Overview
When using Microsoft Exchange 2007 or later and the Public Folder Scanning Setting is configured to poll using Web Services, clicking on the Test button fails:
Solution
If you have tracing enabled, please check the \GFI\MailEssentials\Attendant\DebugLogs\PFTrainEWS.log
file for the following error:
2020-09-28,14:57:02,127,1,"#00006DE8","#00000039","info ","PFTrainEWS","<user> : https://<server name>:443/EWS/Exchange.asmx"
2020-09-28,14:57:02,133,1,"#00006DE8","#00000039","error ","PFTrainEWS","error:PFTrain EWS Test Failed: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
2020-09-28,14:58:56,574,1,"#00006DE8","#00000033","info ","PFTrainEWS","Config Timer...ok"
2020-09-28,14:58:56,591,1,"#00006DE8","#00000033","error ","PFTrainEWS","error:Create Folders Exception: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel."
If the previous error is encountered, please apply the following steps:
After addressing the TLS error, please Ensure the correct server name is used.
Configure .NET Framework to support strong cryptography
Since SSL has been retired in favor of TLS, we must configure the installed .NET Framework to support strong cryptography.
Open a new PowerShell window as Administrator and run the following commands:
On a 32 bit operating system (x86):
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
On a 64 bit operating system (x86_64):
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NetFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null
Ensure you're using the correct certificate
In order to minimize the risk of experiencing an SSL certificate problem, please perform the following steps:
- Download the New Certificate.
- Open a Command Prompt window as a user with Administrative rights (right-click and select Run as administrator).
- Type
mmc
and press Enter. - On the File menu, click Add/Remove Snap-in.
- Select Certificates and click Add.
- In the Certificates snap-in dialog box, select Computer account, and click Next.
- In the Select Computer dialog box, click Finish.
- In the Add Standalone Snap-in dialog box, click Close.
- On the Add or Remove Snap-in dialog box, click OK.
- In the Console Root window, click Certificates (Local Computer) to view the certificate stores for the computer.
- Browse to the Trusted Root Certification Authorities node.
- Right-click and select All tasks > Import.. and proceed to locate the downloaded certificate.
- Click Next, followed by Finish.
- Restart all GFI MailEssentials services.
Ensure the correct server name is used
This error may occur when the Server name in the Web services configuration screen is different from the Exchange Web Services EWS (Default Website) internal URL configured in Exchange.
Follow the steps below to correct the Public Folder Scanning Settings and resolve the error:
-
Open Exchange Management Shell and run the following command:
-
Get-WebServicesVirtualDirectory |Select name url | fl
Sample output:
-
-
Open the Public Folder Scanning configuration screen and change the Server name to the same server name under InternalUrl obtained from step 1. This is usually the same as the FQDN (Fully Qualified Domain Name) of the Exchange server.
NoteThe
Get-ExchangeSettings
cmdlet can be executed on the Exchange Management Shell to view various Exchange Server settings that are stored in Active Directory, including the FQDN. -
Enter the Domain and credentials for a user with full permissions to the Exchange server and specify whether or not to use SSL. Change the default ports accordingly to match your Exchange server configuration if necessary.
NoteIf both a local and a public domain exist, corresponding to the InternalUrl and ExternalUrl respectively, always use the local domain.
- Click on the Apply button to save the configuration prior to testing.
Testing
Click on the Test button to confirm successful connection to poll Exchange Public Folders.
If the issue still persists, please generate the troubleshooting logs as follows:
- Make sure that you have tracing enabled.
- Wait for at least 30 minutes to gather enough information and for the issue to be reproduced.
- Run the troubleshooter:
- Start > Programs > GFI MailEssentials > Troubleshooter
- Follow the Log Generation Wizard for collecting the required and pertinent information.
- Select New Case when completing the log generation to attach the logs to a new case that will be automatically created, or open a support ticket manually and attach the logs to that ticket, so that the Support team can investigate the problem.