Announcement

Collapse
No announcement yet.

SBS 2008(Exchange 2007 cert errors)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2008(Exchange 2007 cert errors)

    Hello,

    We got a company, running SBS 2008. Internal domain is .local

    Purchased 3rd party certificate from StartCom,with primary use for OWA.Registered public domain for email .org

    Users connect to their mailboxes, using: Microsoft Exchange Accounts, and some of them POP/IMAP.

    Those who are connecting with Microsoft Exchange Accounts have no issue at all.

    Those who are connecting with POP/IMAP(TLS Encryption for Outgoing Server-port 587) accounts have issues("The name of the security certificate is invalid or does not match the name of the site")

    Solution for POP/IMAP was enabling POP/IMAP services to Public cert.I Run Enable-ExchangeCertificate -Thumbrint XXXXXXXXXXXX -Services IMAP,POP.

    Certificate error is corrected for POP/IMAP, but now Exchange Accounts experienced certificate error("The name of the security certificate is invalid or does not match the name of the site"-it's pop public cert now)

    When i ran: Get-ExchangeCertificate i see following services assigned to certs:

    Self-signed(created during setup): SMTP
    Public Cert(StartCom SSL): IMAP,POP,OWA,SMTP

    After hours of googling,I get the point that something with SMTP service isn't right, and decide to Export public cert, and import again.After that, Get-ExchangeCertificate:

    Self-signed(created during setup): SMTP
    Public Cert(StartCom SSL): IMAP,POP,OWA

    Self-signed cert seems to be like before I made any changes

    but now Exchange Accounts got cert error too("The name of the security certificate is invalid or does not match the name of the site"-it's pop public cert now")

    Whole week i try to resolve this, but still problem continues.

    Any suggestions and directions?

    Regards,
    Attached Files

  • #2
    Re: SBS 2008(Exchange 2007 cert errors)

    Did you use the wizard in SBS to install the certificate? If not, then that is your first problem.
    You need to ensure the certificate common name matches the external host name configured in SBS. The default is remote.example.com. Then go through the SSL wizard in the management console and choose to use an existing certificate. SBS will then configure Exchange correctly for you.

    Exchange 2007 on SBS 2008 looks like regular Exchange, behaves like it, but the management of it has to be done through the wizards due to the changes that the SBS setup makes to the Exchange configuration.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: SBS 2008(Exchange 2007 cert errors)

      Hi Simon,

      Unfortunally, configuration is done manually,becouse server is on dedicated hosting provider with public ip.

      First task of configuration was setup ip,which need to be private,but in this case it's not possible.

      Public SSL cert it's functioning as it should.At first place, it's assigned via IIS to OWA. Something messed up,when assigned POP/IMAP services.

      I've read something like "Configure SSL Certificates to Use Multiple Client Access Server Host Names", but i'm not sure if i'm going in right directions.

      Thanks for reply,
      Regards,

      Comment


      • #4
        Re: SBS 2008(Exchange 2007 cert errors)

        The fact that it is at hosting provider means nothing. You should still use the wizards to do the configuration. Working against the SBS wizards will just mean lots of hurt, because SBS is designed to configured and managed using the wizards. If you didn't want to use the wizards then you should have purchased the full products instead, which would allow complete manual configuration.

        My response still stands - use the wizards to configure the server and you will find that things work correctly, because that is how SBS is designed to be used.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: SBS 2008(Exchange 2007 cert errors)

          Hi Simon,

          I'm totally agree with your opinion and document recommendation to use wizards for configuration.It's a design for SBS 2008, but also in design is something that should be aware: server must have private IP.

          On very first wizard(configuring network), it's a criteria to have an private ip. In my case, i don't have and I couldn't supply from hosting provider(only public IPs from them)

          Conf. network wizard pop up warning message to change ip to private, but if i change it, all gone in the wind (server wont be available)

          When run wizard "Import certificate from trusting....",it's said that should be configured network adapter with private ip,terminating,and point me to 1st wizard....

          So manual configuration seems to be only choice.

          Exchange cmdlets can solve this, but still searching for solution.

          Be aware: when have SBS 2008 with public IP only, configuring it's a nightmare(took me hours of conf)

          Regards,

          Comment


          • #6
            Re: SBS 2008(Exchange 2007 cert errors)

            I have three SBS 2008 servers in data centres belonging to various clients myself.
            I have a case study on my blog for one here: http://blog.sembee.co.uk/post/Case-S...le-Server.aspx

            I am not even sure the configuration you are using with a public IP address on the server itself is even supported, so getting assistance from Microsoft might not be possible. If it was full product then it would be easy, but SBS makes so many changes under the hood.

            Furthermore, if the SBS has been provided to you by a hosting company, it must be on an SPLA agreement. The last time I checked the cost between SBS and Windows 2008 R2 and Exchange 2010 on SPLA wasn't that great, so wonder if the product was the correct choice.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: SBS 2008(Exchange 2007 cert errors)

              Great case study, such a complex implementation.

              Yes, SBS is a bit of complex. Choice is made according with company, but anyway, i still work to fix it.

              Thanks for your replies.

              Comment

              Working...
              X