RE: Public Folder in Exchange - SSL certificate server name incorr

Hi Nathan

Many thanks for your help with this matter.
Your latest instructions have fixed the problem.
One thing I did notice is when I launched ADSI Editor and drilled down to
were you specified, I had 2 entries for msExchSercureBindings, one had the
value of 443 (which I removed), the other one was already blank.

Anyway, thanks again for your help resolving this matter.


""Nathan Liu [MSFT]"" wrote:

> Hi Mark,
>
> Thank you for your kind reply.
>
> I am sorry for the delayed response due to weekend. Please understand that
> the newsgroups are staffed weekdays by Microsoft Support professionals to
> answer your systems and applications questions. Your understanding is
> greatly appreciated!
>
> To troubleshoot this issue, please perform the below steps to remove SSL
> requirement for Exadmin, and then check if the issue can be reproduced:
>
> 1. Issue inetimgr to start ''IIS manager'', in the properties of the
> virtual root Exadmin in IIS, go to the "Directory Security" tab.
>
> 2. In the "Secure Communications" section select "Edit".
>
> 3. Make sure to deselect "Require secure channel (SSL)" and "Require
> 128-bit encryption."
>
> 4. If the "Require 128-bit encryption." is selected and grayed out, make
> sure to select "Require secure channel (SSL)" and deselect "Require 128-bit
> encryption." then deselect "Require secure channel (SSL)" again.
>
> 5. Install the Windows Server 2003 support tools from SBS2003 CD2, and then
> issue ''adsiedit.msc'' to launch ADSI Editor.
>
> 6. In the left side pane expand the Configuration container.
>
> 7. Expand the following: CN=Configuration, then CN=Services, CN=Microsoft
> Exchange, CN=<your organization name here>, CN=Administrative Groups,
> CN=First Administrative Group <or it may be your original Exchange 5.5 site
> name>, CN=Servers, CN=Protocols, CN=HTTP, CN=1, CN=Exadmin
>
> 8. Right-click Exadmin and choose Properties.
>
> 9. In the ''Attribute Editor'', make sure ''Show mandatory'' and ''Show
> optional'' options are both checked, and then scroll down to the attribute
> "msExchSecureBindings" and double click on it.
>
> 10. The value of this attribute may be 443 (this is the SSL Port value). If
> it is, click the 443 value to select it and click the "Remove" button. Then
> click "Apply" and then "OK".
>
> 11. Close out of ADSI Edit, close and reopen Exchange System Manager and
> test Public Folder access again. The connection should now be successful.
>
> If the issue persists, please help me collect the following information:
>
> 1. What's the certificate name?
>
> 2. Please also locate the icwlog.txt file from the c:\program
> files\Microsoft Windows Small Business Server\Support folder, and check
> whether there are any error messages noted on this issue, then paste the
> full context in your reply.
>
> I am appreciated your time and cooperation. If anything is unclear, please
> feel free to let me know. I am looking forward to hearing from you.
>
> Best regards,
>
> Nathan Liu (MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> --------------------
> >Thread-Topic: Public Folder in Exchange - SSL certificate server name
> incorr
> >thread-index: AcWfIEZU0NXuDa5GS0KSDRjL6/OTmw==
> >X-WBNR-Posting-Host: 217.39.33.93
> >From: "=?Utf-8?B?TWFyayBSb2JpbnNvbg==?="
> <MarkRobinson@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >References: <F5AC6C93-D41D-49A6-8B33-4BB757447CA4@xxxxxxxxxxxxx>
> <zd289kinFHA.944@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: RE: Public Folder in Exchange - SSL certificate server name incorr
> >Date: Fri, 12 Aug 2005 02:29:01 -0700
> >Lines: 234
> >Message-ID: <F64FC1ED-E538-4213-9027-978128F34DC4@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:143627
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Hi Nathan
> >
> >Many thanks for your help with this matter but after following your
> >instructions the problem is still unresolved.
> >
> >The only "difference" between your helpful instructions and what I saw on
> >screen was on Step 14 of the second set of instructions where I had to
> choose
> >the certificate. I have 2 NICs in my server, but instead of 2 certificates
> to
> >choose from I had 3.
> >1 of them was the FQDN, the other 2 were publishing.mydomain.local - the
> >only different in these 2 were the dates created, so I choose the one with
> >todays date.
> >
> >Any further help is most appreciated.
> >
> >Mark
> >
> >
> >
> >""Nathan Liu [MSFT]"" wrote:
> >
> >> Hello Mark,
> >>
> >> Thank you for posting in the SBS newsgroup.
> >>
> >> According to your description, I understand that you received the error
> >> message "The SSL certificate server name is incorrect, ID no: c103b404,
> >> Exchange System Manager", when you click the 'Folders' - 'Public
> Folders'
> >> on the Exchange System Manager. If I have misunderstood your concern,
> >> please don't hesitate to let me know.
> >>
> >> As you mentioned, you are preparing to install the SBS 2003 SP1, we
> >> strongly recommend you strictly follow the installation steps in the
> below
> >> link:
> >>
> >> Installation Instructions for Service Pack 1 for Windows Small Business
> >> Server 2003, Standard Edition
> >>
> http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5
> >> 356b6/SP1Setup_std.htm
> >>
> >> Installation Instructions for Service Pack 1 for Windows Small Business
> >> Server 2003, Premium Technologies
> >>
> http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5
> >> 356b6/SP1Setup_prem.htm
> >>
> >> For Error message "The SSL certificate server name is incorrect, ID no:
> >> c103b404, Exchange System Manager", please refer to the below
> information:
> >>
> >> Actually in SBS 2003, we should run CEICW to generate a certificate to
> >> associate with IIS. I have seen many similar problems on SBS 2003 when
> you
> >> use a third party or self-generated certificate. So no matter if you did
> >> run CEICW to generate the certificate, I would suggest we rerun CEICW by
> >> following the steps below and check if the issue does not recur:
> >>
> >> 1. Open IIS Manager (inetmgr.exe) and navigate to Web Sites\Default Web
> >> Site (if you have performed step #1 - 8, please proceed to step 9
> directly).
> >>
> >> 3. Right click Default Web Site and choose Properties.
> >>
> >> 4. Click on the Directory Security tab.
> >>
> >> 5. Under Secure Communications, click the Server Certificate button.
> >>
> >> 6. In the IIS Certificate Wizard, choose the "Remove the current
> >> certificate" option and click Next.
> >>
> >> 7. Click Next again, then click Finish.
> >>
> >> 8. Restart the IIS admin service.
> >>
> >> 9. On the SBS 2003 Server open the Server Management console. Go to
> >> Standard Management\To Do List.
> >>
> >> 10. Click the "Connect to the Internet" link.
> >>
> >> 11. Choose not to change the connection type and click Next. On the
> >> Firewall page, select "Enable firewall" and click Next (I suppose you
> have
> >> 2 network adapters in SBS 2003 and if you only have 1 network adapter
> you
> >> will not see the firewall page and you can go to step 6).
> >>
> >> 12. On the "Services Configuration" page, select all the items and then
> >> click Next.
> >>
> >> 13. On the "Web Services Configuration" page, select the web sites that
> you
> >> want to publish to the Internet. Click Next.
> >>
> >> 14. On the "Web Server Certificate" page, choose to create a new Web
> server
> >> certificate and then type the public FQDN that you will use to access
> your
> >> server (for example, www.mddeck.com). If the www.mddeck.com certificate
> was
> >> requested from a third party commercial CA, you can choose "Use a Web
> >> server certificate from a trusted authority" and then import the
> >> certificate.
> >>
> >> 15. Go through the remaining steps. Then check if the issue disappears.
> >>
> >> If the issue still occurs, please perform the steps below:
> >>
> >> 1. Open the IIS manager and expand "Web Sites" to the "Default Web Site".
> >>
> >> 2. Right click on the "Exadmin" virtual directory and select
> "Properties".
> >>
> >> 3. Click on the "Directory Security" tab and under "Secure
> communications"
> >> click the "Edit" button.
> >>
> >> 4. Uncheck the boxes for "Require 128-bit encryption" and "Require
> secure
> >> channel (SSL)".
> >>
> >> 5. Click "OK" twice.
> >>
> >> 6. Repeat steps 2 through 5 for "Exchange", "ExchWeb" and "Public"
> virtual
> >> directories.
> >>
> >> 7. Right click on "Default Web Site" and select "Properties".
> >>
> >> 8. Click on the "Directory Security" tab and under "Secure
> communications"
> >> click the "Server Certificate" button.
> >>
> >> 9. In the "Web Server Certificate Wizard", click "Next" , click the
> radio
> >> button for "Remove the current certificate" and click "Next" twice and
> >> "Finish" to remove the certificate.
> >>
> >> 10. Restart the IIS Admin service in the services mmc.
> >>
> >> 11 Right click on "Default Web Site" and select "Properties".
> >>
> >> 12. Click on the "Directory Security" tab and under "Secure
> >> communications" click the "Server Certificate" button.
> >>
> >> 13. In the "Web Server Certificate Wizard", click "Next" , click the
> radio
> >> button for "Assign an existing certificate" and click "Next".
> >>
> >> 14. Select the correct certificate in the list and click "Next". If your
> >> SBS server has 2 NICs, you should find two certificates and you should
> >> choose the "publishing.yourdomain.local" one. If you only have 1 NIC on
> >> your server, choose the only certificate which should be www.mddeck.com.
> >> Verify the correct SSL port and click "Next". twice and click "Finish".
> >>
> >> 15. Repeat steps 2 though 5 to enable "Require secure channel (SSL) and
> >> "Require 128-bit encryption" for all but the "Exadmin" virtual
> directories.
> >>
> >> 16. Close the IIS Manager and restart the IIS Admin service in the
> services
> >> mmc.
> >>
> >> 17. Verify all components operate as expected.
> >>
> >> I am appreciated your time and cooperation. If anything is unclear,
> please
> >> feel free to let me know. I am looking forward to hearing from you.
> >>
> >> Best regards,
> >>
> >> Nathan Liu (MSFT)
> >> Microsoft CSS Online Newsgroup Support
> >>
> >> Get Secure! - www.microsoft.com/security
> >> ======================================================
.