Renewing MS Exchange 2007 self-signed certificate

By default MS Exchange 2007 uses self signed certificates for various services (SMTP, IMAP, IIS, POP, etc). Normally these certificates are valid for one year.

Once certificate starts approaching its expiry date following events will be logged in Application Logs on Exchange server:

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date:
Time:
User: N/A
Computer: <server name>
Description:
The STARTTLS certificate will expire soon: subject: <server.domain.local>, hours remaining: 177700433E5D67615E8564373CAF08AB5842DEA0. Run the New-ExchangeCertificate cmdlet to create a new certificate.

Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12017
Date: 13/04/2008
Time: 09:01:00
User: N/A
Computer: <server name>
Description:
An internal transport certificate will expire soon. Thumbprint:135645393F5D74715F825A865CAF08BB8332DC10, hours remaining: 156

Once certificate expires following event will be logged:

Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Date:
Time:
User: N/A
Computer: <server name>
Description:
The STARTTLS certificate will expire soon: subject: <server.domain.local>, hours remaining: 124543103F37D661E48559A73FFBA84A5832DBA0. Run the New-ExchangeCertificate cmdlet to create a new certificate.

To renew the certificate perform following steps:
1. Open Exchange Management Shell
2. Check status of existing certificate(s). Make note of the "Thumbprint" value:
Get-ExchangeCertificate | List
3. Get a new self-signed certificate. Use "Thumbprint" from the old certificate:
Get-ExchangeCertificate –thumbprint "C9A4BB6094A167BD324618D8492C4C5281FDD34A" | New-ExchangeCertificate
4. Examine properties of the new certificate. Make sure all required services are enabled.
Get-ExchangeCertificate | List
5. If some of the required services are not enabled you can enable them with following cmdlet:
Enable-ExchangeCertificate -thumbprint "A0BB986024A347BAC24438D8432C1B123AFDF11B" -services IIS, POP, SMTP, IMAP
6. Ensure that all required services are working with new certificate and then remove the old certificate:
Remove-ExchangeCertificate -thumbprint "C9A4BB6094A167BD324618D8492C4C5281FDD34A"

Outlook 2007 and 2010 warning "The name of the security certificate is invalid or does not match the name of the site"

The name of the security certificate is invalid or does not match the name of the site

After starting MS Outlook 2007 or 2010 and connecting to MS Exchange 2007 or 2010 server (on a local network) you get warning "The name of the security certificate is invalid or does not match the name of the site"

This happens because of certificate names mismatch. For more information read Microsoft article KB-940726

To fix the problem:

Open MS Exchange Management Shell.

To find our information about your Autodiscovery server run:
Get-AutodiscoverVirtualDirectory | FL

To fix the certificate error run following 4 commands replacing:
<server_name> - Your Exchange Client Access (Autodiscovery) server name.
<mail.yourdomain.com> - Your exchange server FQDN (valid for your trusted certificate).

Set-ClientAccessServer -Identity <server_name> -AutodiscoverServiceInternalUri https://<mail.yourdomain.com>/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "
<server_name>\EWS (Default Web Site)" -InternalUrl https://<mail.yourdomain.com>/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "
<server_name>\oab (Default Web Site)" -InternalUrl https://<mail.yourdomain.com>/oab

This 4th command is not required on Exchange 2010
Set-UMVirtualDirectory -Identity "
<server_name>\unifiedmessaging (Default Web Site)" -InternalUrl https://<mail.yourdomain.com>/unifiedmessaging/service.asmx

Exchange 2007
Exchange 2010
Outlook 2007
Outlook 2010

Check Installed Programs Remotely (vbscript)

This vb script (by Bill James) lists all installed programs (including Windows Updates) on a remote PC (checks registry Uninstall Key).
Outputs results to a text file.

Download

Windows XP

Delete old files (vbscript)


This vbscript will delete all files older that 3 months in a specified folder and all subfolders. It will also create a log file with all processed folders and deleted files.
Download

' Folder path
const fldname = "\\your\folder\path"
set fso = createobject("scripting.filesystemobject")
set fldr = fso.getfolder(fldname)
dttoday = date
tmnow = Time

'Calculate trigger date (change according to your requirements)
dtold = dateadd("m", -3, dttoday) 'files older than 3 months will be deleted

'DateAdd(interval,number,date)
'Interval:
'    * yyyy - Year
'    * q - Quarter
'    * m - Month
'    * y - Day of year
'    * d - Day
'    * w - Weekday
'    * ww - Week of year
'    * h - Hour
'    * n - Minute
'    * s - Second

'    Log File
Set LogFSO = CreateObject("Scripting.FileSystemObject")
FileName = Year(dttoday)&"."&Month(dttoday)&"."&Day(dttoday)&"-"&Hour(tmnow)&"."&Minute(tmnow)&"."&Second(tmnow)&".txt"
Set LogFile = LogFSO.OpenTextFile(FileName, 2, True)

recurse fldr  
sub recurse( byref fldr)
dim subfolders,files,folder,file
set subfolders = fldr.subfolders
set files = fldr.files
LogFile.WriteLine(fldr.path)
for each file in files
if file.datelastmodified < dtold then
LogFile.WriteLine("     DELETING - " & file.name & " LAST MODIFIED: " & file.datelastmodified)
on error resume next
file.delete
end if
next  
for each folder in subfolders
recurse folder
next   
set subfolders = nothing
set files = nothing
end sub



Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait