Would an invalid certificate cause an 0x8004010F sync error?

1

We just migrated from Exchange 2003 to 2007 which was a combo primary AD/DNS server and it has not gone smoothly. We are now down to getting a new certificate (a bureaucratic process thats out of my hands) and users getting the 0x8004010F sync issue. We are only using Outlook 2007 as our email client and the sync error appears exactly as so:

9:21:44 Synchronizer Version 12.0.6562
9:21:44 Synchronizing Mailbox '<User>'
9:21:44 Done
9:21:44 Microsoft Exchange offline address book
9:21:44     0X8004010F

Now, I have read a number of technet articles on this issue anywhere from adding an A record in the DNS for autodiscover.domain.com to syncing the old OAD to the new OAD. In otherwords, theres lots of thing to try, but trial and error at this point might be hazardous to ther server's health and I am trying to narrow down the list of things to try. What has me thinking that the sync error could be related to the certificate is an event error message that says the following:

Microsoft Exchange could not find a certificate that contains the domain name mail.ccufl.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Mail with a FQDN parameter of mail.ccufl.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I am not fully clear on how the Exchange Transport Service is related to Syncronization, but my hunch is that it probably not related to there not being a valid certificate. So to recap, would an invalid certificate cause an 0x8004010F sync error?

exchange-2007
certificate
synchronization
outlook-2007
asked on Server Fault Mar 29, 2012 by Chad Harrison

2 Answers

0

The default Exchange transport certificate is actually self-signed and then stored in Active Directory. Have you manually removed or renewed/replaced any certificates from the server's store recently? Could it have expired?

Run 

Get-ExchangeCertificate | fl

to give you a list of all certificates on the server. At least one of them should have 'SMTP' listed next to its services, and it should be self signed.

The quickest way of re-generating the default transport certificate and storing it in Active Directory is to use New-ExchangeCertificate

answered on Server Fault Mar 29, 2012 by Chris McKeown
0

Found where my problem was. The mailbox database client settings didn't have an offline mailbox set to anything. Found it

  • Server Configuration -> Mailbox -> Database Management -> Open your Database Properties -> Client Settings Tab -> Check you have an offline address book set

So my answer is no, an invalid cert will not cuase sync issues of this nature.

answered on Server Fault Mar 29, 2012 by Chad Harrison • edited Mar 29, 2012 by Chad Harrison

User contributions licensed under CC BY-SA 3.0