No announcement yet.

New SSL cert has broken Distribution groups

  • Filter
  • Time
  • Show
Clear All
new posts

  • New SSL cert has broken Distribution groups

    Hi all,

    This morning I self assigned a new SSL to final get rid of an identiety mis-match security error. I did this by running the CEICW, leaving all the settings as they were (other than creating a new certificate.

    I installed this and since then, our distribution groups in exchange are no longer working. Can anyone help with that as it's quite important!

    Sending an email from an exterior email to the distribution does not bounce, nor throw up another error.

    Any advice is much appreciated.

  • #2
    Re: New SSL cert has broken Distribution groups

    In addition to this it turns out that SOME emails from external mails are not being delivered. I've been sending tests since I discovered the issue from my gmail account and received the following warning this morning:

    Technical details of temporary failure:
    Unspecified Error (SENT_SECOND_EHLO): Unknown error 18446744073709551615

    However, I have received some emails since (just not my test ones)

    Also, I ran nslookup setq=mx and although the MX record is correct, the local server showed:


    I'm pretty sure that used to be Server:

    Does this shed any more light?

    Is it possible that by running the wizard to create a new SSL certificate to fix an error that wasn't really a problem I've really quite broken the exchange?


    • #3
      Re: New SSL cert has broken Distribution groups


      The issues have been completely resolved by simply removing the SSL certificate since it was obviously the cause.

      This begs the question: WHY did it break everything? I followed the self-signing creation steps fully and used the correct FQDN, or so I thought?

      If anyone see's this and can offer up an explanation that would be great as I'm sure it might help others.


      • #4
        Re: New SSL cert has broken Distribution groups

        First off why are you using a self signed certificate with Exchange? Secondly SSL has nothing to do with how distribution groups work. Exchange routes email to a d-list based on its email address/LegacyDN. In addition you don't require MX records for internal delivery of email - especially since you are using SBS? I would presume you have a underlying misconfiguration somewhere that caused something to break in Exchange... Lastly there must be something in the tracking logs that would indicate if Exchange was at least even receiving email for those distribution lists.