RE: Public Folder in Exchange - SSL certificate server name incorr

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Mark,

Thank you for posting back! I'm glad to hear that things are working
correctly for you now.

Additionally, you found one entry for msExchSercureBindings was already
blank, this blank entry maybe is record for the old Certificate which was
removed at previous post.

Please do not hesitate to post in this great newsgroup if you need any
assistance in the future. I look forward to working with you again.

Best regards,

Nathan Liu (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>Thread-Topic: Public Folder in Exchange - SSL certificate server name
incorr
>thread-index: AcWhqBBYke4hRQRsRbSutID+x6Ue3g==
>X-WBNR-Posting-Host: 81.137.25.117
>From: "=?Utf-8?B?TWFyayBSb2JpbnNvbg==?="
<MarkRobinson@xxxxxxxxxxxxxxxxxxxxxxxxx>
>References: <F5AC6C93-D41D-49A6-8B33-4BB757447CA4@xxxxxxxxxxxxx>
<zd289kinFHA.944@xxxxxxxxxxxxxxxxxxxxx>
<F64FC1ED-E538-4213-9027-978128F34DC4@xxxxxxxxxxxxx>
<dXFpZTYoFHA.3672@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Public Folder in Exchange - SSL certificate server name incorr
>Date: Mon, 15 Aug 2005 07:46:05 -0700
>Lines: 313
>Message-ID: <0C457329-1C7F-45AC-911D-50BF36A3F500@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144471
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi Nathan
>
>Many thanks for your help with this matter.
>Your latest instructions have fixed the problem.
>One thing I did notice is when I launched ADSI Editor and drilled down to
>were you specified, I had 2 entries for msExchSercureBindings, one had the
>value of 443 (which I removed), the other one was already blank.
>
>Anyway, thanks again for your help resolving this matter.
>
>
>""Nathan Liu [MSFT]"" wrote:
>
>> Hi Mark,
>>
>> Thank you for your kind reply.
>>
>> I am sorry for the delayed response due to weekend. Please understand
that
>> the newsgroups are staffed weekdays by Microsoft Support professionals
to
>> answer your systems and applications questions. Your understanding is
>> greatly appreciated!
>>
>> To troubleshoot this issue, please perform the below steps to remove SSL
>> requirement for Exadmin, and then check if the issue can be reproduced:
>>
>> 1. Issue inetimgr to start ''IIS manager'', in the properties of the
>> virtual root Exadmin in IIS, go to the "Directory Security" tab.
>>
>> 2. In the "Secure Communications" section select "Edit".
>>
>> 3. Make sure to deselect "Require secure channel (SSL)" and "Require
>> 128-bit encryption."
>>
>> 4. If the "Require 128-bit encryption." is selected and grayed out, make
>> sure to select "Require secure channel (SSL)" and deselect "Require
128-bit
>> encryption." then deselect "Require secure channel (SSL)" again.
>>
>> 5. Install the Windows Server 2003 support tools from SBS2003 CD2, and
then
>> issue ''adsiedit.msc'' to launch ADSI Editor.
>>
>> 6. In the left side pane expand the Configuration container.
>>
>> 7. Expand the following: CN=Configuration, then CN=Services,
CN=Microsoft
>> Exchange, CN=<your organization name here>, CN=Administrative Groups,
>> CN=First Administrative Group <or it may be your original Exchange 5.5
site
>> name>, CN=Servers, CN=Protocols, CN=HTTP, CN=1, CN=Exadmin
>>
>> 8. Right-click Exadmin and choose Properties.
>>
>> 9. In the ''Attribute Editor'', make sure ''Show mandatory'' and ''Show
>> optional'' options are both checked, and then scroll down to the
attribute
>> "msExchSecureBindings" and double click on it.
>>
>> 10. The value of this attribute may be 443 (this is the SSL Port value).
If
>> it is, click the 443 value to select it and click the "Remove" button.
Then
>> click "Apply" and then "OK".
>>
>> 11. Close out of ADSI Edit, close and reopen Exchange System Manager and
>> test Public Folder access again. The connection should now be successful.
>>
>> If the issue persists, please help me collect the following information:
>>
>> 1. What's the certificate name?
>>
>> 2. Please also locate the icwlog.txt file from the c:\program
>> files\Microsoft Windows Small Business Server\Support folder, and check
>> whether there are any error messages noted on this issue, then paste the
>> full context in your reply.
>>
>> I am appreciated your time and cooperation. If anything is unclear,
please
>> feel free to let me know. I am looking forward to hearing from you.
>>
>> Best regards,
>>
>> Nathan Liu (MSFT)
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
the
>> "Notify me of replies" box to receive e-mail notifications when there
are
>> any updates in your thread. When responding to posts via your
newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly.
Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>>
>>
>>
>> --------------------
>> >Thread-Topic: Public Folder in Exchange - SSL certificate server name
>> incorr
>> >thread-index: AcWfIEZU0NXuDa5GS0KSDRjL6/OTmw==
>> >X-WBNR-Posting-Host: 217.39.33.93
>> >From: "=?Utf-8?B?TWFyayBSb2JpbnNvbg==?="
>> <MarkRobinson@xxxxxxxxxxxxxxxxxxxxxxxxx>
>> >References: <F5AC6C93-D41D-49A6-8B33-4BB757447CA4@xxxxxxxxxxxxx>
>> <zd289kinFHA.944@xxxxxxxxxxxxxxxxxxxxx>
>> >Subject: RE: Public Folder in Exchange - SSL certificate server name
incorr
>> >Date: Fri, 12 Aug 2005 02:29:01 -0700
>> >Lines: 234
>> >Message-ID: <F64FC1ED-E538-4213-9027-978128F34DC4@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.windows.server.sbs
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:143627
>> >X-Tomcat-NG: microsoft.public.windows.server.sbs
>> >
>> >Hi Nathan
>> >
>> >Many thanks for your help with this matter but after following your
>> >instructions the problem is still unresolved.
>> >
>> >The only "difference" between your helpful instructions and what I saw
on
>> >screen was on Step 14 of the second set of instructions where I had to
>> choose
>> >the certificate. I have 2 NICs in my server, but instead of 2
certificates
>> to
>> >choose from I had 3.
>> >1 of them was the FQDN, the other 2 were publishing.mydomain.local -
the
>> >only different in these 2 were the dates created, so I choose the one
with
>> >todays date.
>> >
>> >Any further help is most appreciated.
>> >
>> >Mark
>> >
>> >
>> >
>> >""Nathan Liu [MSFT]"" wrote:
>> >
>> >> Hello Mark,
>> >>
>> >> Thank you for posting in the SBS newsgroup.
>> >>
>> >> According to your description, I understand that you received the
error
>> >> message "The SSL certificate server name is incorrect, ID no:
c103b404,
>> >> Exchange System Manager", when you click the 'Folders' - 'Public
>> Folders'
>> >> on the Exchange System Manager. If I have misunderstood your concern,
>> >> please don't hesitate to let me know.
>> >>
>> >> As you mentioned, you are preparing to install the SBS 2003 SP1, we
>> >> strongly recommend you strictly follow the installation steps in the
>> below
>> >> link:
>> >>
>> >> Installation Instructions for Service Pack 1 for Windows Small
Business
>> >> Server 2003, Standard Edition
>> >>
>>
http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5
>> >> 356b6/SP1Setup_std.htm
>> >>
>> >> Installation Instructions for Service Pack 1 for Windows Small
Business
>> >> Server 2003, Premium Technologies
>> >>
>>
http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5
>> >> 356b6/SP1Setup_prem.htm
>> >>
>> >> For Error message "The SSL certificate server name is incorrect, ID
no:
>> >> c103b404, Exchange System Manager", please refer to the below
>> information:
>> >>
>> >> Actually in SBS 2003, we should run CEICW to generate a certificate
to
>> >> associate with IIS. I have seen many similar problems on SBS 2003
when
>> you
>> >> use a third party or self-generated certificate. So no matter if you
did
>> >> run CEICW to generate the certificate, I would suggest we rerun CEICW
by
>> >> following the steps below and check if the issue does not recur:
>> >>
>> >> 1. Open IIS Manager (inetmgr.exe) and navigate to Web Sites\Default
Web
>> >> Site (if you have performed step #1 - 8, please proceed to step 9
>> directly).
>> >>
>> >> 3. Right click Default Web Site and choose Properties.
>> >>
>> >> 4. Click on the Directory Security tab.
>> >>
>> >> 5. Under Secure Communications, click the Server Certificate button.
>> >>
>> >> 6. In the IIS Certificate Wizard, choose the "Remove the current
>> >> certificate" option and click Next.
>> >>
>> >> 7. Click Next again, then click Finish.
>> >>
>> >> 8. Restart the IIS admin service.
>> >>
>> >> 9. On the SBS 2003 Server open the Server Management console. Go to
>> >> Standard Management\To Do List.
>> >>
>> >> 10. Click the "Connect to the Internet" link.
>> >>
>> >> 11. Choose not to change the connection type and click Next. On the
>> >> Firewall page, select "Enable firewall" and click Next (I suppose you
>> have
>> >> 2 network adapters in SBS 2003 and if you only have 1 network adapter
>> you
>> >> will not see the firewall page and you can go to step 6).
>> >>
>> >> 12. On the "Services Configuration" page, select all the items and
then
>> >> click Next.
>> >>
>> >> 13. On the "Web Services Configuration" page, select the web sites
that
>> you
>> >> want to publish to the Internet. Click Next.
>> >>
>> >> 14. On the "Web Server Certificate" page, choose to create a new Web
>> server
>> >> certificate and then type the public FQDN that you will use to access
>> your
>> >> server (for example, www.mddeck.com). If the www.mddeck.com
certificate
>> was
>> >> requested from a third party commercial CA, you can choose "Use a Web
>> >> server certificate from a trusted authority" and then import the
>> >> certificate.
>> >>
>> >> 15. Go through the remaining steps. Then check if the issue
disappears.
>> >>
>> >> If the issue still occurs, please perform the steps below:
>> >>
>> >> 1. Open the IIS manager and expand "Web Sites" to the "Default Web
Site".
>> >>
>> >> 2. Right click on the "Exadmin" virtual directory and select
>> "Properties".
>> >>
>> >> 3. Click on the "Directory Security" tab and under "Secure
>> communications"
>> >> click the "Edit" button.
>> >>
>> >> 4. Uncheck the boxes for "Require 128-bit encryption" and "Require
>> secure
>> >> channel (SSL)".
>> >>
>> >> 5. Click "OK" twice.
>> >>
>> >> 6. Repeat steps 2 through 5 for "Exchange", "ExchWeb" and "Public"
>> virtual
>> >> directories.
>> >>
>> >> 7. Right click on "Default Web Site" and select "Properties".
>> >>
>> >> 8. Click on the "Directory Security" tab and under "Secure
>> communications"
>> >> click the "Server Certificate" button.
>> >>
>> >> 9. In the "Web Server Certificate Wizard", click "Next" , click the
>> radio
>> >> button for "Remove the current certificate" and click "Next" twice
and
>> >> "Finish" to remove the certificate.
>> >>
>> >> 10. Restart the IIS Admin service in the services mmc.
>> >>
>> >> 11 Right click on "Default Web Site" and select "Properties".
>> >>
>> >> 12. Click on the "Directory Security" tab and under "Secure
>> >> communications" click the "Server Certificate" button.
>> >>
>> >> 13. In the "Web Server Certificate Wizard", click "Next" , click the
>> radio
>> >> button for "Assign an existing certificate" and click "Next".
>> >>
>> >> 14. Select the correct certificate in the list and click "Next". If
your
>> >> SBS server has 2 NICs, you should find two certificates and you
should
>> >> choose the "publishing.yourdomain.local" one. If you only have 1 NIC
on
>> >> your server, choose the only certificate which should be
www.mddeck.com.
>> >> Verify the correct SSL port and click "Next". twice and click
"Finish".
>> >>
>> >> 15. Repeat steps 2 though 5 to enable "Require secure channel (SSL)
and
>> >> "Require 128-bit encryption" for all but the "Exadmin" virtual
>> directories.
>> >>
>> >> 16. Close the IIS Manager and restart the IIS Admin service in the
>> services
>> >> mmc.
>> >>
>> >> 17. Verify all components operate as expected.
>> >>
>> >> I am appreciated your time and cooperation. If anything is unclear,
>> please
>> >> feel free to let me know. I am looking forward to hearing from you.
>> >>
>> >> Best regards,
>> >>
>> >> Nathan Liu (MSFT)
>> >> Microsoft CSS Online Newsgroup Support
>> >>
>> >> Get Secure! - www.microsoft.com/security
>> >> ======================================================
>

.

Quantcast