Error message when you import a third-party certificate into Exchange Server 2010: "The certificate status could not be determined because the revocation check failed"

Article ID: 979694 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

A valid third-party certificate is imported into a Microsoft Exchange Server 2010 Client Access server (CAS). Then, the following status message is displayed in the Exchange Management Console:
The certificate status could not be determined because the revocation check failed.
If you run the Get-ExchangeCertificate cmdlet in the Exchange Management Shell, you receive the following status for the third-party certificate:
Status: RevocationCheckFailure
However, if you click the Certificate Revocation List (CRL) link that is specified on the certificate, you can still access the third-party certificate through the Exchange server.
Back to the top | Give Feedback

CAUSE

This issue occurs because Exchange Server 2010 uses Microsoft Windows HTTP Services (WinHTTP) to manage all HTTP and HTTPS traffic, and WinHTTP does not use the proxy settings that are configured for the Internet browser.

To view the WinHTTP proxy settings, at a command prompt, run the following command:
netsh winhttp show proxy
Back to the top | Give Feedback

RESOLUTION

To resolve this issue, you must configure the WinHTTP proxy setting and the server FQDN in the WinHTTP bypass list.

Note If you do not configure both the proxy setting and the server FQDN in the WinHTTP bypass list, the Exchange Management Shell and the Exchange Management Console cannot contact the Remote PowerShell.

To resolve this issue, open a command prompt, type the following command, and then press ENTER:
netsh winhttp set proxy proxy-server="http=myproxy" bypass-list="*.host_name.com"
The myproxy placeholder represents the proxy server name, and host_name represents the Exchange Server 2010 host name.
Back to the top | Give Feedback

REFERENCES

For more information about WinHTTP and about how to set the proxy on the Exchange 2010 server, visit the following Web pages:
Netsh Commands for Windows Hypertext Transfer Protocol (WINHTTP)
(http://technet.microsoft.com/en-us/library/cc731131(WS.10).aspx)


Configure Proxy Settings for WinHTTP
(http://technet.microsoft.com/en-us/library/bb430772.aspx)


WinHttpDetectAutoProxyConfigUrl Function
(http://msdn.microsoft.com/en-us/library/aa384094(VS.85).aspx)
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260210
(http://support.microsoft.com/kb/260210/ )
Description of WinSock Proxy Auto Detect support
Back to the top | Give Feedback

Properties

Article ID: 979694 - Last Review: September 10, 2011 - Revision: 2.0
APPLIES TO
  • Microsoft Exchange Server 2010 Coexistence
  • Microsoft Exchange Server 2010 Enterprise
  • Microsoft Exchange Server 2010 Standard
Keywords: 
kbdigitalcertificates kbexpertiseinter kbtshoot kbsurveynew kbprb KB979694
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top