MailStore Client Troubleshooting
Contents |
Unless MailStore Client is running under the system account, it cannot connect to MailStore Server
Problem: After the installation, the MailStore Server service was configured to run under a particular user account instead of the system account. Now, MailStore Clients are no longer able to connect to MailStore Server.
Solution: The problem is caused by missing access rights to the private key of the MailStore Server SSL certificate which was generated during the setup process. Resolving this issue requires the use of the winhttpcertcfg tool included in the Windows Support Tools. You can download winhttpcertcfg here.
Please proceed as follows:
Finding the Right Certificate Store
First, determine whether the certificate was installed in the Root or in the MY certificate store. The following commands have to be executed by the same user who installed MailStore Server on the machine.
winhttpcertcfg -l -c LOCAL_MACHINE\Root -s MailStoreServer
If this creates the following output
Microsoft (R) WinHTTP Certificate Configuration Tool Copyright (C) Microsoft Corporation 2001. Error: Unable to find or obtain a context for requested certificate
the certificate is not stored in the machine's root certificate store. If the output looks like this:
Microsoft (R) WinHTTP Certificate Configuration Tool Copyright (C) Microsoft Corporation 2001. Matching certificate: CN=MailStoreServer Additional accounts and groups with access to the private key include: NT-AUTORITÄTSYSTEM
the private key is stored in the root certificate store of your machine. Please proceed to Root Certificate Store.
If the certificate is not stored in the machine's root certificate store, execute the following command:
winhttpcertcfg -l -c LOCAL_MACHINE\MY -s MailStoreServer
The output should look like this now:
Microsoft (R) WinHTTP Certificate Configuration Tool Copyright (C) Microsoft Corporation 2001. Matching certificate: CN=MailStoreServer Additional accounts and groups with access to the private key include: NT-AUTORITÄTSYSTEM DOMAINUSER
This confirms that the certificate is stored in the machine's MY certificate store. Please proceed to MY Certificate Store.
Root Certificate Store
If the private key is located in the Root store, please continue with this command:
winhttpcertcfg -g -c LOCAL_MACHINE\Root -s MailStoreServer -a <domainuser>
where <domainuser> is the user who currently runs the MailStore Server process. Just a final check with
winhttpcertcfg -l -c LOCAL_MACHINE\Root -s MailStoreServer
should give the following output:
Microsoft (R) WinHTTP Certificate Configuration Tool Copyright (C) Microsoft Corporation 2001. Matching certificate: CN=MailStoreServer Additional accounts and groups with access to the private key include: NT-AUTORITÄTSYSTEM DOMAINUSER
You can see that DOMAINUSER has beed added to the list of additional users with access to the private key. Once you restart MailStore Server, your clients should be able to connect to MailStore Server again.
MY Certificate Store
In case the private key is stored in the MY certificate store, execute this command
winhttpcertcfg -g -c LOCAL_MACHINE\MY -s MailStoreServer -a <domainuser>
where <domainuser> is the user who currently runs MailStore Server. Just a final check with
winhttpcertcfg -l -c LOCAL_MACHINE\MY -s MailStoreServer
should give the following output
Microsoft (R) WinHTTP Certificate Configuration Tool Copyright (C) Microsoft Corporation 2001. Matching certificate: CN=MailStoreServer Additional accounts and groups with access to the private key include: NT-AUTORITÄTSYSTEM DOMAINUSER
See that DOMAINUSER has beed added to the list of additional users with access to the private key? Fine. Then it is time to give MailStore Server a restart and your clients should now be able to connect to MailStore Server again.
Login fails after the initial installation
Problem: After the first time installation of MailStore Server, you are unable to log in.
Solution: Here is a list of things to check:
- Open the MailStore Server Service Configuration from the start menu and check the Windows event log for potential problems preventing MailStore Server from starting.
- If there is nothing special in the logs and it looks like MailStore Server is running, check if the IP Addresses and Ports section of the MailStore Server Service Configuration shows
Listen on: (All IP addresses)
- Check if localhost can be resolved via DNS. Open the command line shell (cmd.exe) and enter:
ping localhost
- If the reply comes from hostname.yourdomain.local instead of localhost (127.0.0.1), add the following line to the file "C:\WINDOWS\system32\drivers\etc\hosts"
127.0.0.1 localhost
- Finally save this file and reboot your system to activate the changes
- If the previous steps did resolve the problem, please try to run locksmith from the MailStore Server Service Configuration tool to restore the admin password.
- If the login still fails, please contact the MailStore technical support.
