RE: Certificate prblems with exchange public folders

Hi Jens,

Thanks for posting here.

From your post, my understanding on this issue is: You encountered error
c103b404 during accessing Public Folders in Exchange System Manager. If I'm
off base, please feel free to let me know.

Per my knowledge, due to a SSL certificate on the default web server
containing a different FQDN that the internal server's FQDN, the error "The
SSL certificate server name is incorrect" with error code c103b404 stemmed
from the fact that externally the server had a different FQDN than what is
used internally.

I.To solve the issue, we can simply remove the SSL on Exadmin virtual
directory.

1. Click Start, point to Programs, click Administrative Tools, and then
click Internet Services Manager.
2. Click your server, and then expand the Web site that contains the
Exadmin virtual root (the default Web site is "Default Web Site").
3. Right-click Exadmin, and then click Properties.
4. Click the Directory Security tab.
5. Under Secure Communications, click Edit.
6. Click to clear the Require secure channel (SSL) check box. If Require
128-bit encryption is shaded, click to select Require secure channel (SSL),
click to clear Require 128-bit encryption, and then click to clear the
Require secure channel (SSL) check box again.
7. Click OK two times.
8.Restart Exchange System Attendant Service (Services.msc) and then restart
Exchange System Manager

More detailed information:

You receive an SSL Certificate error message when you view public folders
in Exchange System Manager

http://support.microsoft.com/kb/324345/en-us


II.As you can see from both KB324345 or my last response, the steps are to
remove SSL on Exadmin virtual directory, which is the very first step to
troubleshoot the issue. If it persists, we can use ADSIEdit utility to
disable SecureBindings on Exadmin virtual directory.

So this time, if you would like, you can temporarily remove the records in
hosts file and try the following steps to disable SecureBindings on Exadmin
virtual directory.

1. Launch ADSIEdit utility integrated in Windows Support Tools, in the left
side pane expand the Configuration container.

2. Expand the following: CN=Configuration, then CN=Services, CN=Microsoft
Exchange, CN= , CN=Administrative Groups, CN=First Administrative Group ,
CN=Servers, CN=Protocols, CN=HTTP, CN=1, CN=Exadmin

3. Right-click Exadmin and choose Properties.

4. In the Properties dialog box, drop down the Attributes list and scroll
down to the attribute "msExchSecureBindings" and double click on it.

5. The value of this attribute may be 443 (this is the SSL Port value). If
it is, click the 443 value to select it and click the "Remove" button. Then
click "Apply" and then "OK".

6. Close out of ADSI Edit.

7. Restart Exchange System Attendant Service (Services.msc) and then
restart Exchange System Manager.


Please verify the issue after steps above. If the issue persists, in order
to have a more concrete idea about the issue, please collect the IIS
metabase on Exchange Server and send to me: v-jaluo@xxxxxxxxxxxxx for
further analysis:

1. On Exchange Server, install .NET Framework Version 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-4842-
8157-034d1e7cf3a3&DisplayLang=en.
2. Install MBExplorer by installing IIS 6 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en.
3. Once it is installed, access it from Start, Programs, IIS Resources,
Metabase Explorer.
4. In the left pane, right click ''LM'' (under your server computer name)
to choose ''Export to file'', and then save it as IIS.mbk.
5. Compress this mbk file and send it to me for analysis. Please let me
know the password if you set on this iis mbk file.

Hope this helps. I look forward to your reply. Thanks and have a nice day!


Have a nice day!

Best regards,

Jacky Luo (MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
====================================================
PLEASE NOTE: The partner managed newsgroups are provided to
assist with break/fix issues and simple how to questions.
We also love to hear your product feedback! Let us know what you think by
posting

from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.

We look forward to hearing from you!
====================================================
When responding to posts, please "Reply to Group" via your newsreader
so that others may learn and benefit from this issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
====================================================

.