XADM: Exchange System Manager Writes Incorrect SecureBindings Data to Active Directory When Using SSL (299365)


The information in this article applies to:

  • Microsoft Exchange 2000 Server
This article was previously published under Q299365

SYMPTOMS

If you use Exchange System Manager to create a Hypertext Transfer Protocol (HTTP) virtual server, a W3SVC event 114 error message that is similar to the following may be logged in the server's System event log:
Instance 101 has invalid secure binding descriptor 191.60.10.77:443:host.test.com (host name ignored).
For additional information specific to this message please visit the Microsoft Online Support site located at: http://search.support.microsoft.com/search/?adv=1.

CAUSE

This problem can occur when you use Exchange System Manager to create a virtual server, because a host name is written along with the IP address.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Microsoft Exchange 2000 Server service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later:

Component: Exchange System Manager

File nameVersion
Exadmin.dll6.0.4419.17

STATUS

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.

MORE INFORMATION

WARNING: If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

To work around this problem:
  1. Start ADSI Edit from the Microsoft Windows Support Tools. These tools are installed from the Windows 2000 CD-ROM.
  2. Open the Configuration container, click to expand Services, and then click Microsoft Exchange. Click the organization name, click Administrative Groups, and then click First Administrative Group. Click Servers, click the server name, click Protocols, and then click HTTP.
  3. Depending on the number of virtual servers, there is a container that is labeled "CN=1", which is the default Exchange virtual server (Other virtual servers are in the order of creation numbered "CN=100" and counting up (so CN=101, CN=102, and so on). Right-click the server that you want to edit, and then click Properties.
  4. Under property to view, click msExchSecureBindings.
  5. In the Attribute Values box, click the entry that you want to edit, and then click Remove.
  6. The old value should now be displayed in the Edit Attribute box; edit the attribute to remove the host name.
  7. The entry then looks similar to the following (where the IP address is the address of the virtual server that is using SSL):

    191.60.10.10:443:

  8. Click Add, and then click OK.
  9. The next time that you restart the W3SVC, no warning is logged in the event log. Repeat the preceding steps for any additional servers or virtual servers showing that are experiencing this problem.
Modification Type:MajorLast Reviewed:7/17/2006
Keywords:kbHotfixServer kbQFE kbbug kberrmsg kbExchange2000preSP2fix kbfix kbQFE KB299365
©2004 Microsoft Corporation. All rights reserved.