Thursday, March 22, 2012

Self-Issued Security Certificate has expired on Windows SBS 2008

I came across this issue today with a client where all their Outlook clients were reporting that the server security certificate had expired.

Outlook errors with a notice of two out of three ticks like this image:


As mentioned, I found this to be the case with all clients in the organisation. Looking on the server it was all reporting the same thing (SBS Console > Network > Connectivity > Certificate > Properties )


To fix this issue:

  1. Logon on to your SBS Server.
  2. Open the SBS Console
  3. Go to Network > Connectivity tab
  4. On the right-hand side, click on "Fix My Network"
  5. Run through the wizard, and it will detect the expired certificate and issue a new one.

Source:
The Official SBS Blog - TechNet Blogs http://bit.ly/GICfWd

16 comments:

  1. This worked perfect! Thanks so much...I have been trying to figure out how to fix this for the past few days.

    Cheers

    ReplyDelete
  2. It works! Thank you so much.

    ReplyDelete
  3. Thanks this worked for me. I had to do this remotely and was unsure if I was going to lose connection.

    All went well.

    ReplyDelete
  4. Simple to do, fast, and it worked, thank you very much !

    ReplyDelete
  5. Great stuff!!! This really worked well. Thank you very much for sharing !!

    ReplyDelete
  6. Great TID... thanx for sharing the easy solution

    ReplyDelete
  7. Brilliant Daniel!...thanks so much for sharing you saved my headache!
    All the best
    M

    ReplyDelete
  8. Thank You for posting this solution. Why can't Microsoft publish something that is as clear and simple? And solves the problem straight away. A few years ago I spent hours involved with reissuing a certificate - and this was all I needed - so thanks again.

    ReplyDelete
  9. thanx for the tip that really helped.

    here's something i noticed afterwards. i went through the event logs and found event 12016 generated by MSExchangeTransport that states:

    There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN example.dom. The exisiting certificate for that FQDN has expired. The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of example.dom should be installed in this server as soon as possible. You can create a new certificate by using New-Exchange Certificate task.

    fyi

    ReplyDelete
    Replies
    1. You can use the IIS method to also generate the new SSL, however on the SBS wizards have been developed to make sure that all relevant sections are updated as necessary.

      Thanks for the comment.

      Delete
  10. Thank you. This is a quick and fast solution. I asked some friend and noone could tell me what to do except.... oh... difficoult... have to look into that and would take some time ....
    Could have had the idea using the wizard by myself ;)
    Thanks again :)

    ReplyDelete
  11. do i just delete expired certificates still in list in exchange 2010 after i run fix my network

    ReplyDelete
  12. do i just delete expired certificates still in list in exchange 2010 after i run fix my network

    ReplyDelete
    Replies
    1. This is not necessary. Once the new certificate is in place and working, the old certificates are right to remain there.

      Delete
  13. Great job! i read this blog, this blog is very helpful for me... i like this post and i feel very happy to read this article...
    More info:- Windows Live Mail Technical Support



    ReplyDelete
  14. Thanks for this. It worked without a hitch and has just saved me hours of hassle.

    ReplyDelete