Moving Public Folder Replica – SSL Certificate Error
As part of a recent SBS 2003 - SBS 2008 migration we came across the following error when trying to move the Public Folder's from Exchange 2003 to Exchange 2007. When we told Exchange 2003 to move the Replica Set we saw the below error:
The SSL certificate server name is incorrect
ID no: c103b404
Exchange System Manager
Searching for a resolution we found a number of sites that listed removing the SSL certificate requirement on the exadmin folder (As per http://support.microsoft.com/kb/324345). Unfortunately this wasn't a complete fix as it also appeared we then needed to use adsiedit to remove the :443: binding on the service. The fix below worked for us:
- In IIS navigate to the Exadmin folder, Right click to bring the “Properties” window up and go to the “Directory Security” tab
- In the “Secure Communications” section select “Edit”.
- Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit encryption.”
- If the “Require 128-bit encryption.” is selected and greyed out, make sure to select “Require secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect “Require secure channel (SSL)” again.
- Goto Start – Run and type adsiedit.msc
- In the left side pane expand the Configuration container.
- Next expand CN=Configuration, then CN=Services, CN=Microsoft Exchange, CN=, CN=Administrative Groups, CN=First Administrative Group, CN=Servers, CN=Protocols, CN=HTTP, CN=1
- Right Click on CN=Exadmin and choose Properties.
- In the Properties dialog box you will see 2 drop-down lists. drop down the top list and select “Both”. Drop down the second list and scroll down to the attribute “msExchSecureBindings” and double click on it.
- If this attribute is set to 443, click the 443 value to select it and click the “Remove” button. Then click “Apply” and then “OK”
- Close out of ADSI Edit,
- Restarted IISadmin service
Test the replication again, hopefully all should now be working as expected.
McAfee 8.7i On Access Scan Disabled after install
Having set up a new PC and installed McAfee VirusScan Enterprise 8.7i (with or without Patch 1) every so often on different setups we find that it fails to start and reports the On Access Scan / Buffer Protection and Access Protection components are disabled. This failure to start is after rebooting the PC once the application has been installed.
If you check the McAfee services all are started except the McAfee McShield service which although is on Automatic fails to start.
Then checking Event Log we see the following error on the Vista PC's:
Log Name: Application
Source: McLogEvent
Event ID: 5004
Could not Contact Filter Drive. Error = 0x7d1 : The specified driver is invalid.
FIX:
To fix the above we found making the below changes to some registry keys did the trick.
1) Open Regedit
2) Navigate to HKLM\SYSTEM\CurrentControlSet\Services\
3) Find the ImagePath key for mfeapfk, mfeavfk and mfebopk
4) Edit the ImagePath to reflect the full path to the .sys file - this is usually just a case of adding c:\windows\ in front of the path.
5) Make this change for the 3 listed McAfee keys (mfeapfk/mfeavfk/mfebopk)
6) Start the McAfee McShield service
