View FAQ

- Software -


Certificate revocation checked failed 2010 Exchange Server ...
(posted by Steven A on 2015-08-21 15:46:26)

Certificate revocation checked failed 2010 Exchange Server


Solution:

    Here’s how you can fix the issue:



    1. Open up command prompt as Administrator

    2. Run “sc create testsvc binpath= "cmd /K start" type= own type= interact”


      • This creates testsvc service which will run as local system and allow interaction with desktop


    3. Run “sc start testsvc”


      • The error “[SC] StartService failed 1053” is expected and can be ignored safely


    4. Locate “Interactive Services Detection” icon blinking in the taskbar and click “view message”

    5. You are now in a command prompt window running as Local System and you will not see your desktop. The only other visible window is “Interactive Services Detection” window.

    6. Launch Internet Explorer using the following command:


      • "c:Program Files (x86)Internet Exploreriexplore.exe"


    7. Internet Explorer may present Set up window. If it does, click “Ask me later”.

    8. We will now check proxy settings. Go to Tools -> Internet options -> Connections -> Lan Settings.

    9. Verify proxy and automatic configuration options and change them to match your environment. In my case we cleared all checkboxes since no proxy existed in environment.


      • In our case, either server build process or a setting from or a GPO was populating incorrect proxy settings.


    10. Close Internet Explorer window and return to command prompt.

    11. We will now clean certutil caches.

    12. Run “certutil -urlcache ocsp delete”

    13. Run “certutil -urlcache crl delete”

    14. We’re almost done here. We now have to close and exit out of service.

    15. Type “exit” and press enter to close command prompt that is running as Local System.

    16. Now you should have only one “Interactive Services Detection” window.

    17. Click “Return Now”.


    You are now back to your desktop and we have corrected Internet Explorer settings for Local System (removing proxy configuration that was incorrect). After this, we restarted Exchange Management Console and verified certificate on CAS server in question. Certificate was no longer issuing the warning and we proceeded with assigning the certificate to appropriate services.


    It is important to note that refresh time varies from immediate to more than few minutes so don’t fret over certificate still showing the same error. If, however, it takes more than 15 minutes, I would check if all steps were followed as mentioned above and configuration is correct for your environment.


     


    http://blogs.technet.com/b/bshukla/archive/2012/04/30/certificate-revocation-checked-failed.aspx


Comments:


© 2024 TkFast, Inc.  |  main  |  public  |  FAQs