Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 5 subscribers
  • Views 2515 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Revocation Check failed

Revan

Hello,

i have a problem with my exchange server certificate. Ever since from the beginning it says "Revocation Check failure"

All around the internet it is claimed as a proxy error so i tried to:

- skip or set the proxy for the normal user via netsh winhttp command

- skip or set the proxy for the normal user via IE settings

- skip or set the proxy for NT-Authority/SYSTEM User via netsh winhttp command

- skip or set the proxy for NT-Authority/SYSTEM User via IE settings

- Made an Exception in Filtering Options of the UTM to the Revocation URL shown in the Certificate

- Made an execption to the whole URL of the CA

I can download the CRL via Internet Explorer but the Exchange console still shows "Revocation Check Failure"

Nothing helps and i'm running out of ideas.

What can i do?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Could you please tell us about the configured web filtering operation mode on your firewall? Is it transparent or standard proxy? 

    Thanks,

  • 0 in reply to Revan

    Hello Revan,

    are you sure, that you configured netsh winhttp set proxy FQDN_of_Sophos-FW:8080 bypass-list="crl.cahost.com" (Example)

    correctly? Please try with and withput bypass-list.

    Standard-mode on the UTM uses port 8080 as default-proxy-port, which is not automatically chosen by "netsh winhttp set proxy"

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    Hi,

    yes i tried it excessively. With fqdn, with ip address, with bypass list and without, as normal user, as system user.

    Always waited min 30mins afterwards, mostly even more.

  • 0 in reply to Revan

    Did you use port 8080 for the proxy-setting?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    Hello Revan,

    could you show us your command lines for setting winhttp proxy?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    sorry for the late answer, was on vacation.

    Yes, i used port 8080

  • 0 in reply to jprusch

    netsh winhttp set proxy proxy-server="ip_of_the_server:8080" bypass-list="*.domain.local"

    netsh winhttp set proxy proxy-server="fqdn_of_the_server:8080" bypass-list="*.domain.local"

    netsh winhttp set proxy ip_of_the_server:8080

    netsh winhttp set proxy fqdn_of_the_server:8080

    netsh winhttp import proxy source =ie

    netsh winhttp reset proxy

     

    I also tried to change the proxy settings via psexec session as LOCAL SYSTEM User

     

    netsh winhttp show proxy always tell me if the settings were applied

  • 0 in reply to Revan

    Can you show us your EXACT command lines?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
Unfiltered HTML