How to remove the SSL binding to an incorrectly published certificate

Published: March 17, 2011

Applies To: Windows Small Business Server 2011 Standard

Problem: When moving Exchange Server public folders, you may encounter error ID 80090308 “The token supplied to the function is invalid.”

Solution: This error occurs when an SSL certificate is incorrectly published to the Exadmin virtual root in Internet Information Services (IIS). You must remove the SSL binding before moving Exchange Server public folders. To remove the SSL binding, use the ADSI Edit tool, one of the Windows Support Tools. To install the ADSI Edit tool, see ADSI Edit (adsiedit.msc).

To remove the SSL binding to an incorrectly published certificate

  1. Navigate to the virtual root Exadmin in IIS.

  2. Right-click Exadmin, click Properties, and then click Directory Security.

  3. In the Secure Communications section, click Edit.

  4. Clear the Require secure channel (SSL) checkbox.

  5. If the Require 128-bit encryption checkbox is selected and is greyed out, perform these steps:

    1. Select Require secure channel (SSL).

    2. Clear Require 128-bit encryption.

    3. Clear Require secure channel (SSL).

  6. Launch the ADSI Edit tool from the Windows Support Tools. For more information about using the ADSI tool, see ADSI Edit (adsiedit.msc).

  7. In the left pane, click Configuration, and then click each of the following to expand:

    CN=Configuration

    CN=Services

    CN=Microsoft Exchange

    CN=

    CN=Administrative Groups

    CN=First Administrative Group

    CN=Servers

    CN=Protocols

    CN=HTTP

    CN=1

    CN=Exadmin

  8. Right-click CN=Exadmin, and then click Properties.

  9. In the list of attributes, scroll down to msExchSecureBindings, select it, and then click Edit.

  10. Select the entry :443:, click Remove, and then click OK.

  11. Click Apply, then click OK.

  12. Exit ADSI Edit.

  13. Close and reopen Exchange System Manager.