PageIntroduction
PageQuick Start
FolderComponents
  FolderWeb Part
    PageWatch List
    PageExpand Recurrences
    PageReply To
    PageEmail To/Cc/Bcc
    PageSubject and Message
    PageSend When
    PageSend Email
    PageCheck List
    PageRedirect Emails
    PageReminder Support
  FolderConfiguration Tool
    PageSettings
    PageDiagnostics
    PageServer Settings
    PageLicensing
    PageWebParts in use
    PageInclude / Exclude
FolderCommon Scenarios
  PageTasks Due/Overdue
  PageHelpdesk
  PageTeam Calendar
  PageEnhanced Alerts
  PageSimple Workflow
  PageEquipment calibration
  PageAnnouncements
  PageLeft Checked Out
FolderInstallation
  PageWeb Part
  FolderReminder Service
    PageSharePoint 2016/19/Subscription
    FolderSharePoint 2010 & 2013
      PageSingle Server
      PageMultiple Servers
    FolderSharePoint 2007
      PageSingle Server
      PageMultiple Servers
    PageWSSv2 - Multiple Servers
    PageWeb Farms
  PageUpgrade to 2007
  PageUpgrade to 2010
  PageUpgrade to 2013
  PageUpgrade to 2016
  PageUpgrade to 2019
  PageUpgrade to Subscription Edition
FolderTrouble Shooting
  PageService doesn't start
  PageLocal Loopback Check
  PageEmails from Diagnostics tool
  FolderEvent Log Errors
    Page401 Unauthorized
    PageTrust Relationship
  FolderInorrect Url in Email
    Page2010 +
    PageWSSv3 / MOSS 2007
    PageWSSv2 / SPS 2003
  PageWeb Part Errors
FolderFAQ
  PageHow Can I ...?
  PageEmail Addresses
  PageLicensing
  PageSupport & Maintenance
  PageSharePoint Views
  PageNew Web Part Page
  PageAdding a Web Part
  PageDeleting a Web Part
  PageMoving a Web Part
PageRevision History

Troubleshooting - SSL Trust Relationship

  • Could not establish a trust relationship with the remote server when using SSL (HTTPS)
     

    You receive an error similar to this in the event log.

    ReminderWebPartDirectory: Error in processWebPartNode (URL:https://<yoururl> SK:<GUID>)

    System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

     
     

    The reason you receive this error message is that the SSL Certificate is invalid in some way.

    If you were browsing to the site using Internet Explorer you may receive a warning like the one the right. While this gives you the option to ignore the warning and proceed a program running as a Service has no option but to close the connection - hence the error above.

The most common errors are listed here :-

  • Incorrect, expired or invalid SSL security certificate

You will receive a warning in I.E. if you visit the site.

  • The SSL certificate was issued by a company you have not chosen to trust

The Certification Authority is not trusted because it is not in the Trusted Root Certification Authorities store. This commonly occurs if your organisation issues your own SSL certificates, for example using SelfSSL in a development/testing environment.

Note -  You may not receive an error while browsing to the site using I.E. if you or your network administrator has setup the internal Certification Authority to be trusted either for your profile or on your local machine, but has not added the CA Certificate to the servers certificate store.

  • The name of the Security Certificate is invalid

A SSL certificate is only valid for a particular name, or if a wildcard certificate is used, a particular domain. Check that the certificate is valid for the address that is listed in the error message - you can use IE to test this.

Note that a SSL certificate will be valid for a FQDN such as sharepoint.mycompany.com but will not be valid for the IP address that this maps to. This means that if you access the site using the IP address you will receive this error.

If you notice that an IP address or incorrect URL is listed in the error message then you have not set SecureBindings in the IIS metabase. This is similar to the DNS Alias problem as without the SecureBindings property being set SharePoint has no way of determining the DNS name that an IP address represents. You will also notice that SharePoint Administration pages Virtual Server List shows the sites by their IP address or incorrect URL.

To correct this follow the steps listed here to set the SecureBindings metabase property

cscript.exe C:\Inetpub\AdminScripts\adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8d9f2a8f-cd23-448c-b2c7-f4e87b9e2d2c.mspx

Where <hostheader> is the host header for the site and the <site identifier> is IIS's internal Site ID.
  • You need to setup a Service Principal Name

http://support.microsoft.com/kb/871179