Renew SSL Certificate for for two Exchange 2010 Server and the new rules.
I find DigitCert's website always helpful with cert questions.They've got a pretty helpful page here: https://www.digicert.com/internal-names.htmIt looks like they've got a tool for Exchange, but I've not used it myself, so can't say if it works or how well: https://www.digicert.com/internal-domain-name-tool.htmI bet Microsoft have something on their website too that helps with this sort of question.I'd say you register a completely new domain and use that for public facing and internal servers. Or you could just create a sub domain of an existing one, i.e. subdomain.mydomain.com and use that, i.e. public_exchange.subdomain.mydomain.com and internal_exchange.subdomain.mydomain.com.
Hi there ,
My exchange 2010 Server Certificate is about to expire and i am going to renew it but according to the new rules for SSL Certificate Issuing we can not include our Local Servers Names and Local FQDN such as myserver.contoso.local, my issue is that i have 2 exchange servers one is internet-facing Server (where the certificate is initiated and installed) and one is non-internet-facing Exchange server.
if i am going to renew my certificate with public only name, I have to create a split Domain that reflects my external links to the internal Users, what shall i do for the non-internet-facing server? do i need to create another record in my split DNS Server and add it to my Certificate Request ?
This topic first appeared in the Spiceworks Community
Similar Messages
-
ACS Not installing renewed SSL Certificate for PEAP/EAP-TLS?
We recently renewed our SSL certificate through RapidSSL. While attempting to install the new certificate into ACS, I was given the prompt to showing the updated dates, confirmed and installed the new certificate, deleting the old. I restarted ACS, as required, but when trying to enable PEAP or EAP-TLS, I am getting the error "Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed."
The worst part, is that I when I tried to reinstall the old certificate, I am now getting the same problem.
Any suggestions?Matt,
How did you perform the CSR.... did you use ACS or OpenSSL? Also, did you verify that the certificate is in the trusted personal folder on the server?
Scott -
I have two Macs: an MBA and the new iMac. Is there a way to have iTunes and all the content in it identical on both machines?
Yes you can copy the content to your new machine and use Home Sharing to keep the content identical
Connect the two machines via an ethernet cable it is 3 times faster than Wifi. Turn wifi off on one machine to enforce ethernet connection
In System Preferences, Sharing turn on File Sharing
Then
Copy the music/itunes folder from the Macbook pro to the music/ folder on the imac
Both machines should now have the same library
Disconnect H the ethernet cable
Set up Home Sharing and under Settings at the bottom of the Home Sharing page. Select to transfer new purchases.
Do the same on the other machine.
Then when you r machines are connected by wifi and each time you start itunes it will transfer your new purchases
Setting up home sharing -
We are migrating from Exchange 2010 to Exchange 2013. We have installed the Exchange 2013 but it only has a couple of mailboxes on this server, all the mailboxes are still on the Exchange 2010 server.
I have run a Windows Backup of the Exchange 2013 but I am still seeing a ton a log files in the mailbox folder.
Also the database file is only about 1.1 GB but the backup is now 40 GB.
Is there something that can be done to truncate these logs and make the backup smaller?Hi ,
1.Does the full backup completed successfully ?
2.what about the status for the below mentioned command ? Does the mailbox database headers updated with the latest time and date ?
Get-MailboxDatabase -Status | ft name,*full* -au
3.Just check the application event logs for the event id
2046 and that should state that the log truncation for the mailbox databases has been initiated or not.
4.Before initiating the backup just make the exchange writer is not on error.
vssadmin list writers
In case if it on error state ,please restart the Microsoft exchange replication service and check the exchange writers status again by using the above mentioned command.
Thanks & Regards S.Nithyanandham -
Exchange 2010 server and anonymous spam
Force all users to change their passwords.
Ensure you do not have a open relay internally and externally as well.
Enable logs in your router to check for traffic on port 25.Hi Guys, i've been having this issue for some time now.
The queue viewer in exchange keeps filling up to 100+ emails which were unable to send
-The from address is always
-the source is always local
ip is always 255.255.255.255
-subject is "automatic reply:
I've Checked the server for viruses
-Disabled Delivery reports(non deliver report spam attack)
at this point i'm starting to suspect someone on the network may have a rootkit or some spammer may have gotten a hold of a password of a user.
anyone else have this issue?
whats the best way to approach this?
This topic first appeared in the Spiceworks Community -
Trying to reach a URL like this: http://myserver123:1009/home.aspx
I've already disabled the firefox adding the "www" and ".com" to the URL which was definitely an issue originally, but it still does not resolve properly.
The error page says:
"Server not found. Firefox cannot find the server at myserver123"
It seems Firefox is stopping at the colon character in the URL, thus not resolving to the page.
Any ideas on how to fix?Hi LI_NY_1
On my Nexus 6, running Lollipop and FF 37.0.1 I have no problem reaching urls like:
http://rt-mba11:8080/index.html
Are you sure you have your webserver for myserver123 configured correctly?
If you could give me the URL of your webserver I can try to see if I can reproduce this problem; my guess is this is a webserver config issue and not a Firefox for Android issue but of course I could be wrong!
Cheers!
...Roland -
Remove inaccessible/inactive exchange 2010 server
I had a second exchange 2010 server with a DAG setup between the primary production exchange 2010 server and the secondary one which was at our DR site. I did a DR test and ended up having to break the DAG and mount the DB manually for the DR test. AS a
result this second exchange server has been switched off and I have removed the DAG from the production side and all is ok with that. I am planning to move to a netapp exchange replication solution instead of dag for DR. As the DAG does not work well as a
DR solution.
The only problem that remains is that I still have the old server listed under servers and there is a public folder database that is still listed from the second server. Is there a way to remove this inasscible server from exchange without doing it through
ASDIedit? There is no way that i can turn this second server on again.Your first option is to uninstall normally as commented by Ed.
If no way you can uninstall (in a documented way), then you can go with the final option of cleaning up from active directory. But take a backup of the active directory system state before doing this to be safe.
http://social.technet.microsoft.com/Forums/exchange/en-US/1c638bdd-67ba-44dd-996d-882be5fe5b09/remove-failed-exchange-2010-servers-that-are-no-longer-accessible?forum=exchange2010
http://windowsitpro.com/exchange-server/how-uninstall-stubborn-exchange-server
Thanks, MAS
Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Exchange 2010, UCC SSL, and the "new" CA/BROWSER Forum not issuing for .local
I don't know how many people have run into this yet, but the CA/BROSWER Forum, the "standards" authority for SSL issuing, has mandated that CA's can no longer issue a certificate using a FQDN "intranet" name for new or renewal SSL certificates effective
Nov 1, 2012. i.e. the Microsoft standard of mydomain.local will no longer be accepted as a SAN on a UCC for Exchange 2010. I've looked thru the KBs and Social forums, but haven't really found any guidance on how to solve this. I'm presuming
that the certs will have to be split and the "external" domain name of server.mydomain.net will just become a single server SSL, and the internal name of server.mydomain.local will become a Self-Signed certificate. With the increasing prevalence of OA
and ActiveSync devices, is there any baseline guidance yet on how to make this happen without completely fouling up production servers and killing access to the user community?On the same topic, though likely different environment...
Against recommended deployment, I have a number of clients running all their services on one box. Windows Server 2008, Active Directoy, DNS, Exchange 2010 ...and so on. These servers all have .local addresses, which means of course that the SAN
certificates have .local addresses as one of the SANs.
I've read alot online about this issue, and am trying to find the most cost effective solution to switch numerous production servers running this configuration.
The best solution I've come up with so far is...
1. Virtual AD with new external domain, 2. Migrate Exchange CAS to this domain, 3. Reconfigure network through the box.
Obviously these steps will contain alot more details, but this is just the outline atm. At best, I see me having to take a second box with me to each location to perform these steps, and I can't see it happening without disruption to the work flow
of employees.
Thankfully, all of these businesses are relatively smal...under 25 employees. Still, I'd like to find the smoothest transition solution possible.
Any suggestions would be greatly appreciated!
Regards -
Unable to uninstall last Exchange 2010 server
Hi,
I am unable to uninstall last Exchange 2010 server from the organization.
I get error message:
Summary: 3 item(s). 2 succeeded, 1 failed.
Elapsed time: 00:00:19
Configuring Prerequisites
Completed
Elapsed Time: 00:00:00
Mailbox Role Prerequisites
Failed
Error:
Uninstall cannot continue. Database 'Mailbox Database 2105185066': This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox
-Database <Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a list of all
arbitration mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID>. To disable
an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -Archive. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the
last server in the organization, run the command Disable-Mailbox <Mailbox ID> -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan
<MailboxPlan ID> -Database <Database ID>.
Click here for help...
http://go.microsoft.com/fwlink/?linkid=30939&l=en&v=ExBPA.14&id=4a96fd69-9cec-4a48-9571-5c9e8ab3cfe9
Elapsed Time: 00:00:15
Organization Prerequisites
Completed
Elapsed Time: 00:00:03
I have deleted all the mailboxes, distribution groups, contacts, etc. but I am still unable to uninstall one database. When trying to delete the last database I get following error message:
The mailbox database 'Mailbox Database 2105185066' cannot be deleted.
Mailbox Database 2105185066
Failed
Error:
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database <Database ID>. To get a list of all mailbox plans
in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox
-Database <Database ID> -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database, run the
command Disable-Mailbox <Mailbox ID> -Archive. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the last server in the organization, run the command Disable-Mailbox <Mailbox
ID> -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan <MailboxPlan ID> -Database <Database ID>.
If I run command "Get-Mailbox -Database "Mailbox Database 2105185066" -Arbitration | ft -Wrap -Auto", I get following result:
Name
Alias
ServerName Prohibit Send Quota
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} ex01 unlimited
FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 ex01 1 MB (1,048,576bytes)
I suspect it is because of these "maiboxes" why I am unable to delete the database.
If I run command "Disable-Mailbox SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} -Arbitration -DisableLastArbitrationMailboxAllowed ", I get following error message:
A positional parameter cannot be found that accepts argument 'e0dc1c29-89c3-4034-b678-e6c29d823ed9'.
+ CategoryInfo : InvalidArgument: (:) [Disable-Mailbox], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Disable-Mailbox
Do you have any ideas how to delete the last database and uninstall the last Exchange 2010 server properly from the organization?
Best regards,
Toni
www.triuvare.fiHi,
I agree with Martina. This should be solved somehow without need to use ADSI Edit.
Martina, I did run the command you suggested (Get-mailbox -arbitration | disable-mailbox -DisableLastArbitrationMailboxAllowed), but unfortunately here is the result:
The operation couldn't be performed because object 'Company.local/Users/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}' couldn't be found on 'DC.Company.local'.
+ CategoryInfo : InvalidData: (Company.local/U...8-e6c29d823ed9}:MailboxIdParameter) [Disable-Mailbox], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 63BA19E1,Microsoft.Exchange.Management.RecipientTasks.DisableMailbox
The operation couldn't be performed because object 'Company.local/Users/FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042' couldn't be found on 'DC.Company.local'.
+ CategoryInfo : InvalidData: (Company.local/U...bf-00a95fa1e042:MailboxIdParameter) [Disable-Mailbox], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 4002E2C8,Microsoft.Exchange.Management.RecipientTasks.DisableMailbox
Connection between the Exchange server and the Domain Controller (DC.Company.local) is working.
Best regards,
Toni
www.triuvare.fi -
Adding a second Exchange 2010 Server to an exsisting site.
We have a working server and I want to load a second Exchange 2010 server and migrate all roles and users to the new server. What if anything do I need to watch when doing this. This first step I want to do is move all users to the new server because we
are running out of space on the old server, and then I will move roles to the new server. then shut the old server down. Again just looking for some good directions to do this.
Thanks,
DanHi,
I agree with DareDevil57. We can add a new Exchange 2010 server and migrate from the old Exchange 2010 to the new Exchange 2010 server. Make sure the new Exchange server works well, then we can decommission the old Exchange 2010 server.
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
How we can get SSL certificate for any site?
i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.
Hi,
Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
Based on your description, I’m a little confused with your question. Did you mean that want to know why need
SSL certificate for website?
Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
and your server.
An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
Managing Certificates
SSL and Certificates
Understanding Self-Issued
Certificates in SBS 2003 & SBS 2008
Installing a GoDaddy Standard
SSL Certificate on SBS 2008
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If anything I misunderstand or any update, please don’t hesitate to let me know.
Hope this helps.
Best regards,
Justin Gu -
Looking for help to update the certificate for my Exchange Email Account...
I'm trying to update the certificate for my Exchange Email Account...Dell had me delete the account, install the new certificate on my phone, and set up the email again...But it still won't work and acts like it can't find/use the new cert. Any suggestions besides a hard resest of the phone?
That's a great question, LSchmitz!
Is the e-mail account on your cell phone? Which device? If its on your phone, an Exchange e-mail, may need to be provisioned/ set up by your employer/ IT department.
VanessaS_VZW
Follow us on Twitter @VZWSupport
If my response answered your question please click the "Correct Answer" button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!! -
Is it possible to use single ssl certificate for multiple server farm with different FQDN?
Hi
We generated the CSR request for versign secure site pro certificate
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
SSL Certificate for cn=abc.com considering abc.com as our major domain. now we have servers in this domain like www.abc.com, a.abc.com , b.abc.com etc. we installed the verisign certificate and configured ACE-20 accordingly for ssl-proxy and we will use same certificate gerated for abc.com for all servers like www.abc.com , a.abc.com , b.abc.com etc. Now when we are trying to access https//www..abc.com or https://a.abc.com through mozilla , we are able to access the service but we are getting this message in certfucate status " you are connected to abc.com which is run by unknown "
And the same message when trying to access https://www.abc.com from Google Chrome.
"This is probably not the site you are looking for! You attempted to reach www.abc.com, but instead you actually reached a server identifying itself as abc.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of adgate.kfu.edu.sa. You should not proceed"
so i know as this certficate is for cn=abc.com that is why we are getting such errors/status in ssl certficate.
Now my question is
1. Is is possible to remove above errors doing some ssl configuration on ACE?
2. OR we have to go for VerisgnWildcard Secure Site Pro Certificate for CSR generated uisng cn =abc.com to be installed on ACE and will be used for all servers like www.abc.com , a.abc.com etc..
Thanks
WaliullahIf you want to use the same VIP and port number for multiple FQDNs, then you will need to get a wildcard certificate. Currently, if you enter www.abc.com in your browser, that is what the browser expects to see in the certificate. And right now it won't beause your certificate is for abc.com. You need a wildcard cert that will be for something like *.abc.com.
Hope this helps,
Sean -
Hello,
Please advice, i have an Exchange 2010 server with 2 DAG servers - DAG1 and DAG2 - backup with 2 DPM servers, one for DAG1 and one for DAG2 is it possible ?Hi,
I confirmed with Exchange support team that DAGs could be backed up separately.
Meanwhile backup database is important if you need to recover both Exchange server settings and database. See:
Recover a database availability group member server
http://technet.microsoft.com/en-us/library/dd638206.aspx
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
RV120W SSL Certificate for Client
Hello,
When I try to export an SSL Certificate for a Client I get a htps.CSR file instead of the .PEM file. So, I can't update the client computer with the correct certificate.
Firmware:
1.0.2.6
Help?Hello Sir, My name is Eric Moyers. I also responded to your other thread.
I am pulling one of these out of our storage room and looking at the procedure. Will update you when I have something.
Thanks
Eric Moyers
Cisco Network Support Engineer
SBSC WIreless and Surveillance SME
CCNA, CCNA-Wireless
1-866-606-1866
Maybe you are looking for
-
Send output through email to multipul Recipients
We are using the output type external send. But the standard PO process will send email to only 1 recipient. The email will be taken from the customer master where email is flagged as Standard. Is there any other way (or any user exit) to send invoic
-
IPhone with iOS 5 not recognized by Aperture Import
I upgraded to iOS 5 on my iPhone and when I upgraded to Aperture 3.2 (on OSX 10.7.2) Aperture no longer recognizes my iPhone as an import device. It recognizes that something was attached that had photos for uploading on it, but no device shows up.
-
How to convert the following FORALL Update to direct SQL UPDATE statement
I have a FORALL loop to update a table. It is taking too long. I want to rewrite the code to a direct UPDATE sql. Also, any other tips or hints which can help run this proc faster? CURSOR cur_bst_tm IS SELECT listagg(tm, ' ') WITHIN GROUP(ORDER BY co
-
Do you Agree that this editing system its good?
I every one, my friend would like to buy this video editing system dose every one agree that this is best system for future film 3K & 4K videos. Software: Adobe Pr & Ae CS5 Windows® 7 Professional 64-bit 2 Intel® Xeon® Quad-Core Processor X5677 (3.46
-
HELP!!!! I lost my administrator password
I need aid I lost my password of administrator and I cannot enter my session helps!!!!! that I can make to recover my password without losing all my information iBook G4 Mac OS X (10.4)