Skip to main content

Exchange 2010 and "The certificate status could not be determined because the revocation check failed"

·234 words·2 mins
system-administration tech certificate exchange-2010 proxy ssl sysadmin technology
James Pettigrove
Author
James Pettigrove
Cloud Engineer with a focus on Microsoft Azure

On Friday while I was preparing our new Exchange 2010 VM for coexistance with our current Exchange 2007 physical box (more on that later) I ran into a annoying snag. Upon importing the PFX export of our current 3rd party wildcart certificate from IIS the Exchange 2010 management console threw me the below error while processing the certificate:

The certificate status could not be determined because the revocation check failed

Seemed quite bizare at first. I knew the VM had internet connectivity. After trawling the internet I discovered that Exchange 2010 uses the WinHTTP interface to communicate with the internet rather than any settings defined in Control Panel>Internet Settings. This means if you are behind a forward proxy like Squid or TMG chances are the management console won’t work quite right.

The issue is easy to resolve. Drop down to a administrative command prompt or powershell and type the following:

netsh winhttp set proxy proxy-server="http=myproxyserver" bypass-list="myexchangeserver"

Where myproxyserver is your forward proxy DNS name or IP and myexchangeserver is your Exchange server DNS name (I used FQDN but NETBOIS should be fine) or IP.

Once you close down the management console and fire it back up your 3rd Party SSL certificate should now be verified.

This error is detailed in Microsoft KB Article 979694 and also on a Twitter friend ( @exchservpro) of mines blog post Exchange 2010 Certificate Revocation Checks and Proxy Settings.

Related

Export email addresses via Exchange Powershell
·298 words·2 mins
system-administration tech exchange exchange-2007 exchange-2010 powershell sysadmin technology
The other week I had a request for a list of all email addresses of staff for use with a legacy VOIP system.
Make time to set (NTP) time
·401 words·2 mins
system-administration tech ntp sysadmin technology windows
Any any Windows domain environment one of the most overlooked but ultimately crippling when things are wrong component is time.
VM migration from Server 2008 R2 to Server 2012
·811 words·4 mins
system-administration tech hyper-v sysadmin technology virtual-machines windows-server-2008-r2 windows-server-2012
There will certainly be a few people out there who are either doing it already or investigating upgrading their Virtual Machine host from 2008 R2 with Hyper V (or Hyper V Server R2) to Server 2012 with Hyper V (or Hyper V Server 2012).