Thursday, November 02, 2006

E2K3 Public folder management - SSL certificate server name is incorrect error

I'm still in the middle of cleaning up an E2K3 organization that has kind of been neglected for a few years. I ran in to a problem where I was trying to remove a public folder store from a front-end server. The SSL certificate on the front-end server is wrong (wrong FQDN/CN, unknown CA, and it is expired). I could not manage the public folder hierarchy using Exchange System Manager.

Depending on what I was trying to do, I got this error:

The SSL certificate server name is incorrect.
ID no: c103b404 Exchange System Manager

I also saw this error:
The token supplied to the function is invalid
ID no 80090308

Lots of newsgroup and web discussion forms pointed to this KB article indicating that the problem might be related to SSL being required on the /ExAdmin virtual directory. "You receive an SSL Certificate error message when you view public folders in Exchange System Manager" http://support.microsoft.com/kb/324345 I checked that and it was NOT the case.

Finally found some instructions in a newsgroup that worked. This requires ADSIEDIT and a little bit of Exchange configuration editing.
  1. Run ADSIEDIT
  2. Navigate to the following object: CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1, CN=Exadmin
  3. Display the properties of the CN=Exadmin object
  4. Locate the msExchSecureBindings attribute, highlight it and click Edit button
  5. If it has a value of :443:, select that value in the Values list, click Remove.
  6. Click OK twice and then close ADSIEDIT
Give this a few minutes to replicate through Active Directory and try it again!

19 Comments:

At 12:52 PM, Anonymous Anonymous said...

Does this have any impact on exchange security? I administer a win/exch 2003 server that was upgraded from a win/exch 200 server. I have had this problem for some time. I have usually found a work around to chnage public folder permissions or remove public folders, but my work arounds are not working for me today.

 
At 11:35 AM, Blogger Oryan said...

This fixed my problem like a charm. I have been looking around for a solution for a couple of hours and everyone is pointing to the same MS knowledgebase article. But the information listed here is what they should add to that KB article.
Thanks Jim, You Rock.

-Oryan

 
At 11:05 PM, Anonymous Anonymous said...

I have had an issue with SSL and public folders for some time and finally came across this article after much searching.
Thank you Jim!

 
At 3:12 AM, Blogger Unknown said...

Just from reading your post real quickly it appears that you are turning of SSL for the \exadmin folder. Isnt that the exact same solution the MS article is describing minus the IIS GUI?

 
At 2:11 AM, Blogger CrazyRican said...

This really works! I've had this problem for over a year and nothing worked, including that nice MS article. My guess is that changing SSL settings in IIS doesn't always work and ADSIEDIT is a more direct way of removing SSL. Thanks Jim.

 
At 8:21 AM, Anonymous Anonymous said...

I too had this same issue. And your solution saved me a $250.00 Tech Support call. Well Done.

 
At 12:15 PM, Blogger Unknown said...

Thanks from here too....

Worked like a charm :)

 
At 7:53 AM, Anonymous Anonymous said...

Worked for me too. Thanks!

 
At 1:09 AM, Blogger BIG LEE said...

Worked straight away and first time. Thanks for the info Jim, you've just made my day!

 
At 5:54 AM, Blogger Unknown said...

it really worked .. now just rest for us to know why IIS is not changing de SSL option . thx a lot

 
At 8:42 AM, Blogger webmaster said...

Thanks, this took care of my problems as well... Thanks for nothing Microsoft!

 
At 3:30 AM, Blogger Unknown said...

Worked for me too ...
microsoft KBWHatever did work but i have to ask is this the same thing like ms said ?

 
At 2:59 AM, Blogger Mrhide said...

sorry to say that it did *not* work for me :(

 
At 9:56 PM, Blogger Unknown said...

I had to apply the original MS Fix (Unchecking SSL etc.) after removing the 443 entry. This came about as the result of installing a third party cert on an SBS box.

 
At 3:51 AM, Blogger Unknown said...

Tried this fix and I am now getting the following error.

'Could not locate the root folder. Ensure that your default virtual server is running and that it is configured correctly. If you have used the IIS lockdown or URL Scanning security tools on your server, go to http://support.microsoft.com for more information about running these tools.

ID no: c103b405
Exchange System Manager

Tried rebooting the server after change and still the same.

This happened after adding a third party SSL certificate for the Outlook Web Access.

Help!....

 
At 6:21 AM, Anonymous Anonymous said...

This worked like a dream for me. I have inherited an sbs 2003 server that had a 'self signed cert' installed with a different hostname to that of the server itself.
Thanks very much for posting!

 
At 11:02 AM, Blogger Unknown said...

Thanks for this, had come across the MS KB article first tried that didn't work, then your fix and it worked pretty straight away! Thanks

 
At 1:24 PM, Blogger Unknown said...

Solved my issue. It was because there was more than one site set up in IIS. Stopping the sites temporarily whilst the exchange public folders are edited and then starting them again works fine every time.

 
At 5:02 AM, Blogger Unknown said...

THANK YOU!

 

Post a Comment

<< Home