WAAS 4.2.3 Cert near expiration warning.

Similar Messages

• How to delete the alarm "Certificate is near expiration" on multiple WAEs using WAAS CM

  Hi,
  We are getting "Certificate is near expiration" alarm on more than  200 WAEs . Instead of deleting the expired certificates manually from each device,
  how to delete this alarms/certificates on all the devices from WAAS CM ?
  Please advice..
  Regards,
  Ameen.

  Ameen,
  I believe there is script that you could use to address this issue on multiple devices at once.
  Please open a TAC case so that TAC Engineer would assist with this.
  For a single WAE, it is documented here.
  https://supportforums.cisco.com/thread/2010020
  Thanks
  Anil

• Certificate device_cert_key.p12 is near expiration.....

  Is there a way I can delete a self assigned local cert so It don't have to worry about it expiring? I had created it for testing purposes.  When I tried to delete it using the common name "server.domain.com", it doesn't let me.
  Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings    
  Issued To
  Common Name:
  server.domain.com
  Email:
  [email protected]
  Organization:
  Cisco Systems
  Organization Unit:
  WAAS
  Locality:
  San Jose
  State:
  California
  Country:
  US
  Serial Number:
  1279988218916
  Issued By
  Common Name:
  server.domain.com
  Email:
  [email protected]
  Organization:
  Cisco Systems
  Organization Unit:
  WAAS
  Locality:
  San Jose
  State:
  California
  Country:
  US
  Validity
  Issued On:
  Sat Jul 24 16:16:58 UTC 2010
  Expires On:
  Sun Jul 24 16:16:58 UTC 2011
  Fingerprint
  SHA1:
  E3:04:2E:C0:6A:C4:7C:44:DB:56:C9:3F:51:D8:5F:C7:8E:BA:D1:DA
  Base64:
  4wQuwGrEfETbVsk/Udhfx4660do=
  Key
  Type:
  SHA1WithRSAEncryption
  Size (Bits):
  1024

  The factory self assign is not the one that has expired. It's the one that I've created for testing purposes. I figured out on how to delete it. Thanks for the info on the bug ID CSCte05426.
          Alarm ID                 Module/Submodule               Instance
     1 cert_near_expiration      sslao/SGS/gsetting           cert_near_expiration    
       Jun 25 01:40:17.657 UTC, Processing Error Alarm, #000076, 26000:26005
       Certificate device_cert_key.p12 is near expiration. It is configured as machine cert in global settings
  crypto delete pkcs12 device_cert_key.p12
  show crypto certificate-detail  factory-self-signed
  Bag Attributes
      localKeyID: 2A 2A BA 01 B8 C0 17 8C 9B A9 7F 23 43 D8 66 DA 3C B3 02 07
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: 29 (0x1d)
          Signature Algorithm: sha1WithRSAEncryption
          Issuer: C=US, ST=California, L=San Jose, OU=ADBU, O=Cisco Systems, CN=NO-HOSTNAME/emailAddress=[email protected]
          Validity
              Not Before: Jan 15 19:55:12 2009 GMT
              Not After : Jan 14 19:55:12 2014 GMT

• Outlook 2013 Clients certificate has expired warning or not yet valid

  Hello,
  We had been through a migration from exchange 2010 to 2013 in the last year but have had an ongoing issue with
  some Outlook clients getting a certificate warning after they launch the client.  Not all Outlook clients experience this.  We've just recently uninstalled exchange from our 2010 servers and shut them
  down.  What we have left are two 2013 servers in a DAG.  The certificate these Outlook clients are complaining about had expired in 2012.  Here is the warning they are getting:
  "Certificate has expired warning or not yet valid"
  I've been through numerous threads/sites regarding this error but it always ends up that there was an expired cert hanging out somewhere.  I cannot seem to find an expired cert anywhere...
  I've ran the 'Get-ExchangeCertificate | fl' cmdlet and I see 7 certs listed, none of which match the thumbprint on the Cert Warning on Outlook.
  When I check the registry of the Exchange servers here: HKLM>Software>Microsoft>SystemCertificates>My>Certificates
  I can see 7 certificate entries listed there and the thumbprint matches those of the cmdlet ran from
  EMS.
  OWA shows the correct cert expiring in 2015 and Outlook clients are pointed to the 2013 servers.  We do have a load balancer that AutoDiscover, OWA, SMTP are going through.  
  It seems like some of these Outlook clients are still looking at the decommissioned 2010 Exchange servers' old certificate.  Any ideas on how I can get outlook to point to the new certificate/server?
  Thanks.
  Rory
  Rory Schmitz

  Hi Rory,
  If possible, could you please post the Get-ExchangeCertificate | FL results about the certificate which is assigned with IIS service here?
  If the issue only happens for some users instead of all users, please create a new Outlook profile for the problematic user to check whether the issue persists. Please make sure the certificate name which is reported as expired or not valid is included
  in the IIS service certificate in your Exchange 2013.
  In Exchange server side, please restart IIS service by running IISReset /noforce from a command prompt window to have a try.
  Regards, 
  Winnie Liang
  TechNet Community Support

• How to suppress distibution certificate expiration warning messages?

  We have an enterprise license and distribute internal apps using a distribution provisioning profile.  We've updated the distribution certificate to be valid for 2013, but continue to get the pop-ups about the expiring certificate on the employees iPads.  
  Is there a way to prevent the pop-ups for expiring certificates?
  Thanks
  TK_digi

  Hi
  Answer is pure assumption.
  Pls check the following OSS notes
  Note 319094 - Warning message during batch classification in IM
  Note 122937 - UD: Error message M7207 when you save
  Note 399416 - Message M7207 not analyzed in background
  Note 786755 - You cannot suppress message M7 207
  Note 201196 - MIGO: Error M7207 for goods receipt for batch
  Pls take opinion from SAP / Basis before implementing the OSS note
  Regards
  Madhan D

• No password expiration warning

  Dear,
  When setting a password with the use of the command passwd -w <days> <username>, the selected user is not being warned about the expiration date when logging in.
  However, when using passwd –f <username> it prompts the user at the login for a new password.
  Example:
  passwd -w 7 extelt
  passwd -x 30 extelt
  passwd -s extelt
  (Command set at 7/6/2011)
  So the password expires at 07-07-2011.
  Should start warning the user at 30-06-2011.
  As explained, there are no warnings given from the 'checkpoint (30-06-2011)'.
  What else can i try?
  Thanks in advance.
  Regards,
  Tommy

  Did you also upgrade the Password Compatibility to 6?
  If so, then all the password attributes will have a prefix of "pwd" instead of "password" so it might break somethings in your application if it is looking for "passwordExpirationTime" or something.
  Thanks.

• Annual Line Rental nearly expired, so DD doubled.

  I've just received my latest bill; the first thing it tells me is that BT is raising my DD from £32pm to £60.60. There are two reasons for this :
  1. My annual line rental expires 19/2/13. Fine, I intend to renew it this weekend. However, I've been charged for line rental from 26/1 to 25/4 (with a credit from 26/1 to 19/2).
  2. We've been paying about £15-20 per qtr for calls to our son's mobile. He's just had BT phone and internet installed this month, so they'll disappear.
  My first reaction was to try to have the DD reduced, even if just to £40. Using 0800 443311, you go through a long series of options, the last two being "amend your DD" and finally "Increase your DD". No other option, no chance to speak to anyone.
  So I then rang 0800 800 150. Alas, after finally getting through, we had difficulty understanding each other. However, it seemed to come down to :
  a) The only way to decrease my DD is to pay off the £90 debit. I have no problem with that, except that I'd then be paying the £33 line rental.
  b) If I renew my annual line rental, it seems I'll have the £33 credited - in my next bill.
  Obviously, it would all work out, because the debit would disappear, including the line rental. The credit would then be applied against the total of the next bill (wouldn't it?).
  Again, I'd have had no problems taking these steps, in either order, provided that I could have a revised bill sent to me fairly soon. Alas, I'd have to wait three months, until my next bill arrived, to ensure everything had gone through smoothly.
  Does anyone with experience of these things have any advice on the best course of action?
  Solved!
  Go to Solution.

  I've now read a few earlier threads on this, and I think I've grasped the situation (which probably means I haven't).
  I'm happy to renew my Annual Lline Saver (ALS), and move to monthly billing.
  Presumably, to move to monthly billing, I'd have to pay off my credit balance, which includes £33 line rental. There's no mention of outstanding balances in the ALS T&C.
  The situation I want to avoid is that of paying the £33 twice; once when I renew the ALS, and again when I pay off the credit balance. 
  While I'm sure any problems would be resolved eventually, I'd just like to avoid them if I can.
  Does anyone who's made this move have any advice? I assume that everyone whose ALS termination date didn't coincide with their billing date would have the same problem.

• Credentials popup after password is about to expire warning

  Hi,
  We recently upgraded to Exchange 2013 CU3, and are experiencing a strange problem.
  When user passwords are about to expire, the user get a message "password will expire in x days, do you want to change it now?"
  When they choose not to change it right away, they receive a security popup when starting up outlook.
  If they give in their credentials it's OK.
  After changing the password, they also stop receiving these popups.
  3 Exchange servers configured
  Connecting via F5 HLB
  OutlookAnywhere authentication shold
  ExternalClientAuthenticationMethod, InternalClientAuthenticationMethod are configured to use Ntlm
  IISAuthenticationMethods can be used via Basic, Ntlm, Negotiate authentication

  Hi D,
  Sorry for the reply above, the format corrupted. I just cannot delete it. I don't know why.
  Suggestions as below:
  1. Please using OWA to check whether this issue exists. If everything is well in OWA, it seems an issue on the Outlook client side.
  2. Please re-creating new profile to refresh the caches.
  3. Please delete the credentials on Windows. Detailed steps in the following article:
  Remove stored passwords, certificates, and other credentials
  http://windows.microsoft.com/en-HK/windows7/remove-stored-passwords-certificates-and-other-credentials
  Hope it is helpful
  Thanks
  Mavis
  (format still strange, don't konw why.）
  Mavis Huang
  TechNet Community Support

• How fix mail security cert name mismatch warning

  Mail is periodically warning about trusting "inbound.att.net" when connecting to "pop.att.yahoo.com".
  It says: "This certificate is not valid (host name mismatch)"
  and it warns that I may be the victim of foul play.
  I have avoided checking the "always trust" box and am trusting as each warning appears.
  (iMac is brand new; have never seen any such message on WindowsXP computer in recent use with same mail account using Thunderbird.)
  Should I take this as a serious security warning?
  Just need to change some setting?  (They all match AT&T's requirements as far as I can see.)
  A problem at AT&T / Yahoo?
  Thanks for any suggestions!

  Maribod,
  You also may want to repost in the Mail and Address Book forum. Click Apple Support Communities then type Snow Leopard and click Refine this list where you will find information on Mail and Address Book. Mail and Address book are part of OS X which is why they are in the Snow Leopard forum.
  Roger

• OID Not send password expiration warning

  Hi all,
  i have set password policy with the follow attributes:
  pwdexpirewarning: 10367998
  pwdmaxage: 10368000
  When user logon the attribute pwdexpirationwarned is set, but expiration message with error code 9002 is not send.
  Solution?
  Thanks

  which OID version are you using?
  --Olaf                                                                                                                                                                                                                       

• [C7288] Display stuck with "Ink Expiration Near"

  The display on the MFD is stuck with "Ink Expiration Near" message for Light Cyan and Light Magenta.
  Although the message says "To continue with this ink press OK".........Even if I press OK, nothing happens. Infact, none of the buttons seem to do anything other than playing the key tone.
  I can't print anything through the computer either. Please help.

  Hi @videoarizona,
  Welcome to the HP Forums!
  I see that your HP Photosmart C6150 will not allow you to print with a "ink near expiration date" warning. I am sorry to hear this, but happy to look into this for you!
  Please take a look through this guide, Ink Expiration. 
  Most likely it is time to change the ink cartridges, if the the printer will not allow you to override the warning.
  Hope this answers your question, and have a great day!  
  RnRMusicMan
  I work on behalf of HP
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to say “Thanks” for helping!

• Why do i have more than one "Sites" cert after updateing and expired cert.Can i delete the expired cert?????

  Hi After getting the below message i updated my cert but now have 3 of the same certs? Can i delete the expired cert?????
  There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SERVER.domainname.local. The existing certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the
  FQDN of SERVER.domainname.local should be installed on this server as soon as possible. You can create a new certificate by using the New-ExchangeCertificate task.
  I used "Get-ExchangeCertificate | Select CertificateDomains,Thumbprint,Status,Services | fl"
  to see which cert was expired
  I used "Get-ExchangeCertificate –Thumbprint 91D4C277BE4DF5FA15FC76D936375B7766ABCC23 | New-ExchangeCertificate" to replace the expired cert
  I re-ran "Get-ExchangeCertificate | Select CertificateDomains,Thumbprint,Status,Services | fl"
  to see if it had worked
  but now i have two certs one expired the other not. Can i delete the expired cert?????

  Hi 
  Yes you can delete the expired certificate which are showing  as it is not functional anymore and they remain as stale entries 
  You can use  below command
  Remove-ExchangeCertificate -Thumbprint "specify the value "
  Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com

• Windows 7 Expired Password - Recvd Warning prompts but not forced to change password

  Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk
  reset thier password.
  Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.
  I have the GPO configured to notifiy users when thier passwords will expire in 14 days
  Thank you,
  Glen

  Hi,
  After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows
  7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.
  1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic
  Windows 7 client.
  2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:
  a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after
  collecting data. You may need to create the Diagnostics key if it is not there.
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
  Type: DWORD
  Value: GPSvcDebugLevel
  Data: 0x30002 (hexadecimal)
  b) Then on the problematic Win7 machine, run command “gpupdate /force”.
  c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.
  d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy
  -> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.
  e) After that, please send me the above output files. (please zip them first and then send them to me).
  - %windir%\debug\usermode\gpsvc.log
  - gpr_win7.txt
  - win7.evtx
  Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC
  result and the zip files, and then give us the download address.
  Thanks,
  Novak
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Expired Certs for Apache

  Hi All,
  Groupwise web access will not load any more giving:
  HTTP Status 404 -
  type Status report
  message
  description The requested resource () is not available.
  Apache Tomcat/5.5.27
  In digging around I found the cert had expired. I tried renewing it in
  iManager/Novell certificate Server but no joy. When I view the
  certificate, it still says "Expires on: 04/23/2010".
  This has always been my bug-a-boo. What is the TID that covers this?
  Server:
  cat /etc/novell-release
  Novell Open Enterprise Server 2.0.2 (i586)
  VERSION = 2.0.2
  PATCHLEVEL = 2
  BUILD = FCS
  cat /etc/SuSE-release
  SUSE Linux Enterprise Server 10 (i586)
  VERSION = 10
  PATCHLEVEL = 3
  Groupwise 7.0.3
  Thanks
  Bob Crandell

  On Thu, 20 Oct 2011 21:10:56 +0000, Craig Johnson wrote:
  > In article <lZYnq.119$[email protected]>, Bob Crandell
  > wrote:
  >> In digging around I found the cert had expired. I tried renewing it in
  >> iManager/Novell certificate Server but no joy. When I view the
  >> certificate, it still says "Expires on: 04/23/2010".
  >>
  > Did you restart apache or the server after renewing the certificates?
  >
  > Craig Johnson
  > Novell Support Connection SysOp
  I restarted Apache but not the server.
  etc/init.d/apache2 stop
  /etc/init.d/novell-httpstkd stop
  /etc/init.d/novell-tomcat5 stop
  and
  /etc/init.d/novell-tomcat5 start
  /etc/init.d/novell-httpstkd start
  /etc/init.d/apache2 start
  So I should restart the server?
  Thanks

• Leopard: AD Plugin Doesn't Warn Me When My AD Password Expires?

  I just noticed that my Windows PC is informing me that my AD password will expire in days. However, My Leopard Mac which is also bound to the same AD domain is not giving me the password expiration warning. I know that the AD plugin in Tiger (10.4.x) used to warn me about upcoming password change policies etc, but 10.5.1 is not.
  Has anyone noticed this behavior?
  Also - has anyone had any luck changing their AD password from a 10.5 client using the Accounts Preference Pane? I remember that Tiger was a little buggy sometimes...

  Thanks Strontium90!
  Turns out that is exactly what happened.  I am testing the adpassmon utility now...  very cool! I like how it allows you to change you password.
  I have had quite a few occasions where users change their passwords at login when their AD password expires... which knocks their keychain out of sync. This tool may just be the ticket.
  One again, many thanks!
  Ray