Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2nd exchange 2007 server - certificate problems?

Status
Not open for further replies.
Mar 8, 2002
39
GB
Hi,

We currently have an exchange 2007 (SP1) server in a single domain. We wish to install an Exchange 2010 server to replace this, but obviously can't without upgrading 2007 to SP2 or SP3. Now here is the first issue; there is a problem with the windows installer, as well as the network drivers on this server, so the exchange SP install always fails.

The workaround has been to install a VM running Exchange 2007 SP3 and moving the mailboxes. This server has been setup with the exchange generated certificate.

I have moved 4 or 5 mailboxes which have moved successfully, but now outlook comes up with a security alert, saying that "The security certificate was issued by a company you have chosen not to trust". Now, we can choose "no" when asked if you want to proceed, and all works fine. However, selecting yes, or installing the certificate means that the user gets prompted for their AD username and password each time outlook is opened.

I have done a "Test email autoconfiguration" which completes without errors as long as you either choose no to the certificate, or put the username/password in.

I'm assuming (perhaps wrongly) that this is something to do with the address of the autodiscover server.

If I use IE to browse to I get a certificate prompt, and then a password prompt but then it goes to "600 Invalid Request"

So at the minute, I don't know if this is an exchange problem, a certificate problem, a DNS problem or an IIS problem.

On a side note, all Outlook 2003 clients just get prompted for the password, there is no mention of the certificate.
 
Do you have a trusted certificate installed on the first server? If so, export it and import it on the second server, and enable it for the appropriate services.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Thanks. Could you talk me through the steps on how to do that please?
 
Right, getting the error message "exporting a certificate with its private key requires that a password be specified."

Is it certainly the certificate which is causing the password prompting? I can understand why we're getting the certificate error, but not why it needs the password when it actually uses the certificate?
 
When you export the cert, you must specify a password. You then submit that password when you import the certificate on the other server.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top