m

As part of a recent SBS 2003 – SBS 2008 migration we came across the following error when trying to move the Public Folder’s from Exchange 2003 to Exchange 2007. When we told Exchange 2003 to move the Replica Set we saw the below error:

The SSL certificate server name is incorrect
ID no: c103b404
Exchange System Manager

image

Searching for a resolution we found a number of sites that listed removing the SSL certificate requirement on the exadmin folder (As per http://support.microsoft.com/kb/324345). Unfortunately this wasn’t a complete fix as it also appeared we then needed to use adsiedit to remove the :443: binding on the service. The fix below worked for us:

  1. In IIS navigate to the Exadmin folder, Right click to bring the “Properties” window up and go to the “Directory Security” tab
  2. In the “Secure Communications” section select “Edit”.
  3. Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit encryption.”
  4. If the “Require 128-bit encryption.” is selected and greyed out, make sure to select “Require secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect “Require secure channel (SSL)” again.
  5. Goto Start – Run and type adsiedit.msc
  6. In the left side pane expand the Configuration container.
  7. Next expand CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1
  8. Right Click on CN=Exadmin and choose Properties.
  9. In the Properties dialog box you will see 2 drop-down lists. drop down the top list and select “Both”. Drop down the second list and scroll down to the attribute “msExchSecureBindings” and double click on it.

    image

  10. If this attribute is set to 443, click the 443 value to select it and click the “Remove” button. Then click “Apply” and then “OK”
  11. Close out of ADSI Edit,
  12. Restarted IISadmin service

Test the replication again, hopefully all should now be working as expected.

3 comments

  1. 22/07/2012 at 3:27 AM Danny H

    I ran into this in a 2003- SBS 2011 Exchange 2010 migration and it worked like a champ. Thanks for the article!

  2. 12/06/2013 at 10:39 AM Richie Knight

    Worked like a charm! Many thanks.

  3. 04/03/2014 at 3:38 PM Filou

    yes, perfect !