When enabling exchange certificate services they always go to none no matter if I add POP IMAP SMTP when I look it up when done it just says none.

Hi Eric, Happy to try and assist with this but I will need more information. Please can you include.... Exchange server version (2007 or 2010) Command used to assign services to your certificate Command used to verify which services have been assigned to your certificate This is the command I used for assigning services to my own certificate recently (Ex 2k7), it worked fine... Enable-ExchangeCertificate –Services IIS, POP, IMAP This is the command I used to verify that the services were assigned the certificate correctly... Get-ExchangeCertificate | FL Also, most likely there will be more than one certificate listed when you view certificate configuration, are the services assigned to an alternative certificate? Looking forward to your reply. Kind Regards GF

These articles might be of help: http://www.exchangeinbox.com/article.aspx?i=126 http://www.exchangeinbox.com/article.aspx?i=127 Exchange Message Recalling Works! - http://www.windeveloper.com/recall/

It is Exc 2007 and those are the commands I used although I added the thumbprint.

And I do have all the services assigned to a third party certificate but it is the public CN name and not the internal.

Any thoughts on this?

Yes, if I understand your situation correctly you need to implement split DNS.... http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html This would allow your clients internally and externally to resolve exchange services using the same name and therefore the same certificate. Kind Regards GF

When enabling exchange certificate services they always go to none no matter if I add POP IMAP SMTP when I look it up when done it just says none. Can you capture a screenshot for the EMS box? it would help me understand the issure you are encountering. Besides, I would suggest you checkt he IIS service to see if it is running.Fiona

Hi Eric, Am I correct in assuming that you want both internal and external clients to use certificates for authentication or only internal? If both then you need the following example... · exchange services assigned to an active certificate · internet DNS "A" resource record directing requests for "mail.domain.com" to your CAS. · internal DNS "A" resource record directing requests for "mail.domain.com" to your CAS. Depending on your internal DNS zone configurations you may need to create a new zone to achieve this. If the problem is something else entirely please advise. Kind Regards

Any update?Fiona

This is only for internal. We have a certificate already for the external which has a different CN.

Hi, Ok please run the following test command.. Test-OutlookWebServices And paste results here. Remember to edit any sensitive information. Personally, I prefer to keep certificate management simple and the more certificates deployed the more complex and time consuming it becomes down the line. My best suggestion remains that you implement split DNS and use just one cert. Kind Regards

This is only for internal. We have a certificate already for the external which has a different CN. Hi Eric, A Exchange server can only install one certificate. We are not able to install two different certificate for Exchange services. It is by design, your understanding would be appreciated.Fiona