Last post Jul 31, 2007 07:05 PM by alex.r
Jul 30, 2007 10:04 PM|alex.r|LINK
I have a big problem that I dont know how to fix.
I replaced private SSL certificate with public SSL certificate, which I installed as per DWHE.86. Now Application log on CAS/HUB server is full of event ID 1032 (no credential was found for <edge server>) and event 1024 (failed to connect to the edge transport
server ADAM instance with exception "The LDAP server is unavailable"). This all worked before I changed SSL certificate.
I re-did EdgeSync procedure and when starting "Start-EdgeSynchronization" I get:
Result : CouldNotConnect
Type : General
Name : CN=EXEDGE07,CN=Servers,CN=Exchange Administrative Group (FYDIB
FailureDetails : The LDAP server is unavailable.
StartUTC : 7/31/2007 1:48:07 AM
EndUTC : 7/31/2007 1:48:08 AM
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
Jul 31, 2007 02:32 AM|PowerK6|LINK
Try to restart your Edge and Hub server.
Jul 31, 2007 03:02 AM|mreijn|LINK
Make sure the following ports are open between the Edge and HUB Server. You can test this with telnet.
Also make sure the Edge/Hub servers can resolve the FQDN of the Edge/Hub servers.
If this is working, you can try to remove the current subscription and re-do the subscription. Make sure you do this when you're not running live.
HUB: Remove-EdgeSubscription -Identity EdgeServerName -DomainController dc.domain.com
EDGE: New-EdgeSubscription -FileName "C:\EdgeSubscriptionInfo.xml"
Copy the File towards the HUB Server
HUB: New-EdgeSubscription -filename "C:\EdgeSubscriptionInfo.xml" -CreateInternetSendConnector $true -site "Default-First-Site-Name"
Jul 31, 2007 08:31 AM|alex.r|LINK
Thank you, but nothing worked. I am wondering if certificate is the problem, because I have wildcard certificate where cn=*.domain.com instead of cn=webmail.domain.com
Jul 31, 2007 09:46 AM|DmitriG|LINK
Did you delete original cartificate from HUB server?
Jul 31, 2007 09:48 AM|alex.r|LINK
Yes I did that
Jul 31, 2007 09:53 AM|DmitriG|LINK
That is a couse of your problem. [;)]
Did you try unsubscribe/subscribe Edge server?
Jul 31, 2007 10:01 AM|alex.r|LINK
Yes, several times.
Is wildcard certificate even going to work here? I am thinking about buying 2 new single certificates, would that work instead of SAN certificate?
Jul 31, 2007 10:20 AM|DmitriG|LINK
This certificate will not work for subscription purposes. You have to restore old one, or you have to create new one with subject equal to HUB server NetBIOS name or AD FQDN. In second case, you can use New-ExchangeCertificate cmdlet to create self-signed
Jul 31, 2007 10:26 AM|DmitriG|LINK
White Paper: Edge Subscription and Synchronization to understand what happens behind the scene and why you don't have to delete original certificate from server without proper replacement.
Jul 31, 2007 10:38 AM|alex.r|LINK
Not good. I even removed original CA. Am I looking into reinstalling servers?
Thank you for your help
Jul 31, 2007 11:02 AM|DmitriG|LINK
Am I looking into reinstalling servers?
It is up to you [:D]
New self-signed certificate is enough to solve your problem.
Jul 31, 2007 11:53 AM|alex.r|LINK
I reinstalled CA on domain controller using existing keys, went through certificate request/import/enable on CAS server, recreated EDGE subscription and still the same
Jul 31, 2007 12:11 PM|DmitriG|LINK
I reinstalled CA on domain controller using existing keys
Why you did it?
went through certificate request/import/enable on CAS server
CAS or HUB?
Jul 31, 2007 12:15 PM|alex.r|LINK
Before installing public certificate, I removed CA from AD, so now I reinstalled it
In my environment CAS and HUB are on the same server
Jul 31, 2007 01:37 PM|PowerK6|LINK
In fact,you don't need private CA. I just did the same change as you last month.
I regenerate/enable self-signed cert on Edge and Hub(same server as CAS), and then do the New-subscription procedure.
The first I got the same error, so I reboot Edge and Hub(maybe only need to restart Microsoft EdgeSync/Transport or related Services ), restart EdgeSynchronization, it worked!
Hope this info can help you.
Jul 31, 2007 01:43 PM|alex.r|LINK
Can you please tell me how you regenerated/enabled self-signed cert on EDGE and HUB?
Jul 31, 2007 02:11 PM|PowerK6|LINK
New-ExchangeCertificate | Enable-ExchangeCertificate -Services "SMTP"
Jul 31, 2007 07:05 PM|alex.r|LINK
Thank you so much! It is working