Posts Tagged ‘Microsoft’

How to renew an Exchange 2007 Self Signed Certificate.

February 15th, 2011 1 comment

By default Exchange 2007 creates a self signed certificate that is valid for 1 year when it is installed. This certificate is used with exchange services like SMTP, POP3, IMAP, IIS and UM.

Please note that the self signed certificate is not the recommended way to communicate with the server from external sources.

Due to the fact that the certificates expire after 1 year, you will find yourself in a position to have to renew it after 1 year from the date of installation.

The renewal of the self signed certificate is very simple and can be done with just a few steps and would need to be done on the server with the Client Access Service and Hub Transport roll installed. We will be using the Exchange Management Shell.

1. The first step is to get the thumbprint for the certificate that is enabled for the POP, SMTP, IMAP and IIS services. The thumb print looks something like this C5DD5B60949267AD624618D8492C4C5281FDD10F. To get the thumbprint, you need to run the following command.

Get-ExchangeCertificate -domain “servername.domain.extension” | fl

2. Once you have the thumbprint, you can then run a command to get a new certificate with a new expiration date. This command will not make the certificate private key exportable.

Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate

If you need to make a certificate with an exportable private key, then run the command as follows.

Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate -PrivateKeyExportable $true

If the existing certificate is being used as the default SMTP certificate, you will get prompted to overwrite the existing default SMTP certificates. Here you can type “Y” and then press ENTER. This will now generate a new certificate and enable it. “The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization.”

To the output will give you the new certificate thumbprint which we will use in steps 3 and 4.

3. To check that the default services (POP, SMTP and IMAP) are mapped to the new certificate, you can use the following command replacing NEW KEY with the key that is given for the new certificate.

Get-ExchangeCertificate -thumbprint “New KEY” | fl

4. We now also need to map the IIS service to the new thumbprint.

Enable-ExchangeCertificate -thumbprint “NEW KEY” -services IIS

5. You can now test your services to ensure that they are working, and the best way to do this is to access OWA from inside the network and also test Outlook over HTTPS.

Once you are happy you can remove the old certificate using the following command replacing OLD KEY with the key obtained from step 1.

Remove-ExchangeCertificate -thumbprint “OLD KEY”

And that is it. You now have a new self signed certificate that is valid.

Remote Desktop suddenly stops accepting connections

February 1st, 2011 No comments

I came across a problem at one of my clients today where remote desktop stopped working on a Windows 2003 Server. (Although this also affects Windows 2000 Server)

I have searched the internet for causes, and the most likely reason is due to an update that is installed.

Further investigation led to a solution in Microsoft KB555382.

Read more…

Hello world from the two nerds

January 3rd, 2011 No comments

David and I often collaborate on projects related to small business use of Windows Server and VMware stuff. And today David suggested we collaborate on this blog.

We gain so much from others who post their findings and suggestions on the web and we want to be part of the those kind of good efforts.

Plus, this could be a great way to keep stuff actively posted. We sure hope to hear from YOU so feel free to add comments.

Here goes!


Categories: Uncategorized Tags: ,