<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="RU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">The user is in both groups local and domain administrators.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Do you suppose that user must be only in local administrator group?<o:p></o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU"><o:p> </o:p></span></b></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU">Sent:</span></b><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU"> Wednesday, June 24, 2015 2:55 PM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Subject:</b> Re: [midPoint] Self-signed SSL certificate problem with exchange connector<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US">Please try to add that account to local Administrators on that computer (not Domain Administators). I remember situation where this helped. I also remember to have written it somewhere :-(<br>
<br>
Ivan</span><span lang="EN-US" style="font-size:12.0pt;mso-fareast-language:RU"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 06/24/2015 01:50 PM, Ващенков Алексей wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Thanks.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I helped a little bit. The documentation doesn’t pointed that also I need to add the certificate to trusted roots using mmc.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">After we imported certificate and add it ti trusted roots I’ve got an access denied exception. We try to start connector as System and as Administrator but in both cases access exception throws.
</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">May be I miss some preferences?</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"> </span><span lang="EN-US"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU">From:</span></b><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU"> midPoint [</span><a href="mailto:midpoint-bounces@lists.evolveum.com"><span lang="EN-US" style="mso-fareast-language:RU">mailto:midpoint-bounces@lists.evolveum.com</span></a><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU">]
<b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Wednesday, June 24, 2015 10:54 AM<br>
<b>To:</b> </span><a href="mailto:midpoint@lists.evolveum.com"><span lang="EN-US" style="mso-fareast-language:RU">midpoint@lists.evolveum.com</span></a><span lang="EN-US" style="color:windowtext;mso-fareast-language:RU"><br>
<b>Subject:</b> Re: [midPoint] Self-signed SSL certificate problem with exchange connector</span><span lang="EN-US"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US">Hi </span>Алексей<span lang="EN-US">,<br>
<br>
please check your steps with </span><a href="https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server"><span lang="EN-US">https://wiki.evolveum.com/display/midPoint/.NET+Connector+Server</span></a><span lang="EN-US"><br>
<br>
Last time I was connecting AD through SSL, it helped me.<br>
<br>
Regards,<br>
Ivan<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On 06/24/2015 09:42 AM, </span>Ващенков Алексей<span lang="EN-US"> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Hi. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">We use self-signed certificate for connection to powershell. In process to add account using Exchange connector throws an exception
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">====<o:p></o:p></span></p>
<div style="border:none;border-bottom:double windowtext 2.25pt;padding:0cm 0cm 1.0pt 0cm">
<p class="MsoNormal"><span lang="EN-US">The SSL certificate is signed by an unknown certificate authority. For more information, see the about_Remote_Troubleshooting Help topic. Cannot validate argument on parameter 'Session'. The argument is null. Supply a
non-null argument and try the command again.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US">We have added certificate to trusted roots in internet settings. But it doesn’t take any effect.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">What should we do to prevent this exception throwning?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt"><br>
<br>
<br>
<br>
</span><span lang="EN-US"><o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">midPoint mailing list<o:p></o:p></span></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a><span lang="EN-US"><o:p></o:p></span></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span lang="EN-US"><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt"><br>
<br>
<br>
</span><span lang="EN-US"><o:p></o:p></span></p>
<pre><span lang="EN-US">-- <o:p></o:p></span></pre>
<pre><span lang="EN-US"> Ing. Ivan Noris<o:p></o:p></span></pre>
<pre><span lang="EN-US"> Senior Identity Management Engineer & IDM Architect<o:p></o:p></span></pre>
<pre><span lang="EN-US"> evolveum.com evolveum.com/blog/<o:p></o:p></span></pre>
<pre><span lang="EN-US"> ___________________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US"> "Semper Id(e)M Vix."<o:p></o:p></span></pre>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">midPoint mailing list<o:p></o:p></span></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a><span lang="EN-US"><o:p></o:p></span></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span lang="EN-US"><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">-- <o:p></o:p></span></pre>
<pre><span lang="EN-US"> Ing. Ivan Noris<o:p></o:p></span></pre>
<pre><span lang="EN-US"> Senior Identity Management Engineer & IDM Architect<o:p></o:p></span></pre>
<pre><span lang="EN-US"> evolveum.com evolveum.com/blog/<o:p></o:p></span></pre>
<pre><span lang="EN-US"> ___________________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US"> "Semper Id(e)M Vix."<o:p></o:p></span></pre>
</div>
</body>
</html>