Asked By
Jimmy Perez
30 points
N/A
Posted on - 02/18/2012
We are using Windows SBS 2003/Exchange 2003 at our server, while the client has Windows XP/7 on the client PC, which uses Outlook 2007/2010.
Last week, our user received an error message with MS Exchange 2007 about an “Expired Certificate” and “Autodiscover.
(our domain name).com error”.
The error messages popped up when the user started Outlook on his computer.
I want to know, why this thing happened.
And what are the solutions for this.
Expired Certificate and Autodiscover Errors in Exchange
You usually get an “Expired Certificate” error if your Exchange 2003 or Exchange 2007 is almost about to reach its first year. When you hit the first year, this is the time when you start receiving an error message about the expiration of an internal transport certificate. You just need to create a new certificate to solve this issue. Try following these steps in creating a new certificate:
You need first to see the certificate that is currently installed. You can do this by running the command Get-ExchangeCertificate | List. Go to the command prompt then type get-exchangecertificate | List and then hit Enter.
NotAfter – shows the expiration date of the certificate
Services – shows the services that the certificate applies to (IMAP, POP, IIS, SMTP)
Thumbprint – this will be used in identifying the certificate and in making changes as well
Create a new certificate by running the command New-ExchangeCertificate. The system will warn you that you are about to overwrite the default SMTP certificate. Press y.
Run the command get-exchangecertificate | list again to see the newly created certificate. You need the Thumbprint value of the newly created certificate to enable it. Even if you already created a new certificate it is not automatically enabled and the old certificate is still in effect. To enable the new certificate, run the command Enable-ExchangeCertificate -Thumbprint F7A8F1B443A0E7266C72CDE0603302C07B856076 -Service IIS. After enabling the new certificate, you can now remove the old certificate by running the command Remove-ExchangeCertificate -Thumbprint 157700393E5D76615E855A773CFA08AB5842DFB0.
Expired Certificate and Autodiscover Errors in Exchange
It seems that user has been using Exchange 2007 for about a year.When user installed Exchange 2007,there was a self signed certificate.
This self signed certificate is valid for one year only and get expired.So you have to renew the certificate to overcome from the annoying situation.
Please get your certificate from windows PKI or a trusted commercial third party.But you can generate your own certificate.
Steps: type this command "Get-ExchangeCertificate | FL * " .You will get a list and details.Find out the expired certificate.Next command: " Get-ExchangeCertificate -thumbprint “8A2C287CEF5384667045189CEE272ED115D3C575″ | New-ExchangeCertificate " . To accept please type Y.Then you can get details of your new generated certificate commanding: "Get-ExchangeCertificate -thumbprint “7C26C3EF77F5E21971BAAAFCCDE2A553771461C8″ | FL" .If it is needed to bind it to IIS command: " Enable-ExchangeCertificate -thumbprint “7C26C3EF77F5E21971BAAAFCCDE2A553771461C8″ -services IIS" .
Now you can delete your old certificate.To delete command: "Remove-ExchangeCertificate -thumbprint “8A2C287CEF5384667045189CEE272ED115D3C575″ .