Exchange 2003 certificate errors
I have a single forest single domain Windows Server 2003 EE AD environment. I have two Exchange 2003 servers (one is just dedicated to OWA; this same server is also the CA). I have a problem where users access OWA and they are prompted with the security
certificate warning (There is a problem with the website's security certificate). They click continue which then connects them. They are prompted again with the warning when opening an email. The certificate appears valid. The same issue occurs when accessing
OWA outside our district. Any ideas?
October 6th, 2010 11:39am
The error should tell you which reason it is failing on - it will be one of three - date, trust or host. Without knowing which one it is, it is hard to know what to suggest.
Do be aware that a certificate issued to domain.com is not the same as a certificate issued to owa.domain.com and would generate the error.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 11:42am
IF you are using Internal ( your CA created) certificate it will pop for an error.
You can save the certificate which should stop error from that PC/Laptop.
To completely stop the error buy a third party certificate.
http://security.fnal.gov/pki/Export-Personal-Cert.html - should help
October 6th, 2010 11:44am
Simon-
In my case it is date (The security certificate presented by this website has expired or is not yet valid). Where would I start to look to troubleshoot this? Thanks.
Sean
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 11:49am
IF your cert is from External authority than you should renew it from them. IF from internal CA you should do the same.
October 6th, 2010 11:54am
I was able to renew it. I appear to be getting an Event ID 80 warning in the App log indicating the following:
Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 80
Date: 10/6/2010
Time: 12:09:14 PM
User: N/A
Computer: ADMINOWA
Description:
Certificate Services could not publish a Certificate for request 131 to the following location on server adminrootdc03.obps.local:
ldap:///CN=webmail,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=obps,DC=local. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344).
ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 12:30pm
if you are able to renew it and the date is updated you may ignore the warning else
check - http://support.microsoft.com/kb/300532
October 6th, 2010 12:52pm
Has the certificate error gone in the OWA?James Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
October 6th, 2010 10:50pm
Still experiencing the error. Once when browsing to the URL and then again when opening a message. Looks as though it is renewed and date is updated. Any other ideas? Thanks.
October 14th, 2010 10:01pm
Please check if there’s any expired certificate on the server or client machine:
Open Internet Explorer, clicking on tools>internet option>content >certificates> and looking under "trusted root certified authorities",
if we found any which says expired we can delete them
Please verify if the system date and time is correct on the client machineJames Luo
TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)
If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
October 15th, 2010 2:55am