I have created a selfsigned certificate while I wait to get a new one setup. however I have a strange issue I need help on. I ran the commends to create the self signed cert in exchange management shell. i can see that the services are assigned to it. When I go to IIS and check directory security I see the self signed cert is there. However when ever i start Outlook remotely I get a cert error (8) and it won't connect. I viewed the cert and it's an old one that expired in 2009. I copied the thumbprint down but was unable to find in in exchange managment shell? Where else should I be looking to remove this old cert so my self signed will be used until I get another 3rd partyoe up and running?

I have created a selfsigned certificate while I wait to get a new one setup. however I have a strange issue I need help on. I ran the commends to create the self signed cert in exchange management shell. i can see that the services are assigned to it. When I go to IIS and check directory security I see the self signed cert is there. However when ever i start Outlook remotely I get a proxy cert error (8) and it won't connect. I viewed the cert and it's an old one that expired in 2009. I copied the thumbprint down but was unable to find in in exchange managment shell? Where else should I be looking to remove this old cert so my self signed will be used until I get another 3rd partyoe up and running?

Hi, Please understand that the thumbprint is different from the previous certficate even though it's cloned. Thus, you need to export the new certificate and install it on the remote client computer. After that, please check this issue again. Thanks Allen

I have since got my third party cert installed (godaddy) and enabled for the usually services (imap, pop, um, IIS, SMTP). My new cert is showing up on the autodiscover site. however when ever I connect with outlook anywhere the cert it keeps pulling is the old cert that has expired. I have removed all the certs that are no longer valid (using powershell) The thumbprint from that cert that is expired is not showing up in exhange managment shell. HELP!

Hi, Did you try this issue on another computer? If possible, please test this issue on a different computer remotely. Additionally, please run get-exchangecertificate |fl command in EMS, then post the information here. Thanks Allen

AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {*.cticompanies.com, cticompanies.com} HasPrivateKey : True IsSelfSigned : False Issuer : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Au thority, OU=http://certificates.godaddy.com/repository, O= "GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US NotAfter : 5/24/2013 11:56:14 AM NotBefore : 5/24/2010 11:56:14 AM PublicKeySize : 2048 RootCAType : ThirdParty SerialNumber : 0408B52EA019FA Services : IIS, SMTP Status : Valid Subject : CN=*.cticompanies.com, OU=Domain Control Validated, O=*.ct icompanies.com Thumbprint : FB8F92844A3444C4A7F160A3DCDD8FEFE7DB24CE AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.cticompanies.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.cticompanies.com NotAfter : 5/19/2011 11:14:24 AM NotBefore : 5/19/2010 11:14:24 AM PublicKeySize : 2048 RootCAType : None SerialNumber : 4AD8147265D7AB87458B541EE161148C Services : IMAP, POP, SMTP Status : Valid Subject : CN=mail.cticompanies.com Thumbprint : 63D02D21E1E27231555495331CDD5E3E3FC3871B AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.cticompanies.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.cticompanies.com NotAfter : 5/19/2011 10:57:50 AM NotBefore : 5/19/2010 10:57:50 AM PublicKeySize : 2048 RootCAType : None SerialNumber : 868C55A3BB7117864D7F167B6680D6D9 Services : IMAP, POP, SMTP Status : Valid Subject : CN=mail.cticompanies.com Thumbprint : B630E1B803E053F110BB0A103DA691013DB816FE AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mail.cticompanies.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=mail.cticompanies.com NotAfter : 5/19/2011 10:53:23 AM NotBefore : 5/19/2010 10:53:23 AM PublicKeySize : 2048 RootCAType : None SerialNumber : AE0562A1DD3A9CB94A8A3B9B1254B577 Services : IMAP, POP, SMTP Status : Valid Subject : CN=mail.cticompanies.com Thumbprint : BC86B0A2010F04A83BAE37397CBBD4A61A4421D1 thimbprint pulled on outlook client d4 bf c5 f4 77 d7 ba 55 62 51 56 f4 fc 4f 5b fd d6 59 1c 22

Hi, Thanks for your update. I didn't find any incorrect configuration for the certificate. As mentioned above, did you test this issue on another computer? Whether only one computer have this issue? Thanks Allen

It's doing the same on all my remote connections. Very confused on where it is pulling this outdate cert from.... Help.

Found a solution that worked for me! Turns out to be a bug with Exchange 2007 in some instances. Once I updated to Service Pack 2 and rollup 4 the issues has gone away and I'm pulling the correct Cert now. Thanks for your help Allen!