On Linux you can open Firefox 4.0+ in Safe Mode by quitting Firefox and then going to your Terminal and running: firefox -safe-mode (you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
* Or open the Help menu and click on the '''Restart with Add-ons Disabled...''' menu item while Firefox is running.
[[Image:FirefoxSafeMode|width=520]]
''Once you get the pop-up, just select "'Start in Safe Mode"''
[[Image:Safe Mode Fx 15 - Win]]
'''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshooting extensions and themes]] article for that.
''To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
''When you figure out what's causing your issues, please let us know. It might help other users who have the same problem.''
Thank you. -
Getting Error while installing Exchange 2013 on server 2012
Error During Exchange 2013 Mailbox Transport
Role Install On Server 2012
Exchange
Server forums
>
Exchange
Server 2013 - Setup, Deployment, Updates, and Migration
Question
1
Sign
in to vote
I was installing Exchange 2013 on Server 2012. The server is not a DC, but is a member of a domain with a 2008 R2 functional level, and I was logged in as a domain admin. There has never been an Exchange instance on this domain. I got past
the prerequisite checks, and the installer showed 15 steps, so I walked away. When I came back, I saw this:
Step 8 of 15: Mailbox role: Transport service
Error:
The following error was generated when "$error.Clear();
$maxWait = New-TimeSpan -Minutes 8
$timeout = Get-Date;
$timeout = $timeout.Add($maxWait);
$currTime = Get-Date;
$successfullySetConfigDC = $false;
while($currTime -le $timeout)
$setSharedCDCErrors = @();
try
Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
$successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
if($successfullySetConfigDC)
break;
Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
catch
Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
Start-Sleep -Seconds 30;
$currTime = Get-Date;
if( -not $successfullySetConfigDC)
Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
" was run: "Unable to set shared config DC.".Hi Deepak,
From the error description, I would like to clarify the following things:
1. Please ensure that IPv6 on the network adaptor is turned on.
2. Please check if the account that you used to install Exchange has necessary permissions to perform the installation.
3. Make sure that DNS is configured correctly.
Hope my clarification is helpful.
If there are any problems, please feel free to let me know.
Best regards,
Amy
Amy Wang
TechNet Community Support -
Error: Untrusted Server Certificate
When i click on Query Interfaces (IPS Manager: Configuration > Settings > Interfaces) i get the following error:
An error occurred trying to get the interface information. An error occurred while trying to determine the sensor version. Detail = Error occurred while communicating with 172.17.xx.xx: java.security.cert.CertificateException: Untrusted Server Certificate Chain
Any suggestion?
Thank you,That is a pretty strange message. Have you had a chance to reach out to Windows Live?
TamaraH_VZW
Follow us on Twitter @VZWSupport -
Untrusted Server Certificate Chain error
I am trying to use a certificate (digital signature) on the client, when accessing a Webservice. This fails with the following error :
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain
My code is :
KeyStore ks = null;
String strURL = "https://myserver.com/myurl/lookup.asmx";
SSLSocketFactory sslSocketFactory = null;
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
// Load certificate dynamically
SSLContext sslContext = SSLContext.getInstance("SSLv3");
TrustManagerFactory trustMgtFactory = TrustManagerFactory.getInstance("SunX509");
CertificateFactory cert = CertificateFactory.getInstance("X.509");
FileInputStream lo_fileinputstream = null;
lo_fileinputstream = new FileInputStream("c:\\temp\\digital.cer");
X509Certificate servercacert = (X509Certificate)cert.generateCertificate(lo_fileinputstream);
lo_fileinputstream.close();
String s1 = servercacert.getSerialNumber().toString();
if(ks == null)
ks = KeyStore.getInstance("JKS");
ks.load(null, null);
ks.setCertificateEntry(s1, servercacert);
trustMgtFactory.init(ks);
sslContext.init(null, trustMgtFactory.getTrustManagers(), null);
sslSocketFactory = sslContext.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
// Call webservice
URL cascadeURL = new URL(strURL);
HttpsURLConnection conn = (HttpsURLConnection) cascadeURL.openConnection();
String inputline=null;
if (conn instanceof HttpsURLConnection) {
conn.connect();
BufferedReader in = new BufferedReader(
new InputStreamReader(
conn.getInputStream()));
while ((inputline = in.readLine()) != null) {
System.out.println(inputline);
in.close();
Please help - I am on a very tight deadline (as usual).Found the problem. I simply needed to add another certificate.
-
Untrusted VPN Server Certificate
We just upgraded our AnyConnect to Ver 3.1.01065 and we are using a self signed cert with it. We haven't had any issues with the before but now when ever a customer logs on to the VPN using AnyConnect we get " Security warning: Untrusted VPN Server Certificate!" and it says that AnyConnect cannot verify the VPN server.
Then i can connect anyways or cancel.
Because this is my server and i trust the cert i am fine just clicking Connect anyways. My customers freak out a bit when they see this, I know this has to be a simple fix but i can't figure out how to get my local boxes to trust the cert. Has anyone run in to this with Ver 3.1.01065 and how did you fix it?
Thanks,
JeremyCisco is really trying to make people stop using self-signed certificates with AC 3.1. You have to either use a trusted root CA (either private or public) or turn off the certificate checking altogether.
Maybe you are looking for
-
Hi all, I use Bi publisher version (11.1.6 ) First Question : What is the best template type for making operational reports not statistical report ( RTF template or PDF template or others ) ? -- Second Question : when i try to make report template us
-
Hello, I would like to customize the services. So that I can have a look into the WBS element in PS called via service in cProjects. I already have a client on the system where this works. But somehow I cannot get it done with another client on the s
-
resepected Sir / Madam I am a member of OTN for last 4 years and I would like to print the LOGO of OTN on my Letterhead. I am also a Oracle Certified DBA which allows me to use the respective logo on my Visiting Cards, or the letterhead. I would like
-
HD 1080i 29.97 is missing in AME
HD 1080i 29.97, H.264, ACC 48 KHZ optional is not in the list in my AME CS5.5. I tried to download the new update from Adobe website to my AME but no luck, it didn't add HD 1080i 29.97 there. I need to convert AVI file to Quicktime file with HD 1080i
-
What driver to use for an ATI Radeon HD 3200?
Hello. I've been trying to get this damn ATI card to work but can't seem to figure it out. I've tried the 8.8 drivers in the core repository -and- the 8.11 drivers in the testing repository and neither work. Is there a stable driver that I can use