Outlook Web Access and Certificate principal mismatch
- From: Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP] <greg@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 18 May 2008 12:24:01 -0700
I am trying to get OWA working on an SBS 2003 Premium R1 (without ISA
installed, with Windows Server 2003 SP2 installed). Its name is "sbs2003",
and for privacy's sake, references to the FQDN will use "domain" as the
domain name, as in: sbs2003.domain.local or sbs2003.domain.com .
I have used Exchange Best Practices Analzyer (updated) to find any errors,
and here are the issues:
Certificate Principal Mismatch
The principal for SSL certificate 'https://domain.com' does not appear to
match the host address. Host address: domain.com. Principal:
CN=sbs2003.domain.local, CN=localhost, CN=sbs2003, CN=companyweb,
CN=sbs2003.domain.com.
[I'm not sure what to do about this, as I created a self-signed certificate
for sbs2003.domain.com]
Paging file larger than Physical Memory
[this was not strictly correct, as the current paging file was 2048MB, and
the Physical Memory is 3.50GB; however, the automatically-created settings
had a custom size of 2048MB initial and 5348MB maximum, so perhaps it was
this that triggered the error...no matter, it was a good time to reduce the
paging file on the Windows drive to 200MB and create a static one of 3500MB
on another drive.]
RPC binding does not contain FQDN
The 'ncacn_ip_tcp' binding for server SBS2003 does not contain a
fully-qualified domain name.
[fixed]
Database backup critical
Database 'Public Folder Store (SBS2003)' on server SBS2003 has never had a
full online backup.
[fixed]
Network interface driver file is more than two years old
[noted...there is no newer file available than 2006/07]
Storage driver is more than two years old
[noted...there is no newer file available than 2006/01/09]
The 'fast message retrieval' option is not enabled on IMAP4
[fixed]
The Network News Transfer Protocol (NNTP) service is running on server sbs2003
[now disabled and stopped]
Application log size
As a best practice, the size of the 'Application' log on server
sbs2003.domain.local should be increased. The current size is 16MB. For
servers running Microsoft Exchange, a size of 40MB or more is recommended.
[fixed...set to 40960KB as suggested]
Consider setting TarpitTime
Recipient filtering is enabled on server sbs2003.domain.local. As a best
practice, consider setting the 'TarpitTime' parameter as recommended in
Microsoft Knowledge Base article 899492.
[registry entry made, and request made for Hotfix from KB article 899492
via "Contact Us: Hotfix Request Web Submission Form"
....which Microsoft seems to keep moving to try to hide, but is currently at:
https://support.microsoft.com/contactus/emailcontact.aspx?scid=sw;en;1414&WS=hotfix ]
Enable automatic updates for message filtering
Automatic update for the Intelligent Message Filter is not enabled on server
SBS2003. To improve the effectiveness of the filter, follow the instructions
outlined in Microsoft Knowledge Base article 907747.
{Rhetorial question: why must this be a download-only .DOC file?}
[First it says you should enable automatic updates for message filtering,
then it says you should not have them automatically installed!! -- and this
is only the tip of the Intelligent Message Filtering options. Done.]
Crash upload logging disabled
Exchange fatal error information on server sbs2003.domain.local is not
automatically sent to Microsoft for analysis. It is recommended that you
enable this feature through the Exchange System Manager.
[now enabled]
Recipient Update Service Did Not Process All Changes
[fixed -- except I need to find out out to force directory replication
before I "reconfigure the Recipient Update Service to its original schedule"
as per:
http://technet.microsoft.com/en-us/library/aa998435.aspx
Sink registration not found Small Business Server Attachment Remover
Transport event sink 'Small Business Server Attachment Remover' was found in
the metabase for SMTP instance '1' on server sbs2003.domain.local but its
registration could not be found. Registration expected in
HKEY_CLASSES_ROOT\CLSID\.
[this is one I'm going to need help with...the instructions on what to do to
re-register the sink dll's are clear, but when I ran them as instructed from
the \Program Files\Exchsrvr\Bin directory, I got errors for each one, all of
them similar to this last one:
---------------------------
RegSvr32
---------------------------
msgfilter.dll was loaded, but the DllInstall entry point was not found.
This file can not be registered.
---------------------------
OK
---------------------------
Previously, I had accidentally deleted Port /LM/W3SVC/1: from
HKLM\Software\Microsoft\SharedTools\Web Server Extentions\Ports
while I was trying to get Monitoring working again [it is].
I got an export of a similar key from another SBS server, modified it to fit
this one, and added it to the registry.
I then created ExchangeApplicationPool and
ExchangeMobileBrowseApplicationPool in the Application Pools of IIS Admin
(where they had been missing), and assigned the appropriate AP to the OWA and
Microsoft-Server-ActiveSync sites under Default Web Site.
I restarted the server, and then reran Exchange Best Practices Analyzer.
This time, the only issues were the Certificate principal mismatch, the
Recipient Update Service is Inactive, the Network interface driver is too
old, and the Storage Driver is too old. Curiously, the sink registration
error seems to have disappeared without correction.
Any suggestions for getting OWA to work, or the Certificate principal
mismatch?
.
- Follow-Ups:
- RE: Outlook Web Access and Certificate principal mismatch
- From: Greg Kirkpatrick [SBSC,MCTS-Vista,MCITP]
- RE: Outlook Web Access and Certificate principal mismatch
- Prev by Date: Re: Exchange Server 2007 - Logs File space ran out need to commit and delete how?
- Next by Date: Re: Exchange Server 2007 - Logs File space ran out need to commit and delete how?
- Previous by thread: Exchange Server 2007 - Logs File space ran out need to commit and delete how?
- Next by thread: RE: Outlook Web Access and Certificate principal mismatch
- Index(es):
Relevant Pages
|
