Outlook Authentication prompt after migrating from 2007/2013

Similar Messages

• Error in date prompt after migrating from 5.x to XI R2

  Hi,
  We have migrated from 5.x to XiR2  SP5 and are facing a problem with the date input parameter.
  Our users use DESKI , when they try to access thier reports  based on Stored Procedure,and the reports  having date prompt , they get an error.
  In 5.x they used to enter the date as DD MON YYYY , in XIR2 they enter it as MM/DD/YYYY but still we get the error
  "The variable is of type date enter its value in the format 9/17/2009 14:50:00 PM"
  The users tried this too but still the same error persists. The Oracle.prm and Oracle.sbo file on teh users machine is the same as that of the server.
  I am able to recreate this error after logging onto the server and opening DESKi there. This error is occuring only with Stored procedures that take date as input parameter
  has anybody faced this issue before, any resolutions for this
  Thanks in advance
  Shreekantha

  Hi,
  After analyzing this problem , what we found that no Stored Procedures that take user input are functioning, irrespective of teh datatype of the input prompt.
  For all SPs that take user input we get an error saying
  Connection or SQL sentence error: (DA0005)
  Exception: DBD, ORA-06550: line 1, column 7:
  PLS-00306: wrong number or types of arguments in call to 'PROCEDURE_TEST_WITHOUTDATE'
  ORA-06550: line 1, column 7:
  PL/SQL: Statement ignored
  State: N/A

• Migration from 2007-2013 - Installation of 2010 server?

  We have Exchange 2007 installed currently (SP3, latest UR). I installed Exchange 2013 in preparation for migration, started working on configuration. After doing some digging, we realized we don't have any licensing for 2013 (miscommunication). The obvious
  solution is to purchase licensing for 2013, but the cost is an issue.
  First questions: we do have licensing for 2010. Is there any way we can install Exchange 2010? Everything I'm reading says no, but would like confirmation. 2010 was never installed in the environment.
  Second question: If I cannot install 2010, can I install a second 2007 server after 2013 has been installed (newer OS)? Safely uninstall 2013?
  Thanks!

  Hi Wlentz,
  Thank you for your question.
  1. First question: We install Exchange 2010 in organization without no problem.
  We can refer to the following link to install Exchange 2010:
  http://technet.microsoft.com/en-us/library/bb124558(v=exchg.141)
  The following link is the coexistence of Exchange 2007 and Exchange 2010:
  http://technet.microsoft.com/en-us/magazine/jj542449.aspx
  2. Second question: we can safely uninstall Exchange 2013. we can install another Exchange 2007 after we uninstall Exchange 2013.
  We can refer to the following link to install Exchange 2007:
  http://technet.microsoft.com/en-us/library/bb124558(v=exchg.80).aspx
  If there are any questions regarding this issue, please be free to let me know.
  Best Regard,
  Jim

• POST MIGRATION - Project Site cannot be found after migration from 2007 to 2010

  Hi,
     I have done full  migration from Project Server 2007 to Project server 2010. All the databases have been restored. The details in the Project Center are coming correctly. But When I open the Project Site , I get error webpage cannot be
  found. 
  I have done the Bulk update but it is not updating the URL to 2010 URL. 
  Please help.
  Regards

  Use PowerShell to list all the sites in your PWA site collection.
  There are many examples online..  Here is a link that is useful
  http://blogs.msdn.com/b/vijay/archive/2009/10/01/how-to-list-all-the-sub-sites-and-the-site-collections-within-a-sharepoint-web-application-using-windows-powershell.aspx
  Cheers
  Michael Wharton, MVP, MBA, PMP, MCT, MCTS, MCSD, MCSE+I, MCDBA
  Website http://www.WhartonComputer.com
  Blog http://MyProjectExpert.com contains my field notes and SQL queries

• ActiveSync stops working after migrating from Exchange 2007 to Exchange 2013

  We have started the migration from Exchange 2007 to Exchange 2013. We've followed best practices and everything is working great except ActiveSync. I've performed Exchange migrations in the past so this is nothing new for me. I've also been referring to
  a great guide which has been a big help,
  http://www.msexchange.org/articles-tutorials/exchange-server-2013/migration-deployment/planning-and-migrating-small-organization-exchange-2007-2013-part1.html.
  Once a user is migrated from Exchange 2007 to 2013, ActiveSync stops working properly. Email can be pulled to the device (Nokia Lumia 625 running Windows Phone 8) by performing a manual sync. But DirectPush is not working. The strange part is it's not affecting
  everyone who's been migrated. Anyone who is still on Exchange 2007 is not affected.
  At first I thought it was our wildcard certificate. 99% of our users are running Outlook 2013 on Windows 7 or higher but we do have a few terminal servers still running Outlook 2010. Outlook 2010 was giving us certificate errors. I realized it was the wildcard
  certificate. Rather than making changes to the OutlookProvider I simply obtained a new SAN certificate. Although that resolved the issues for Outlook 2010 users, ActiveSync was still a problem.
  Rebooting the phones and removing the email account from the user's device and re-adding it didn't resolve the issue either.
  Then I performed an iisreset on the CAS server. This didn't help either. I didn't know it at the time, but I was getting closer...
  I tried using the cmdlet Test-ActiveSyncConnectivity but it gave me the following error:
  WARNING: Test user 'extest_0d9a45b025374' isn't accessible, so this cmdlet won't be able to test Client Access server
  connectivity.
  Could not find or sign in with user DOMAIN.com\extest_0d9a45b025374. If this task is being run without
  credentials, sign in as a Domain Administrator, and then run Scripts\new-TestCasConnectivityUser.ps1 to verify that
  the user exists on Mailbox server EX02.DOMAIN.COM
  I started reviewing how Exchange 2013 proxied information from the CAS to the mailbox server and realized the issue may in fact be on the mailbox server.
  I performed an iisreset on the mailbox server and all of a sudden ActiveSync started working again. Awesome!
  I can't explain why. The only thing I can assume is when some users were migrated from 2007 to 2013 something wasn't being triggered on the Exchange 2013 side. Resetting IIS resolved the issue. I guess I'll have to do an IIS reset after I perform a batch
  of migrations. Disabling ActiveSync and re-enabling it for the affected users didn't help - only the IISRESET resolved the issue.
  If anyone has any information as to why this happens, please chime in. Also, if anyone knows why I can't run the Test-ActiveSyncConnectivity cmdlet, I'd appreciate the help.
  Thanks.

  Hi,
  In Exchange 2013, the Public Folder is changed to Public Folder mailbox instead of Public Folder in Exchange 2007 database.
  Due to the changes in how public folders are stored, legacy Exchange mailboxes are unable to access the public folder hierarchy on Exchange 2013 servers. However, user mailboxes on Exchange 2013 servers or Exchange Online can connect to legacy
  public folders. Exchange 2013 public folders and legacy public folders can’t exist in your Exchange organization simultaneously. This effectively means that
  there’s no coexistence between versions.
  For this reason, it’s recommended that prior to migrating your public folders, you should
  first migrate your all legacy mailboxes to Exchange 2013. For more information about migrating public folder from previous versions, please refer to:
  http://technet.microsoft.com/en-us/library/jj150486(v=exchg.150).aspx
  (Please note the What do you need to know before you begin part in this link)
  Regards,
  Winnie Liang
  TechNet Community Support

• Can only access emails through OWA after migration from exchange 2007 to 2013

  can only access emails through OWA after migration from exchange 2007 to 2013, in other words unable to access mails through outlook or from other Applications services.
  needed RCA ... plz help..

  Hi,
  From your description, you can send and receive messages only when you use OWA after migration from Exchange 2007 to Exchange 2013. If I have misunderstood your concern, please let me know.
  In your case, I recommend you create a new test mailbox in your Exchange 2013 and check if you can send and receive messages on Outlook. If yes, it is recommended to create a new profile to solve this issue.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• After migration to Exchange 2013 the old outlook clients do not automatically reconfigure

  After migration to Exchange 2013 the old outlook clients do not automatically reconfigure
  we use outlook 2013

  Hi ,
  I hope you would be having exchange 2013 coexistence environment with exchange 2010 or 2007.
  Autodiscover is the feature which will make the outlook profiles to configure automatically.So please make sure the following things are in place.
  1.Autodiscover record on the internal dns need to be configured and it has to be resolved properly to the cas servers or else to the LB if you have.
  2.Please check the autodiscover internal url.
  get-clientaccessserver -identity "server name" | fl *internaluri*
  3.Make sure the name used for the autodisocver and internal outlook anywhere are available on the SAN certificate installed in exchange.Same time we need to enable the installed SAN certificate for the exchange services like iis,pop,imap,smtp.
  4.You need to have the autodicover name and internal outlook anywhere name on the internet explorer proxy exceptions when you have proxy servers available on your network for internet access.
  Note : moreover we need an additional information's from your side about your environment.
  Thanks & Regards S.Nithyanandham

• Resources and public folder database - migration from 2007 to 2013

  We migrated our resource mailboxes thru the move mailboxes in 2013 EAC but now we're at the point of decommissioning our 2007 servers.  Before the actual decommission we stopped all 2007 services and dismounted all 2007 databases.  Once we did
  this the resources would no longer work - errors pertaining to cannot directly book the resource.
  I had to bring up the public folder database for the moved resources to work again.  We do not use public folders any longer so we did not do any type of public folder migration.  Do I need to do this for the resources to work?

  Hi,
  Could you please tell me your Outlook version?
  I saw someone got the following error when he tried to book resource after migrating from Exchange 2007 to Exchange 2010, if Outlook version is Outlook 2007. But Outlook 2010 worked well.
  "Cannot directly book a resource for this meeting."
  Please switch between online and cached mode to check the result. And please check if this issue occurs in OWA.
  If possible, please use Outlook 2010 to check the result.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Some clients migrated from 2007 is presented with the self signed certificate in 2013

  I have migrated from 2007 to 2013. I did a couple of test migrations and on the ones with domain member computers Outlook is giving a certificate warning. The certificate they are presented with is the default self signed certificate on the 2013 server.
  Even though I have added a trusted public certificate to Exchange and checked of to use With IIS.
  I see that the default certificate is also checked of to use With IIS and it cant be removed in ECS. Shouldnt this be removed from IIS all together when adding a New certificate? And why does some Clients gets presented With the self signed and some With
  the Public? For instance owa is presented With the Public cert. Also and Outlook I tested from outside the domain.
  Regards

  Only the UCC certificate should be bound to IIS.
  Are any clients using POP or IMAP, which also use SMTP?  In this case clients can be presented with the "wrong" certificate as well.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Fab40 templates migration from 2007 to SP 2013

  We are working on migrating  SP 2007 sites to sp 2013 and in 2007 Fab40 templates are installed and we are getting issue in SP 2013 when doing visual upgrade because of site definitons.Will these templates get upgraded to SP 2013 ?

   SharePoint 2013 does not support for FAB 40 feature.
  Try these links: 
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/b3363e1d-ad1f-45cf-b1f0-1ddb40797876/40-fab-templates-migration-to-sharepoint-2013
  https://social.technet.microsoft.com/Forums/sharepoint/en-US/b920c152-8488-4d43-b609-a507c5730372/proper-upgrade-procedure-from-2007-2013-with-fab-40-templates
  [custom.development]

• After Migrating from Sharpoint 2010 to Sharepoint 2013 list filter options changed

  Hi All,
  After migrating from SP 2010 to SP2013 i found list View filter option is changed and filter is not working Pls help its really urgent.... you can check field 1 and field 2 in following screen shot.
  Prasad kambar

  Hi  ,
  According to your description, my understanding is that your list filter cannot work after Migrating from SharePoint 2010 to SharePoint 2013.
  For your issue, please check your log files for any issues. Also you can refer to the blogs for troubleshooting SharePoint 2013 migration:
   Firstly try running Test-SPContentDatabase on your source database for any issues -
  Test-SPContentDatabase - http://technet.microsoft.com/en-us/library/ff607941.aspx
  Troubleshoot site collection upgrade issues in SharePoint 2013 http://technet.microsoft.com/en-us/library/jj219648.aspx
  Verify database upgrades in SharePoint 2013 -http://technet.microsoft.com/en-us/library/cc424972.aspx
  And please have a look at your custom solution on your site.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Migration from 2007 and Archive Mailbox PST import question

  Our enterprise will be migrating from Exchange 2007 SP3 to Exchange 2013 CU3 very shortly. Exchange 2013 is set up and I am in coexistance mode currently. Everything is working fine with the legacy redirection, I have tested some mailbox migrations and they
  work fine. We currently use Mimosa Nearpoint as a third party email archive product.
  As part of this migration from 2007 to 2013, we plan on moving away from Mimosa Nearpoint and utilizing the Exchange 2013 Archive Mailbox feature. We will give each user an Archive Mailbox. We have the ability to export the users existing archive out of
  NearPoint to .PST files and then migrating them directly into the users Archive Mailbox using the "New-MailboxImportRequest -IsArchive" powershell commandlet. This has been tested and works fine with one very important exception.
  When I export from Nearpoint, I have to export the entire contents of the archive, I cannot set date ranges. So when I do an export, it also contains the contents of the user's mailbox. I have managed folder policies in place in the Exchange 2007 environment
  which delete all contents of the mailbox older than 60 days, but when I import the .PST to the archive, it imports ALL items into the Archive Mailbox. So I have 60 days worth duplication of items.
  It is my understanding that if I imported the Archive .PST directly into the users production mailbox in the 2013 side, that it would not import duplicate items. I am trying to find out if there is any process which will do the same thing with me importing
  directly into the users Archive Mailbox.
  Thanks you,

  Hi,
  We used a third patry email archive product to export to .pst files, so it is too hard to say that whether it cause this issue.
  However, I found a method to delete the duplicate items from our mailbox via MFCMAPI Tool.
  Please make sure that the Exchange Server mailbox has been backed up first.
  Details in the following KB:
  How to remove duplicate folders in Outlook when connected to an Exchange Server mailbox
  http://support.microsoft.com/kb/2509983
  I also found a script to remove duplicate items.
  This script will scan each folder of a given mailbox and removes duplicate items from those folders. You can specify how the items should be deleted and what items to process, e.g. mail items or appointments. Sample usage is after a misbehaving synchronization
  tool creates duplicate items or (accidental) import of PST file with duplicate items.
  *****Please also make a full back up first*****
  Removing Duplicate Items from a Mailbox
  http://gallery.technet.microsoft.com/office/Removing-Duplicate-Items-f706e1cc#content
  Disclaimer       
  The sample scripts are not supported under any Microsoft standard support program or service.
  The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose.
  The entire risk arising out of the use or performance of the sample scripts and documentation remains with you.
  In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss
  of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Copy to my calendar missing after migration Exchange 2010-2013

  Hi there,
  We have migrated our Exchangeserver from Exchange 2003 too 2010 and then too 2013.
  In Outlook 2007 (with Exchange 2003 and later 2010) we had a button in the 'New appointment window' called 'Copy to my Calander' When we made an appointment in a Public Calander.
  After migrating to Exchange 2013 the button is missing, but we're still using the Public folder (Calander).
  Is there a solution for this?

  Hi,
  I'm marking the reply as answer as there has been no update for a couple of days.
  If you come back to find it doesn't work for you, please reply to us and unmark the answer.
  Best Regards,
  Steve Fan
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click
  here

• Microsoft Exchange server and Mailbox box prompt after migration

  We are getting prompted to click OK when we open Outlook on the Microsoft Exchange server and Mailbox dialog box.
  We just migrated from 2007 exchange to 2013 exchange and the people with windows 7 seem to be able to access exchange through outlook 2010 without getting prompted.  Also people who are getting prompted are not able to access public folders and our
  XP.  Those using windows 7 can access public folders.

  Hi,
  From your description, I would like to clarify the following thing:
  Windows XP does not like msstd:*.domain and must use msstd:server.domain instead.
  So I recommend you set this by updating the CertificateName via EMS.
  1. If you use a wildcard certificate, please run the following cmdlet:
  Set-OutlookProvider EXPR –CertPrincipalName msstd:*.contoso.com
  2. If not please run the Set-OutlookProvider EXPR –CertPrincipalName msstd:$null cmdlet. Once done, repair Outlook profiles and check results.
  Besides, when there is a Windows XP user, we recommend SAN certificate not wildcard certificate.
  Hope my clarification is helpful.
  If there are any problems, please feel free to let me know.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support

• ZCC Login failed after Migration from 11.3.1 FRU1 to 11.3.2

  Hey,
  System: 6 Primary Server Sless 11 SP3
  LDAP: EDIR
  Primary: 11.3.2
  Sats: 11.3.1 FRU1
  After Migration from 11.3.1 FRU1 to 11.3.2
  i'll try to login in ZCC
  Message ZCC
  Error: Login Error: com.novell.zenworks.datamodel.exceptions.InternalD ataModelException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
  See the ZENworks Control Center log file (zcc.log) for the full stack trace.
  I tryed with default admin and see that the USERSource is not reachable.
  I take a look in the configuration / usersource and there is an Error like: Unable to read contexts. One or more of your connections don't support non-SSL.
  ZCC.log sayed
  [javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints] [] [com.novell.zenworks.datamodel.exceptions.InternalD ataModelException] [ZENServer]
  [DEBUG] [12/30/2014 09:54:02.417] [3547] [ZENServer] [72] [zenworks] [ZCC] [] [Form.java CSRF TOKEN:d1b804076c63e7393af1a72442ced4b5 for the PageId:authoritativeSourceDetails] [] [] [] [ZENServer]
  [DEBUG] [12/30/2014 09:54:03.144] [3547] [ZENServer] [85] [zenworks] [ZCC] [] [QuickTask build tasks called in createChildControls, normal flow before ajax] [] [] [] [ZENServer]
  [DEBUG] [12/30/2014 09:54:03.348] [3547] [ZENServer] [69] [zenworks] [ZCC] [] [com.novell.zenworks.datamodel.exceptions.InternalD ataModelException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
  at com.novell.zenworks.datamodel.services.Certificate ManagerImpl.getCertificates(CertificateManagerImpl .java:179)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. validateCertificateExpiry(LDAPUtil.java:1162)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:774)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:559)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:386)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:359)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:325)
  at com.novell.zenworks.datamodel.utils.ldap.LDAPUtil. getLDAPConnectionInfo(LDAPUtil.java:311)
  at com.novell.zenworks.core.web.internal.UserSourceSt atusAJAX.getImageData(UserSourceStatusAJAX.java:77 )
  at com.novell.web.ajax.ImageAJAX.service(ImageAJAX.ja va:38)
  at com.novell.web.ajax.AJAXDataHandler.service(AJAXDa taHandler.java:40)
  at com.novell.web.AjaxServlet.serviceImpl(AjaxServlet .java:100)
  at com.novell.web.AjaxServlet.service(AjaxServlet.jav a:74)
  at com.novell.zenworks.fw.web.internal.ZENworksAjaxSe rvlet.service(ZENworksAjaxServlet.java:47)
  at javax.servlet.http.HttpServlet.service(HttpServlet .java:727)
  at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:303)
  at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
  at com.patchlink.sapphire.web.pages.vulnerability.ses sion.HibernateSessionFilter.doFilter(HibernateSess ionFilter.java:75)
  at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:241)
  at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:208)
  at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:220)
  at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:122)
  at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:501)
  at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:171)
  at com.googlecode.psiprobe.Tomcat70AgentValve.invoke( Tomcat70AgentValve.java:39)
  at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:103)
  at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:116)
  at com.novell.zenworks.tomcat.ZENRequestValve.invoke( ZENRequestValve.java:1346)
  at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:408)
  at org.apache.coyote.http11.AbstractHttp11Processor.p rocess(AbstractHttp11Processor.java:1070)
  at org.apache.coyote.AbstractProtocol$AbstractConnect ionHandler.process(AbstractProtocol.java:611)
  at org.apache.tomcat.util.net.JIoEndpoint$SocketProce ssor.run(JIoEndpoint.java:316)
  at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1145)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:615)
  at org.apache.tomcat.util.threads.TaskThread$Wrapping Runnable.run(TaskThread.java:61)
  at java.lang.Thread.run(Thread.java:745)
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
  at sun.security.ssl.Alerts.getSSLException(Alerts.jav a:192)
  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl .java:1884)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.jav a:276)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.jav a:270)
  at sun.security.ssl.ClientHandshaker.serverCertificat e(ClientHandshaker.java:1439)
  at sun.security.ssl.ClientHandshaker.processMessage(C lientHandshaker.java:209)
  at sun.security.ssl.Handshaker.processLoop(Handshaker .java:878)
  at sun.security.ssl.Handshaker.process_record(Handsha ker.java:814)
  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocke tImpl.java:1016)
  at sun.security.ssl.SSLSocketImpl.performInitialHands hake(SSLSocketImpl.java:1312)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLS ocketImpl.java:1339)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLS ocketImpl.java:1323)
  at com.novell.zenworks.security.certificates.Certific ateUtility.getCertChain(CertificateUtility.java:12 1)
  at com.novell.zenworks.datamodel.services.Certificate ManagerImpl.getCertificates(CertificateManagerImpl .java:175)
  ... 35 more
  Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
  at sun.security.ssl.AbstractTrustManagerWrapper.check AlgorithmConstraints(SSLContextImpl.java:946)
  at sun.security.ssl.AbstractTrustManagerWrapper.check AdditionalTrust(SSLContextImpl.java:872)
  at sun.security.ssl.AbstractTrustManagerWrapper.check ServerTrusted(SSLContextImpl.java:814)
  at sun.security.ssl.ClientHandshaker.serverCertificat e(ClientHandshaker.java:1421)
  SR has been created.
  Any Tipps /Hints for me ?
  Thank You

  Originally Posted by robpet
  Should have said kind of the same problem...
  That was sort of my gut feelings so I checked our certificates beforehand and they are using certs with sha1 fingerprint. But we are not using SSL - our connections are made using port 389. And the communication status is green.
  But I cannot add SSL because it complains about "unable to obtain a valid certificate for SSL communication information. Please verify that the adress and port are correct and that the LDAP directory has been configured with a valid certificate.
  So I cannot understand why users cannot authenticate with zenagent.
  There's a TID about zcc login failures after 11.3 upgrade.
  https://www.novell.com/support/kb/doc.php?id=7014716
  We ran into the above.