Monthly Archives: January 2016

“Oi, Admin! you’re not as clever as you think you are!”, or, the importance of doing simple things right.

just had a call from a customer who was having terrible trouble exporting discovery search data to pst from Exchange 2013. The search was apparently running fine, but the download failed with a long error message.


i asked for problem steps recorder output to see what they were doing… (this is from my repro):


if you can spot what they’re doing wrong without reading the error message, well done. have a muttley medal.

this throws the error message:

PLATFORM VERSION INFO Windows : 6.2.9200.0 (Win32NT) Common Language Runtime : 4.0.30319.34209 System.Deployment.dll : 4.0.30319.34274 built by: FX452RTMGDR clr.dll : 4.0.30319.34209 built by: FX452RTMGDR dfdll.dll : 4.0.30319.34274 built by: FX452RTMGDR dfshim.dll : 6.3.9600.16384 (winblue_rtm.130821-1623) SOURCES Deployment url : /">https://localhost/ecp/15.0.1076.9/exporttool/<servername>/ ERROR SUMMARY Below is a summary of the errors, details of these errors are listed later in the log. * Activation of /">https://localhost/ecp/15.0.1076.9/exporttool/<servername>/ resulted in exception. Following failure messages were detected: + Downloading /">https://localhost/ecp/15.0.1076.9/exporttool/<servername>/ did not succeed. + The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. + The remote certificate is invalid according to the validation procedure.

so… what’s wrong there? well, the remote certificate is invalid. fine… but it’s the local machine… the url says “localhost”…. oh… sigh.

they’ve done the standard admin shortcut of going to localhost because they can’t be bothered to type out the unfeasibly long servername, and the client then throws an error, because “localhost” isn’t a subject alternative name on the cert, unsurprisingly. the little red address bar in the screenshot above is a clue, there.

sure enough, when they use the servername instead of the url, everything works like a charm:



the lesson there is “do things right”. localhost will throw errors with https other than just needing to click through a cert warning, so don’t use it. if you are using it, and you get weird behaviour, try attaching to the site with a url that is actually on the SSL certificate.

also, a post script: when it says “if you experience problems, try clearing cookies and signing in again”, why not try clearing the cookies and signing in again, before you ring me up and tell me it doesn’t work? 😀