== Problems with Certificates/SSL and Exchange 2003 System Manager (ESM) #1: == Once you’ve imported your certificate into IIS and set your exchange front end to “require ssl” ESM starts giving your errors like: {{{ The SSL certificate server name is incorrect. ID no: c103b404 }}} [[http://support.microsoft.com/default.aspx?scid=kb;en-us;324345|MS KB 324345]] has the answer: Do not require SSL for the “ExAdmin” virtual directory. (probably a good idea to put some IP restrictions in its place) Don’t waste a whole day (like me) because you didn’t notice this: When un-checking the Require secure channel (SSL) check box, '''''if Require 128-bit encryption is shaded, click to select Require secure channel (SSL), click to clear Require 128-bit encryption, and then click to clear the Require secure channel (SSL) check box again.''''' == Problems with Certificates/SSL and Exchange 2003 System Manager (ESM) #2: == Problems in ESM like: {{{ id no: c0072746 “an existing connection was forcibly closed by the remote host” -or- id no: c103b402 “The connection was aborted. Ensure that the settings on your default website are correct and refresh the Public folder tree.” }}} can result from IISLockdown enabling URLscan on your server. If you have “.com” in the FQDN of your certificate (many do), then Urlscan may be blocking it, check the Urlscan log to see if ESM requests are blocked: {{{ %windir%\system32\inetsrv\urslscan folder\urlscan.log }}} * Remove .com from the [DenyExtensions] part of urlscan.ini and reset IIS * Or undo iis lockdown changes See: [[http://support.microsoft.com/kb/309508/]] for more info