certificate frustration
Exchange 2007 SP3 Rollup 7
New Exchange server was added to a site with an existing Exchange server. Roles included on the new server are UM,MBX, and HUB. After the mailbox is moved to the new server, users get a certificate error when they attempt to use the "play
on phone" feature. The certificate displayed is that of the old server where their mailbox used to live. Comparing the old self-signed server cert and the new self-signed server cert, i notice that IIS isn't included as a service
in the self-signed certificate on the new server. So, i set about to creating a new self-signed certificate on the new server for services IIS, UM, and SMTP....
new-exchangecertificate -privatekeyexportable $True -services "IIS, UM, SMTP" -subjectname "cn=ServerName.CompanyName.com"
I'm prompted to overwrite the existing default smtp certificate to which i respond "yes" and the command completes successfully.
Next, i run get-exchangecertificate |fl
I see the new certificate, but it only lists UM and SMTP for the services (no IIS.)
Next i run enable-exchangecertificate -thumbrint xxxxxxxSomeLongStringxxxxxxxxxx -services "IIS, UM, SMTP"
The command runs without error.
Next, i again run get-exchangecertificate |fl, but it still shows only UM and SMTP!
What am i doing wrong? Is this even the right way to fix the play on phone issue?
Thanks in advance!
August 28th, 2012 3:50pm
Sorry, left out a key piece of information.. There's a second existing server at the site, a dedicated CAS box. The old server had the CAS role installed too, so given that there was already a dedicated CAS at the site we decided to build
the new server with just UM, HUB, and MBX. So for whatever reason, clients still want to go to the old server for CAS related interactions. How do i get them to recognize the dedicated CAS instead??
No, users did not get errors before they were moved.
Is it possible that once the old server is removed (gracefully) that the clients will automatically start looking to the dedicated CAS? That's not really a risk i'm willing to take without some kind of documentation to back that theory up.
Thanks!
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2012 8:46am
After the mailbox is moved to the new server, users get a certificate error when they attempt to use the "play on phone" feature.
But everything else (OWA, for example) is OK for the users of the moved mailboxes?
If so, I'd venture to guess there's something related to UM you need to adjust.
Unfortunately, I do not use and am not familiar with UM configuration (just superficial knowledge of what it is and does).Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
August 29th, 2012 7:08pm