Thursday, January 2, 2014

Digicert EASY-CSR for Exchange 2007

https://www.digicert.com/easy-csr/exchange2007.htm

Exchange 2007 Private Key Missing

Exchange 2007 Private Key Missing

Error message: "The certificate with thumbprint... was found but is not valid for use with Exchange Server (reason: PrivateKeyMissing)."
We are aware of two possible reasons for this error message. The first reason is that your private key was lost, deleted, or never existed on the server in the first place. This makes it so that you cannot enable your certificate files for Exchange.
The second reason doesn't have a clear cause. Sometimes administrators get this error even when the entire Exchange 2007 setup is correct but the private key file somehow became corrupted and unusable by Exchange.
Luckily, both are easily resolved.
Background
An SSL Certificate is an easy way to refer to two distinct but related files called a public and private key. These files are usually combined in some way on your server; for example in a .p12, .pfx, or keystore file.
When you create a certificate request you actually create two things: A private key, which remains safe on your server, and a Certificate Signing Request (CSR), which is a data file that contains the information a Certificate Authority like DigiCert® needs to create a public key to match your private key without compromising the private key itself.
When your certificate is installed properly on the server, the certificate is paired with the corresponding private key from which your CSR was generated. In the case of most Microsoft installations, your server will not let you install a certificate file that does not match the private key.
What Do I Do?
If your private key is lost or damaged you will have to start over by creating a new CSR.
Reissuing DigiCert certificates is actually really easy as long as you use the same common name in the request. First, create a new CSR on your server. Then log into your DigiCert Management Console, click the order number, and click Reissue.
What Caused the Problem in the First Place?
It's hard to make a general statement, but the most common cause of this issue is that a server admin imported the .crt/.cer/.p7b SSL Certificate files through MMC and not through the Exchange command line or IIS where the request was generated.
Importing stand-alone certificate files through MMC does not associate those files with their private key. SSL Certificates can only be imported via MMC if they have already been installed to their private key and then backed up to a .pfx file.
Another common cause for this problem is that an admin correctly imported the certificates to one server but then backed up the certificate files to a .pfx without backing up the private key. If you are in this situation, we recommend that you learn how to properly export/import certificate files in Exchange.
Finally, if a new certificate request is generated on your Exchange server before your first certificate was installed, the private key for the initial request will be deleted automatically by your server.
Are There Any Other Fixes?
In rare occasions where none of the above explanations apply to you and you were not able to diagnose the issue, run the certutil -repairstore my "YourSerialNumber" command (quotes included). If your private key was somehow corrupted but is still on the server, this command may resolve the issue.

Exchange 2007 Certificate Install

To Install Your SSL Certificate in Microsoft Exchange Server 2007

  1. From the Start menu, click Run...
  2. Type mmc and click OK. The Microsoft Management Console (Console) window opens.
  3. From the File menu, click Add/Remove Snap In.
  4. Select Certificates, and then click Add.
  5. Select Computer Account, and then click Next.
  6. Select Local Computer, and then click Finish.
  7. Click OK to close Add or Remove Snap-ins.
  8. In the Console window, expand the Certificates folder.
  9. Right-click Intermediate Certification Authorities, mouse-over All Tasks, and then click Import.
  10. In the Certificate Import Wizard, click Next.
  11. Click Browse to find the certificate file.
  12. In the bottom right corner, change the file extension filter to PKCS #7 Certificates (*.spc;*.p7b).
  13. Select your certificate file, and then click Open.
  14. Click Next.
  15. Select Place all certificates in the following store.
  16. Click Browse, select Intermediate Certification Authorities, and then click Next.
  17. Click Finish.
  18. From the Start menu, select Microsoft Exchange Server 2007, and then click Exchange Management Shell.
  19. At the prompt, type the following to import the certificate:
    Import-ExchangeCertificate -Path C:\CertificateFile.crt

    NOTE: Replace CertificateFile.crt with the complete path and file name of your certificate.

    If the output of this command doesn't copy the thumbprint of the certificate, then you must copy it manually for use in the next step.
  20. Type the following to enable the certificate:
    Enable-ExchangeCertificate -Thumbprint paste_thumbprint_here -Services "SMTP, IMAP, IIS"

    NOTE: Paste the thumbprint in place of paste_thumbprint_here. Specify the services this certificate covers, using quotes. Valid service identifiers are SMTP, POP, IMAP, UM, and IIS. Do not enable services that are not in use.
  21. Close the Exchange Management Shell window.

Thursday, November 28, 2013

Windows forcing a reboot for Windows Updates


Windows will not let you postpone a windows update.

Use the command: net stop wuauserv

This will give you some time, but you must keep entering it until you are ready.

Tuesday, November 26, 2013

Dell PERC H310 Controller RAID 5 Performance Issues

The Dell Perc H310 Raid Controller is a budget raid controller sold by Dell. This controller performs adequately in budget servers when in RAID 1 but when it is configured in RAID 5 performance drops to nearly unusable.

Here is a screenshot of the proof:


In identical hardware the h310 controller when convereted from raid 1 to raid 5 there is an 83% decrease in performance. at 12 megabytes per second our now gigabit backbone is essentially 100 mbit when writing to the raid array.

The 3 year old HP server with a 256mb P-series controller has 1500% better performance than the h310 controller. While this may not fair to compare the 2, since the HP server has a 256MB ram, you would hope that the Dell card would be able to write at a rate that is faster than USB2.

Dell's solution to this problem, that they are aware of, is to replace the h310 with an h710. But try telling that to a client who only just purchased a server less than a year ago.