Home > Exchange 2003, server 2003, troubleshooting, windows, windows server > SSL Errors in Exchange 2003 Public Folder Management

SSL Errors in Exchange 2003 Public Folder Management

On a recent network audit for a prospective new client, I came across an issue in the Exchange System Manager for their Exchange Server 2003 box. When you tried to browse into any public folder management, ESM presented the following error:

The SSL certificate server name is incorrect.

I checked the certificate, and it was definitely valid with a trusted Root CA. A quick web search pointed me to this Microsoft KB. The gist is that whoever set up the Exchange server had set SSL to be required on the \Exadmin virtual directory in the default site on the server. The solution: Clear SSL for the Exadmin vdir and relaunch ESM.

This one is fairly straightforward and seems to be fairly common, but I thought I would throw it up here all the same as I had not really come across it in recent memory.

Cheers,

JaS

Advertisements
  1. Evgeny
    2008-09-21 at 12:34

    I resolved this by doing the following steps:

    1. In the properties of the virtual root Exadmin in IIS, go to the “Directory
    Security” tab
    2. In the “Secure Communications” section select “Edit”.
    3. Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit
    encryption.”
    4. If the “Require 128-bit encryption.” is selected and greyed out, make sure to
    select “Require
    secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect
    “Require secure channel (SSL)” again.
    5. Goto Start – Programs – Support Tools – Tools and launch ADSI Edit.

    6. In the left side pane expand the Configuration container.
    7. Next expand CN=Configuration
    8. Then CN=Services
    9. CN=Microsoft Exchange
    10. CN=
    11. CN=Administrative Groups
    12. CN=First Administrative Group
    13. CN=Servers
    14. CN=Protocols
    15. CN=HTTP
    16. CN=1
    17. Right Click on CN=Exadmin and choose Properties.
    18. In the Properties dialog box you will see 2 drop-down lists. drop down the top

    list and select “Both”. Drop down the second list and scroll down to the attribute

    “msExchSecureBindings” and double click on it.
    19. If this attribute is set to 443 or any other value really, click the 443 value

    to select it and click the “Remove” button. Then click “Apply” and then “OK”
    20. Close out of ADSI Edit,

    21. Restarted IISadmin service.

    Close and reopen Exchange System Manager and test
    Public Folder access again . Issue Resolved

  2. Mike P
    2009-01-15 at 17:22

    Excellent !
    Thanks very much for your clear, helpful instructions.
    Worked a treat.

  3. Bryant Grant
    2009-01-27 at 08:21

    Thanks for the tip!

    As for public folders security permissions management I like using using a tool called security explorer for exchange that provides an intuitive gui interface for granting and managing permissions on public folders like calendar, inbox and contacts.

    This tool is also included to scriptlogic’s exchange management soluton – a bundle of 3 tools for exchange security management, reporting and archiving.

    • Jonathan
      2009-09-14 at 08:02

      Thanks for this. I’d previously found references to only the first part of this solution – removing SSL from the exadmin folder. I’d already done that, and the schema change then fixed the problem for me!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: