As part of a recent SBS 2003 – SBS 2008 migration we came across the following error when trying to move the Public Folder’s from Exchange 2003 to Exchange 2007. When we told Exchange 2003 to move the Replica Set we saw the below error:
The SSL certificate server name is incorrect
ID no: c103b404
Exchange System Manager
Searching for a resolution we found a number of sites that listed removing the SSL certificate requirement on the exadmin folder (As per http://support.microsoft.com/kb/324345). Unfortunately this wasn’t a complete fix as it also appeared we then needed to use adsiedit to remove the :443: binding on the service. The fix below worked for us:
- In IIS navigate to the Exadmin folder, Right click to bring the “Properties” window up and go to the “Directory Security” tab
- In the “Secure Communications” section select “Edit”.
- Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit encryption.”
- If the “Require 128-bit encryption.” is selected and greyed out, make sure to select “Require secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect “Require secure channel (SSL)” again.
- Goto Start – Run and type adsiedit.msc
- In the left side pane expand the Configuration container.
- Next expand CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1
- Right Click on CN=Exadmin and choose Properties.
- In the Properties dialog box you will see 2 drop-down lists. drop down the top list and select “Both”. Drop down the second list and scroll down to the attribute “msExchSecureBindings” and double click on it.
- If this attribute is set to 443, click the 443 value to select it and click the “Remove” button. Then click “Apply” and then “OK”
- Close out of ADSI Edit,
- Restarted IISadmin service
Test the replication again, hopefully all should now be working as expected.