<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
"It <strong>seems</strong> that the Connector Server user must be
member of local "Administrators" group to be able to access the
certificate store! (If you are not using "Domain Admins" group for
security reasons.)"<br>
<br>
in <a class="moz-txt-link-freetext" href="https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server">https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server</a><br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 06/24/2015 01:55 PM, Ivan Noris
wrote:<br>
</div>
<blockquote cite="mid:558A9AAF.8000704@evolveum.com" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
Please try to add that account to local Administrators on that
computer (not Domain Administators). I remember situation where
this helped. I also remember to have written it somewhere :-(<br>
<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 06/24/2015 01:50 PM, Ващенков
Алексей wrote:<br>
</div>
<blockquote
cite="mid:23F96C83E30B7E4DA253EBD07C550836014DC8AC@EX-MB2.solar.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:"Consolas","serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Thanks.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I
helped a little bit. The documentation doesn’t pointed
that also I need to add the certificate to trusted roots
using mmc.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">After
we imported certificate and add it ti trusted roots I’ve
got an access denied exception. We try to start connector
as System and as Administrator but in both cases access
exception throws. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">May
be I miss some preferences?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US">From:</span></b><span
style="color:windowtext;mso-fareast-language:RU"
lang="EN-US"> midPoint [<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:midpoint-bounces@lists.evolveum.com">mailto:midpoint-bounces@lists.evolveum.com</a>]
<b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Wednesday, June 24, 20</span><span
style="color:windowtext;mso-fareast-language:RU">15
10:54 AM<br>
<b>To:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<b>Subject:</b> Re: [midPoint] Self-signed SSL
certificate problem with exchange connector<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi Алексей,<br>
<br>
please check your steps with <a moz-do-not-send="true"
href="https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server">
https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server</a><br>
<br>
Last time I was connecting AD through SSL, it helped me.<br>
<br>
Regards,<br>
Ivan<span style="font-size:12.0pt;mso-fareast-language:RU"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 06/24/2015 09:42 AM, Ващенков
Алексей wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hi. </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">We use self-signed
certificate for connection to powershell. In process to
add account using Exchange connector throws an exception
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">====</span><o:p></o:p></p>
<div style="border:none;border-bottom:double windowtext
2.25pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal"><span lang="EN-US">The SSL
certificate is signed by an unknown certificate
authority. For more information, see the
about_Remote_Troubleshooting Help topic. Cannot
validate argument on parameter 'Session'. The argument
is null. Supply a non-null argument and try the
command again.</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span lang="EN-US">We have added
certificate to trusted roots in internet settings. But
it doesn’t take any effect.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US">What should we do to
prevent this exception throwning?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif";mso-fareast-language:RU"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre> Ing. Ivan Noris<o:p></o:p></pre>
<pre> Senior Identity Management Engineer & IDM Architect<o:p></o:p></pre>
<pre> evolveum.com evolveum.com/blog/<o:p></o:p></pre>
<pre> ___________________________________________________<o:p></o:p></pre>
<pre> "Semper Id(e)M Vix."<o:p></o:p></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
evolveum.com evolveum.com/blog/
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</body>
</html>