Share via

The target principal name is incorrect

Андрей Михалевский 3,331 Reputation points
2024-07-03T13:45:42.2066667+00:00

Hello. I've deployed the lab environment.

  1. Exchange 2019 LAST CU, LAST SU. Windows server 2022
  2. AD CS - Windows server 2022
  3. Client - Windows server 2022 - for testing.

All updates.

After installing Exchange - I configured the virtual directories with a script.

EX-01

Then I requested with Exchange a certificate and issued in AD CS.

Cert

Then in ECP I installed the required services

ECP

EX-02

No problem with the certificate:

EX-03

IMAP configuration:

EX-04

My client successfully connects via IMAP: 993 SSL and 587 STARTTLS

EX-06

But I get the notification all the time:

EX-07

  • Why am I getting this notification? Why is it accessing my Exchange Server computer certificate? EX-01 is the NETBIOS of the computer.

PS: I think the problem is in my wildcard certificate, but I don't know where. I've done everything in the documentation

Exchange Server
Exchange Server
A family of Microsoft client/server messaging and collaboration software.
1,337 questions
0 comments
Accepted answer
  1. Mike Hu-MSFT 4,135 Reputation points Microsoft Vendor
    2024-07-05T09:41:42.8666667+00:00

    Hi,

    Yes, that's my misunderstanding. Thanks for point out that.

    And great to know that the issue has already been resolved and thanks for sharing the solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer : )     

    --------------   

    Issue Symptom: 

    IMAP configuration:EX-04

    Client successfully connects via IMAP: 993 SSL and 587 STARTTLS

    EX-06

    But getting the notification all the time:

    EX-07

    Resolution: 

    It is not enough to apply the settings in Set-ImapSettings. You must additionally set FQDN, AdvertiseClientSettings and TlsCertificateName

    Details:

    https://learn.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-authenticated-smtp?view=exchserver-2019

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mike Hu-MSFT 4,135 Reputation points Microsoft Vendor
    2024-07-04T09:39:48.1666667+00:00

    Hi,

    This error message indicates that the currently installed certificate depends on a root certificate that is not in the Trusted Root Certification Authorities store.To solve this problem, you can do the following:

    • Download the root certificate file from a Certificate Authority (CA), usually with the '.crt' or '.cer' suffix.
    • Open the Run dialog box (shortcut key is 'Win+R'), enter 'mmc' and press Enter to open the management console. In the Admin console, select File > Add/Remove snap-ins. In the pop-up window, select "Certificates" and click the "Add" button. Select "Computer Account", then click "Next" and select "Local Computer", and finally click "Done".
    • On the left side of the Admin console, expand Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates. Right-click on the Certificates node and select All Tasks > Import. In the Import Wizard, select the root certificate file you downloaded earlier and follow the prompts to complete the import process. User's image
    • Restart the relevant service

    Hope this helps. Any updates please be free to contact us.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.