On a recent network audit for a prospective new client, I came across an issue in the Exchange System Manager for their Exchange Server 2003 box. When you tried to browse into any public folder management, ESM presented the following error:
The SSL certificate server name is incorrect.
I checked the certificate, and it was definitely valid with a trusted Root CA. A quick web search pointed me to this Microsoft KB. The gist is that whoever set up the Exchange server had set SSL to be required on the \Exadmin virtual directory in the default site on the server. The solution: Clear SSL for the Exadmin vdir and relaunch ESM.
This one is fairly straightforward and seems to be fairly common, but I thought I would throw it up here all the same as I had not really come across it in recent memory.
Cheers,
JaS
I resolved this by doing the following steps:
1. In the properties of the virtual root Exadmin in IIS, go to the “Directory
Security” tab
2. In the “Secure Communications” section select “Edit”.
3. Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit
encryption.”
4. If the “Require 128-bit encryption.” is selected and greyed out, make sure to
select “Require
secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect
“Require secure channel (SSL)” again.
5. Goto Start – Programs – Support Tools – Tools and launch ADSI Edit.
6. In the left side pane expand the Configuration container.
7. Next expand CN=Configuration
8. Then CN=Services
9. CN=Microsoft Exchange
10. CN=
11. CN=Administrative Groups
12. CN=First Administrative Group
13. CN=Servers
14. CN=Protocols
15. CN=HTTP
16. CN=1
17. Right Click on CN=Exadmin and choose Properties.
18. In the Properties dialog box you will see 2 drop-down lists. drop down the top
list and select “Both”. Drop down the second list and scroll down to the attribute
“msExchSecureBindings” and double click on it.
19. If this attribute is set to 443 or any other value really, click the 443 value
to select it and click the “Remove” button. Then click “Apply” and then “OK”
20. Close out of ADSI Edit,
21. Restarted IISadmin service.
Close and reopen Exchange System Manager and test
Public Folder access again . Issue Resolved
Comment by Evgeny — September 21, 2008 @ 12:34 pm
Excellent !
Thanks very much for your clear, helpful instructions.
Worked a treat.
Comment by Mike P — January 15, 2009 @ 5:22 pm
Thanks for the tip!
As for public folders security permissions management I like using using a tool called security explorer for exchange that provides an intuitive gui interface for granting and managing permissions on public folders like calendar, inbox and contacts.
This tool is also included to scriptlogic’s exchange management soluton – a bundle of 3 tools for exchange security management, reporting and archiving.
Comment by Bryant Grant — January 27, 2009 @ 8:21 am
Thanks for this. I’d previously found references to only the first part of this solution – removing SSL from the exadmin folder. I’d already done that, and the schema change then fixed the problem for me!
Comment by Jonathan — September 14, 2009 @ 8:02 am