Announcement

Collapse
No announcement yet.

Exchange Remote Connectivity Analyzer SSL "error"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange Remote Connectivity Analyzer SSL "error"

    Not so much an error per-se, but a warning really and I am wondering what that actually mean. It doesn't affect the functionality so it is more out of curiosity.

    Basically the only warning I am getting (when testing rpc over http) is

    Code:
    	Analyzing the certificate chains for compatibility problems with versions of Windows.
     	Potential compatibility problems were identified with some versions of Windows.
     	
    	Additional Details
     	ExRCA can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the "Update Root Certificates" feature isn't enabled.
    The certificate is bought from a cheap provider so I expect something not to work anyway

    Does that mean that Microsoft simply doesn't acknowledge the provider as root CA ?!?

  • #2
    Re: Exchange Remote Connectivity Analyzer SSL "error"

    No, it appears to mean that your root certificates are out of date
    Run Windows Update and check if there is a root certificate update for your machine
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Exchange Remote Connectivity Analyzer SSL "error"

      Originally posted by Ossian View Post
      No, it appears to mean that your root certificates are out of date
      Run Windows Update and check if there is a root certificate update for your machine
      Thought so too at first, but Windowsupdate doesn't find any new updates. I think the last time I saw Windowsupdate download updates for root certificates was on XP.

      I even checked the group policies and update of root certificates is not disabled.
      I also checked the certificate store and I see that the particular root certificates won't expire until 2038/2040.

      I even downloaded the update manually

      http://www.microsoft.com/download/en...s.aspx?id=6149

      Which doesn't do anything (executing that is) ...

      Comment


      • #4
        Re: Exchange Remote Connectivity Analyzer SSL "error"

        EXRCA always throws that error with some certificates. It is basically indicating that the root wasn't in the original base OS and is only supported with an update. The fact that the update might have been installed months or even years ago is beside the point.

        With regards to ActiveSync, not all devices support all certificates. The list changed significantly between versions of Windows Mobile 5 for example.

        If you are not getting trust issues with clients then I wouldn't worry about it.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange Remote Connectivity Analyzer SSL "error"

          Originally posted by Sembee View Post
          EXRCA always throws that error with some certificates. It is basically indicating that the root wasn't in the original base OS and is only supported with an update. The fact that the update might have been installed months or even years ago is beside the point.

          With regards to ActiveSync, not all devices support all certificates. The list changed significantly between versions of Windows Mobile 5 for example.

          If you are not getting trust issues with clients then I wouldn't worry about it.

          Simon.
          Fair enough ... thanks .. I don't have any issues at all, I am just a sucker for error free tests

          Comment

          Working...
          X