Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Mon, 24 Sep 2007 10:18:28 +0200,    group: microsoft.public.exchange.tools        back       


Re: ExBPA    
Hi,
I'm not sure if this actually is my problem. Since the ExBPA report that the 
certificate has expired (and has the dates) and that the certificates 
principal name isn't correct - it looks like it get's this information from 
someone. The problem is from where?



-- 
Björn Axéll - Advisec AB
http://blog.advisec.com

"Haruya Shida [MSFT]"  skrev i meddelandet 
news:29889645-6B12-4666-94D4-F15229E78E42@microsoft.com...
> Hello,
>
> ExBPA creates a list of possible domains used for the environment from
> recipient policies. I guess that in your case, your OWA URL does not match
> one of the SMTP domains listed in recipient policies? If so, you can 
> ignore
> these warnings. If you actually use the domain for your OWA access, this 
> is a
> valid warning.
>
> The check ExBPA does is pretty simple and almost as the same as when you
> open IE and access the URL. You should see the warning.
>
> Regards,
> Haruya Shida
>
> -- 
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
> "Björn Axéll -Advisec AB" wrote:
>
>> I now see that I added to of the same issues instead of the other I 
>> had:-(
>> Here is the warning I get:
>> Certificate principal mismatch :
>>  The principal for SSL certificate 'https://XXXXX.cc' does not appear to
>> match the host address. Host address: XXXX.cc. Principal: C=SE, S=XXXX,
>> L=XXXX, O="XXX, XXXold", CN=*.XXX.
>>
>>
>> -- 
>> Björn Axéll - Advisec AB
>> http://blog.advisec.com
>>
>> "Björn Axéll -Advisec AB"  wrote in message
>> news:%230nG8u7%23HHA.4732@TK2MSFTNGP04.phx.gbl...
>> > Hi,
>> > I have a one error and one waring in my report after scaning my 
>> > Exchange
>> > enviroment. Both of these are related to certificates:
>> >      Certificate has expired :
>> >     1) The SSL certificate for 'https://XXXXXX.se' expired 08/15/2007
>> > 00:37:56. Users may be unable to connect with the server.
>> >
>> >      2)Certificate has expired :
>> >       The SSL certificate for 'https://XXXXXX.se' expired 06/08/2006
>> > 13:59:59. Users may be unable to connect with the server.
>> >
>> >      I have look at all my Exchaneg servers (local certificate store 
>> > for
>> > the computer)and I can't find these certificates . The strange thing is
>> > that the report have these issues under the DC I selected for the scan. 
>> > IS
>> > the information stored in AD or? Where does ExBPA read?
>> >
>> >      Would realy need some help!
>> >
>> >
>> > -- 
>> > Björn Axéll - Advisec AB
>> > http://blog.advisec.com
>> >
>> >
>>
>>
>>
date: Mon, 24 Sep 2007 10:18:28 +0200   author:   Björn Axell

Re: ExBPA    
All right. I will try to explain it one more time.

> Since the ExBPA report that the certificate has expired (and has the dates)

When you use your IE to access the same URL (https://<URL ExBPA reports the 
certificate error>, what do you see? You should see a warning or error . When 
you see the details of the warning/error, you can get the ceirtifcate's 
expiration date and other information why you see a warning/error for the 
certificate. ExBPA uses the same mechanism as IE to get information about the 
certificate. Thus, if you see a warning in IE, you should see a warning in 
ExBPA too.

From your description, I suspect that you are not responsible to manage 
those certificates ExBPA displays errors/warnings. Unfortunately, there is no 
way for ExBPA to tell who manages those certificates. If you are sure that it 
belongs to your company, you may need to check inside.

>and that the certificates principal name isn't correct 

Again, the logic of ExBPA is the same as above. When ExBPA gets the 
information of the certificate, it looks at the CN value. If the CN value 
does not match the URL, it logs this warning.

Hope this helps.
Thanks,
Haruya Shida

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.


"Björn Axell" wrote:

> Hi,
> I'm not sure if this actually is my problem. Since the ExBPA report that the 
> certificate has expired (and has the dates) and that the certificates 
> principal name isn't correct - it looks like it get's this information from 
> someone. The problem is from where?
> 
> 
> 
> -- 
> Björn Axéll - Advisec AB
> http://blog.advisec.com
> 
> "Haruya Shida [MSFT]"  skrev i meddelandet 
> news:29889645-6B12-4666-94D4-F15229E78E42@microsoft.com...
> > Hello,
> >
> > ExBPA creates a list of possible domains used for the environment from
> > recipient policies. I guess that in your case, your OWA URL does not match
> > one of the SMTP domains listed in recipient policies? If so, you can 
> > ignore
> > these warnings. If you actually use the domain for your OWA access, this 
> > is a
> > valid warning.
> >
> > The check ExBPA does is pretty simple and almost as the same as when you
> > open IE and access the URL. You should see the warning.
> >
> > Regards,
> > Haruya Shida
> >
> > -- 
> > This posting is provided "AS IS" with no warranties, and confers no 
> > rights.
> >
> >
> > "Björn Axéll -Advisec AB" wrote:
> >
> >> I now see that I added to of the same issues instead of the other I 
> >> had:-(
> >> Here is the warning I get:
> >> Certificate principal mismatch :
> >>  The principal for SSL certificate 'https://XXXXX.cc' does not appear to
> >> match the host address. Host address: XXXX.cc. Principal: C=SE, S=XXXX,
> >> L=XXXX, O="XXX, XXXold", CN=*.XXX.
> >>
> >>
> >> -- 
> >> Björn Axéll - Advisec AB
> >> http://blog.advisec.com
> >>
> >> "Björn Axéll -Advisec AB"  wrote in message
> >> news:%230nG8u7%23HHA.4732@TK2MSFTNGP04.phx.gbl...
> >> > Hi,
> >> > I have a one error and one waring in my report after scaning my 
> >> > Exchange
> >> > enviroment. Both of these are related to certificates:
> >> >      Certificate has expired :
> >> >     1) The SSL certificate for 'https://XXXXXX.se' expired 08/15/2007
> >> > 00:37:56. Users may be unable to connect with the server.
> >> >
> >> >      2)Certificate has expired :
> >> >       The SSL certificate for 'https://XXXXXX.se' expired 06/08/2006
> >> > 13:59:59. Users may be unable to connect with the server.
> >> >
> >> >      I have look at all my Exchaneg servers (local certificate store 
> >> > for
> >> > the computer)and I can't find these certificates . The strange thing is
> >> > that the report have these issues under the DC I selected for the scan. 
> >> > IS
> >> > the information stored in AD or? Where does ExBPA read?
> >> >
> >> >      Would realy need some help!
> >> >
> >> >
> >> > -- 
> >> > Björn Axéll - Advisec AB
> >> > http://blog.advisec.com
> >> >
> >> >
> >>
> >>
> >> 
> 
>
date: Mon, 24 Sep 2007 11:42:32 -0700   author:   Haruya Shida [MSFT]

Re: ExBPA    
Thanks, i now understand what you meen.

-- 
Björn Axéll - Advisec AB
http://blog.advisec.com

"Haruya Shida [MSFT]"  wrote in message 
news:41908307-9701-418B-BA52-76DC3B7E0189@microsoft.com...
> All right. I will try to explain it one more time.
>
>> Since the ExBPA report that the certificate has expired (and has the 
>> dates)
>
> When you use your IE to access the same URL (https://<URL ExBPA reports 
> the
> certificate error>, what do you see? You should see a warning or error . 
> When
> you see the details of the warning/error, you can get the ceirtifcate's
> expiration date and other information why you see a warning/error for the
> certificate. ExBPA uses the same mechanism as IE to get information about 
> the
> certificate. Thus, if you see a warning in IE, you should see a warning in
> ExBPA too.
>
> From your description, I suspect that you are not responsible to manage
> those certificates ExBPA displays errors/warnings. Unfortunately, there is 
> no
> way for ExBPA to tell who manages those certificates. If you are sure that 
> it
> belongs to your company, you may need to check inside.
>
>>and that the certificates principal name isn't correct
>
> Again, the logic of ExBPA is the same as above. When ExBPA gets the
> information of the certificate, it looks at the CN value. If the CN value
> does not match the URL, it logs this warning.
>
> Hope this helps.
> Thanks,
> Haruya Shida
>
> -- 
> This posting is provided "AS IS" with no warranties, and confers no 
> rights.
>
>
> "Björn Axell" wrote:
>
>> Hi,
>> I'm not sure if this actually is my problem. Since the ExBPA report that 
>> the
>> certificate has expired (and has the dates) and that the certificates
>> principal name isn't correct - it looks like it get's this information 
>> from
>> someone. The problem is from where?
>>
>>
>>
>> -- 
>> Björn Axéll - Advisec AB
>> http://blog.advisec.com
>>
>> "Haruya Shida [MSFT]"  skrev i meddelandet
>> news:29889645-6B12-4666-94D4-F15229E78E42@microsoft.com...
>> > Hello,
>> >
>> > ExBPA creates a list of possible domains used for the environment from
>> > recipient policies. I guess that in your case, your OWA URL does not 
>> > match
>> > one of the SMTP domains listed in recipient policies? If so, you can
>> > ignore
>> > these warnings. If you actually use the domain for your OWA access, 
>> > this
>> > is a
>> > valid warning.
>> >
>> > The check ExBPA does is pretty simple and almost as the same as when 
>> > you
>> > open IE and access the URL. You should see the warning.
>> >
>> > Regards,
>> > Haruya Shida
>> >
>> > -- 
>> > This posting is provided "AS IS" with no warranties, and confers no
>> > rights.
>> >
>> >
>> > "Björn Axéll -Advisec AB" wrote:
>> >
>> >> I now see that I added to of the same issues instead of the other I
>> >> had:-(
>> >> Here is the warning I get:
>> >> Certificate principal mismatch :
>> >>  The principal for SSL certificate 'https://XXXXX.cc' does not appear 
>> >> to
>> >> match the host address. Host address: XXXX.cc. Principal: C=SE, 
>> >> S=XXXX,
>> >> L=XXXX, O="XXX, XXXold", CN=*.XXX.
>> >>
>> >>
>> >> -- 
>> >> Björn Axéll - Advisec AB
>> >> http://blog.advisec.com
>> >>
>> >> "Björn Axéll -Advisec AB"  wrote in message
>> >> news:%230nG8u7%23HHA.4732@TK2MSFTNGP04.phx.gbl...
>> >> > Hi,
>> >> > I have a one error and one waring in my report after scaning my
>> >> > Exchange
>> >> > enviroment. Both of these are related to certificates:
>> >> >      Certificate has expired :
>> >> >     1) The SSL certificate for 'https://XXXXXX.se' expired 
>> >> > 08/15/2007
>> >> > 00:37:56. Users may be unable to connect with the server.
>> >> >
>> >> >      2)Certificate has expired :
>> >> >       The SSL certificate for 'https://XXXXXX.se' expired 06/08/2006
>> >> > 13:59:59. Users may be unable to connect with the server.
>> >> >
>> >> >      I have look at all my Exchaneg servers (local certificate store
>> >> > for
>> >> > the computer)and I can't find these certificates . The strange thing 
>> >> > is
>> >> > that the report have these issues under the DC I selected for the 
>> >> > scan.
>> >> > IS
>> >> > the information stored in AD or? Where does ExBPA read?
>> >> >
>> >> >      Would realy need some help!
>> >> >
>> >> >
>> >> > -- 
>> >> > Björn Axéll - Advisec AB
>> >> > http://blog.advisec.com
>> >> >
>> >> >
>> >>
>> >>
>> >>
>>
>>
date: Mon, 24 Sep 2007 22:19:40 +0200   author:   Bj?rn Ax?ll -Advisec AB

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us