Microsoft Remote Connectivity Analyzer Unable to Obtain Remote SSL Certificate
I'm at a loss on this one. I ran the Microsoft Remote Connectivity Analyzer for Outlook Autodiscover on our Exchange Server 2010 SP1, and it says:
"ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation."
If I go into Outlook's Test Email AutoConfiguration, I get the following failure:
"Autodiscover to https://domain.com/autodiscover/autodiscover.xml Failed
Autodiscover to
https://autodiscover.domain.com/autodiscover/autodiscover.xml starting
GetLastError=0, httpStatus=200
Autodiscover to
https://autodiscover.domain.com/autodiscover/autodiscover.xml Succeeded"
OWA does work. Any help would be appreciated.
Michael
August 10th, 2012 4:06pm
I'm at a loss on this one. I ran the Microsoft Remote Connectivity Analyzer for Outlook Autodiscover on our Exchange Server 2010 SP1, and it says:
"ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation."
Michael
Are you using a self-signed certificate, or a certificate issued by an internal CA?
If that is the case, then the error is expected.
What can you tell us about your certificate?
I would also help if you posted the output from EXRCA.Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2012 4:17pm
I'm at a loss on this one. I ran the Microsoft Remote Connectivity Analyzer for Outlook Autodiscover on our Exchange Server 2010 SP1, and it says:
"ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation."
Michael
Are you using a self-signed certificate, or a certificate issued by an internal CA?
If that is the case, then the error is expected.
What can you tell us about your certificate?
I would also help if you posted the output from EXRCA.Martina Miskovic
August 10th, 2012 4:27pm
Hi Martina,
Thank you for your response.
We are using a UCC SAN SSL Certificate from Go Daddy.
Below are the results from Exrca:
---------------------------------------------------------
ExRCA is attempting to test Autodiscover for
email@yourdomain.com.
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL
https://yourdomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name yourdomain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host yourdomain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server yourdomain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
Attempting to test potential Autodiscover URL
https://autodiscover.yourdomain.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.yourdomain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.yourdomain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
-----------------------------------------------
Michael
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2012 10:42pm
Hi Martina,
Thank you for your response.
We are using a UCC SAN SSL Certificate from Go Daddy.
Below are the results from Exrca:
---------------------------------------------------------
ExRCA is attempting to test Autodiscover for
it@benrichservice.com.
Autodiscover was tested successfully.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service was tested successfully.
Test Steps
Attempting to test potential Autodiscover URL
https://benrichservice.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name benrichservice.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host benrichservice.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server benrichservice.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
Attempting to test potential Autodiscover URL
https://autodiscover.benrichservice.com/AutoDiscover/AutoDiscover.xml
Testing of the Autodiscover URL was successful.
Test Steps
Attempting to resolve the host name autodiscover.benrichservice.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host autodiscover.benrichservice.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.
Test Steps
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST.
Test Steps
-----------------------------------------------
Michael
August 10th, 2012 10:51pm
Hi,
I can't see anything wrong in the EXCRA report you posted.
Autodiscover URL autodisocover.yourdomain.com was tested successfully.
Is everything working for you now?
I can't see the first error your posted so...
Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2012 12:10am
Hi,
I can't see anything wrong in the EXCRA report you posted.
Autodiscover URL autodisocover.benrichservice.com was tested successfully.
Is everything working for you now?
I can't see the first error your posted so...Martina Miskovic
August 11th, 2012 12:19am
Hi,
I can't see anything wrong in the EXCRA report you posted.
Is everything working for you now?
I can't see the first error your posted so...
Martina Miskovic
No, still not working.
Also can you do me a favor, and remove the domain from your prior post. I was very tired and unintentionally included it. Thanks. I would PM you but this system does not appear to have such a feature.
Michael
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2012 5:15pm
That output looks fine. What isn't working exactly? You mentioned OWA is working, is outlook anywhere not working or autodiscover not working, not able to see freebusy or set oof etc.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
August 11th, 2012 6:48pm
No, still not working.
Michael
Yes, we need to get more information cause the output looks like it should and I didn't see anything wrong in your certificate when I checked.
Btw, I have removed your domain name from my previous post.Martina Miskovic
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2012 3:00am
Thanks, Martina.
What sort of information can I provide you?
Maritina and James, right now everything is working except Autodiscover. Both the Microsoft Ceonnection Analyzer, and the Outlook connection tests failed. The SSL certificate works for OWA, but perhaps it is not setup properly for autodiscover.
Michael
August 14th, 2012 1:31pm
Per the results autodiscover is coming back sucessfully, unless you have a defunct cas in the array possibly. When you say autodiscover is not working, is it not working internally, externally or both? Outlook connection tests fail? Do you mean when you
create a new outlook profile and use autodisocover to provision the account?
You may not be running into an autodiscover issue but some other issue. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 14th, 2012 1:42pm
You must configure a valid SSL certificate from a CA that the client computer trusts. We recommend that you use the Exchange 2010 Certificate wizard to configure a valid SSL certificate.
And you should configure the firewall for the address space and configure the SSL certificate for the Autodiscover service.Noya Lau
TechNet Community Support
August 14th, 2012 11:23pm