Skip navigation

This error occurs when trying to view Public Folders in the Exchange System manager when he SSL certificate name differs between the FQDN and the local server name.  The Exchange System Manager will not allow you to view the public folders as it believes the folder name to be incorrect.

This can be resolved using a front-end, back-end scenario, but what if you are stuck with a single Exchange server (ie. SBS) in your environment?

On following a few blogs and sites, the solution seems to be to remove SSL requirement for that particular folder in the IIS Manager.  This didn’t work for me though – and I found a lot of people out there with unresoved issues on Experts Exchange etc.

The end solution was to use the ADSIEdit utility to manually stop the Exchange System Manager from using SSL.

The steps are as follows:

1) Install the ADSIEdit Utility (one of the Windows Server 2003 Support tools) from your SBS2003 CD (CD2) using suptools.msi

2) Run a Microsoft Management console (Start->Run->MMC)

3) Open the ADSIedit.msc (browse to the Support Tools folder)

4) Browse through to

Configuration > Services >  Microsoft Exchange > Domain Name > Administrative Groups >     First Administrative Group > Servers > Servername > Protocols > HTTP > 1 > Exadmin

5) Right click msExchSecureBindings, and click Properties

6) Highlight :443: and click Remove

7) Click OK

8) Restart the Exchange System Attendant and the IIS Admin service

Exchange system manager will now no longer try to use SSL when connecting to the service.

43 Comments

  1. Thanks – that is really working …

  2. Thanks a lot!!! You saved me :-)

  3. Fantastic. A solution that works. Thank you.

  4. Awesome stuff. Works like a charm!!!

  5. THANKS!!

  6. what are the security ramifications of this, with respect to Outlook Web?

  7. The only security issues are that traffic sent between the ESM and the Exchange server is unencrypted. There is no impact on OWA. If concerned about encryption between the management console and the Exchange server you can always RDP into the Exchange server and run the Exchange System Manager locally.

  8. extremely helpful. my compliments sir.

  9. Much Appreciated, getting rather worried about not being able to see the public folders…. SBS sucks

  10. Thanks – saved my day (or night maybe) :-)

  11. Tanks,
    It works fine, good luck with your blog.

    A Admin.

  12. Thanks,

    It works like acharm, very nice job !

    Hilitec

  13. GJ m8y, proper pleased with that.

    Thanks V much

  14. Wow. Hours and hours of trying to fix this…and THAT was all I had to do?

    THANK YOU!!!

  15. No luck here. Some other service to restart, maybe?

  16. Found it! When I removed SSL from Exadmin, it either didn’t stick or I screwed up the 128 bit/require SSL box sequence. Thanks.

  17. Worked perfectly. Thank you for posting the fix.

  18. After all these hours searching for solution finally bingo!
    Thanks a lot!!

  19. Thanks, it’s been years trying to fix this

  20. Will I need to make the FQDN match the local server name in order to access OWA, share point, etc. from an outside location (i.e., over the Internet)?

    • Hi Tom

      This only affects the SSL certificate used by the Exchange System Manager so it doesn’t have an impact on OWA or anything else.

      It effectively stops the ESM from using SSL.

      Hope this helps

      Paul

      • Thank you. The instructions solved the problem.

        I understand that this will stop ESM from using SSL. However, if I
        want to use SSL over the internet to access Exchange mailboxes or
        public folders (OWA) or Sharepoint web sites will I run into problems
        because the server name is incorrect in the certificate?

        I guess what I’m asking is … isn’t this certificate used by other
        applications that utilize SSL? And therefore, shouldn’t I change the
        certificate or create a new certificate to utilize the correct server
        name? That way ESM as well as other applications would work properly
        even with SSL on?

        Thanks again for any help you can provide.

        Tom

  21. Thanks for this – tried everything else on other sites, nothing else worked. This worked perfectly.

  22. Hello, i have the same problem on my runing W2K3 R2 Server with Exchange 2003 installed (not SBS 2003).
    I have tried your solution but the entry msExchSecureBindings is alway empty.
    At the moment i get the error c103b404 from the Exchange System Manager when accessing the public folders or trying to generate a new one.
    Is there anything else i can try to fix this problem?

    Thanks
    Stefan from Germany

    • Hi,
      I have Win2k3 sp2 DC/GC server with Exchange 2003 sp2.
      It’s the same for me. msExchSecureBindings is always empty. I restared both IIS and System Attendant services and I am still getting the error c103b404 when I tried to view Public Folders inside System Manager.

      have you found a solution Stefan?
      Travis from Canada

      • Hello Travis,

        until now i don’t found an solution to this problem.

        Stefan

  23. this helped.

  24. Thanks for sharing such a nice post..

  25. Yip same here the value is blank in SBS 2003 R2 and still getting the error, anyone any ideas? THanks, JP

    • I had similar problem. Value was blank for me too. After ages of searching, it appeared that it was because the Default Web Site in IIS was set with the server secondary IP address. May help others to check the following:

      http://support.microsoft.com/kb/325923

  26. Right for anyone that found 443 missing already there are do workarounds:

    1) Do what microsoft says and disable the requirement for SSL for excadmin in IIS and then block port 80 at the firewall so external users still need to use SSL.

    2)Much nicer solution add and FQDN entry to your hosts file matching the ssl FSDN to the server IP address. You don’t even need to restart the services!

    JP

    • You sir, are a genius. Adding the FQDN to the hosts file resolved the issue for me.

    • Thanks for this also – SBS 2003 to SBS 2008 migration disaster averted!

      Cheers!

  27. Thanks. This worked and stopped the pain!

    Note: might want to edit your instructions just to be accurate. At STEP 5 it should say:

    5) right-click on EXADMIN and select Properties

    6) scroll down to msExchSecureBindings, click on it and click “EDIT”

    7) Highlight :443: and click Remove

  28. Cannot thank you enough. I really did want to create a new certificate which is what Microsoft suggested after removing the SSL requirment though IIS didn’t work. You’re a genius!

  29. Thanks for the post Paul. I used to have difficulty with the ID on my Apache SSL certificate. These are good concise pointers.

  30. Thanks for the post Paul. I put the name of the certificate on the host file with the IP of the server and now everything is working.

  31. Worked great had the error when migrating the public folder to the new sbs2011

  32. After updating my security certificate, I had this problem with my Public Folders.

    After following these instructions, the problem is now sorted – thanks :-)

  33. FANTASTIC!!!
    it works fine,
    thanls a lot!!!

  34. awesome tips mate, this worked a treat, thanks so much

  35. I seek solution 2 days.
    For 5 minutes i resolve problem. Works! Great! Thanks!!!!

  36. When I was following all steps above, I made a really big mistake: I had remove the msExchSecureBindings itself (not the value).

    I have solved my problem, but now I can´t retrive my emails using iPad´s Exchange account.

    I need to repair my mistake but I don´t know how to do it.

    Anybody can help me?


2 Trackbacks/Pingbacks

  1. [...] Jos törmäät moiseen ongelmaan eikä Microsoftin KB:n antamat ohjeet riitä korjaamaan vikaa, niin ratkaisu löytyy täältä. [...]

  2. [...] schimb a functionat: Gasita aici: The steps are as [...]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>