Share via

Exchange Emergency Mitigation / XML-File contains expired Certificates - source https://officeclient.microsoft.com/getexchangemitigations

Wolfgang Ströhlein 21 Reputation points
Jun 13, 2022, 1:31 PM

Hi together!

Since June, 9th 19:49 CEST (Berlin) MSExchange Mitigation Service throws errors every hour:

Jun 13 11:27:48 49152.1008 MSExchange_Mitigation_Service An unexpected exception occurred. Diagnostic information: Exception encountered while fetching mitigations : System.Exception: This XML is not deemed safe to consume since Response xml's signing cert is invalid or not from microsoft bei Microsoft.Exchange.Mitigation.Service.Common.SignatureVerifierUtils.ThrowIfIntegrityChecksFail(SafeXmlDocument xmlDoc) bei Microsoft.Exchange.Mitigation.Service.Common.SignatureVerifierUtils.GetValidatedDocumentWithoutSignature(SafeXmlDocument xmlDoc) bei Microsoft.Exchange.Mitigation.Service.Common.Utils.FetchDataFromXmlStream[T](Stream stream) bei Microsoft.Exchange.Mitigation.Service.Common.Utils.FetchMitigationsFromUrl[T](String url, RemoteCertificateValidationCallback certValidationCallback, X509Certificate clientAuthCert, Boolean isResponseJson) bei Microsoft.Exchange.Mitigation.Service.MitigationCloudServiceV2.FetchMitigations() bei Microsoft.Exchange.Mitigation.Service.Mitigations.MitigationEngine.FetchAndApplyMitigation()

After Investigation your XML-File "PING1" from https://officeclient.microsoft.com/getexchangemitigations i figured out, that your X509Certificate has expired (Tag X509Data - X509Certificate):
RAW-Data as per now:
MIIGCTCCA/GgAwIBAgITMwAAAjqaxD9adf61fAAAAAACOjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMB4XDTIxMDYxMDE4NDQxMloXDTIyMDYwOTE4NDQxMlowfTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEnMCUGA1UEAxMeTWljcm9zb2Z0IEV4Y2hhbmdlIFhNTCBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9dM4E6w69Lwq1Rejh0vwyo+v4jnnni9zmRCyv9xxwhCSlCf8UcZtl8e8o5qO7OTlXqkw7JjMxZVC11rym4p1tfvOhBRCJ0gnaMP5728qm5E2g13YZmoMh0V4JxsQnQI3PV28l4MUiMTNCeX/Nvkj+ojnOV8ypbCEZrW9W73oS0LaApigN1LEBVAimt/4kg5lqeUux+Rvdn+M/FlE2C6AFKuPeb8f0YrRgUS5xIcb6LmIBbfNlnlAYcJM6qy+ercj+gYyFjWRdUQZM1tw4eTyXQhX7rtpk+vtPOcCV5pUhQe/6rSUcMFIFDfAu17OZK+oKzKhe+ZNjgo6F+evr8SnvQIDAQABo4IBfzCCAXswIAYDVR0lBBkwFwYIKwYBBQUHAwMGCysGAQQBgjdMOQELMB0GA1UdDgQWBBRrQYqQ4HWN1StB2eYy7NP0NkAxBDBQBgNVHREESTBHpEUwQzEpMCcGA1UECxMgTWljcm9zb2Z0IE9wZXJhdGlvbnMgUHVlcnRvIFJpY28xFjAUBgNVBAUTDTQ2NDg2OCs0NjQ4NzkwHwYDVR0jBBgwFoAUSG5k5VAF04KqFzc3IrVtqMp1ApUwVAYDVR0fBE0wSzBJoEegRYZDaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljQ29kU2lnUENBMjAxMV8yMDExLTA3LTA4LmNybDBhBggrBgEFBQcBAQRVMFMwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljQ29kU2lnUENBMjAxMV8yMDExLTA3LTA4LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQARts69VpMn56WbNtOtux5sm62G8+GDsrWYwlOw6VL+k5gJ3pG/XjTniC2yz8STpzyA/KO3RQ+nbXMQFP5do3VnxIprdzFB1LBVIpmCeNKIBeB2BxCbuFEqDVqa/Np6KaXYNLHB56pcpZaU2ZlzZ9HMrD5szWyKPeUxjB7S8uNUWMBA2bJp90s7W7WiaiEt+M2MogPpRa1tzTu5og3mWW+rTD/r9IhC14ynBOEvvBPaL0Iev0uWfqeS0cxxCFIGw9bWPkRyNX08LF5oEEq+PfU9jSTvjhfMU7alGD1D1EGsUqJ5p5ZZZtiWzJBjVY4ovuPocn8LNeDkMS893XBiRBpG8yOyUQB2rD1xLI4vHzFoK967qOz7fCEjFcgiTqocu59GrcnoDg8tLRezt6MuOwerMssBUx0WZvlI4pb8kas3sX2c1RuenIRrK4B0kKUY69Gg6SZqHySxQRe/pMuHe+5z3dLppa+gjzz0l5FJGOZ/mnCyTQtWFhmVegqhEas5Oa1mdwooPLR6n97WAxQgRXAeKfRT4W/4FopL8/Qv9SCkjcdC+KTm2UHMWJn5n984l0gldDSiaUYRbJoVsLN/FtMHbI+IMKww+33nALK2vhjKmKOMI4QN80n5B/8jjoyFTTwNlomVALy0U3cJTYnrHMXIugbwTNxt1v3tAnnmi8PS0g==

Decoded Data (via https://tools.keycdn.com/ssl):

The certificate has expired (2022-06-09T18:44:12+00:00 ISO 8601).

  1. Subject CN: Microsoft Exchange XML Signing > Issuer CN: Microsoft Code Signing PCA 2011

Decoded Certificate

{
"name": "/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Exchange XML Signing",
"subject": {
"C": "US",
"ST": "Washington",
"L": "Redmond",
"O": "Microsoft Corporation",
"CN": "Microsoft Exchange XML Signing"
},
"hash": "23a28e10",
"issuer": {
"C": "US",
"ST": "Washington",
"L": "Redmond",
"O": "Microsoft Corporation",
"CN": "Microsoft Code Signing PCA 2011"
},
"version": 2,
"serialNumber": "0x330000023A9AC43F5A75FEB57C00000000023A",
"serialNumberHex": "330000023A9AC43F5A75FEB57C00000000023A",
"validFrom": "210610184412Z",
"validTo": "220609184412Z",
"validFrom_time_t": 1623350652,
"validTo_time_t": 1654800252,
"signatureTypeSN": "RSA-SHA256",
"signatureTypeLN": "sha256WithRSAEncryption",
"signatureTypeNID": 668,
"purposes": {
"1": [
false,
false,
"sslclient"
],
"2": [
false,
false,
"sslserver"
],
"3": [
false,
false,
"nssslserver"
],
"4": [
false,
false,
"smimesign"
],
"5": [
false,
false,
"smimeencrypt"
],
"6": [
true,
false,
"crlsign"
],
"7": [
true,
true,
"any"
],
"8": [
true,
false,
"ocsphelper"
],
"9": [
false,
false,
"timestampsign"
]
},
"extensions": {
"extendedKeyUsage": "Code Signing, 1.3.6.1.4.1.311.76.57.1.11",
"subjectKeyIdentifier": "6B:41:8A:90:E0:75:8D:D5:2B:41:D9:E6:32:EC:D3:F4:36:40:31:04",
"subjectAltName": "DirName:OU = Microsoft Operations Puerto Rico, serialNumber = \"464868+464879\"",
"authorityKeyIdentifier": "keyid:48:6E:64:E5:50:05:D3:82:AA:17:37:37:22:B5:6D:A8:CA:75:02:95\n",
"crlDistributionPoints": "\nFull Name:\n URI:http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl\n",
"authorityInfoAccess": "CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt\n",
"basicConstraints": "CA:FALSE"
}
}

Please update as soon as possible ... Exchangeadmins with active MSExchange Mitigation Service are very unhappy.

Thanks.

Wolfgang S. from Germany

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,821 questions
Accepted answer
  1. Andy David - MVP 153.4K Reputation points MVP
    Jun 13, 2022, 2:29 PM

    Ok, got confirmation this is being worked on and will be fixed.

    Also see. Other certs were forgotten as well :)
    https://www.theregister.com/2022/06/10/microsoft_insider_certificate/

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wolfgang Ströhlein 21 Reputation points
    Jun 14, 2022, 5:45 AM

    Hi, AndyDavid!

    Thank you. The issue seems resolved since June 14th 01:28 (CET)!

    Best Regards,
    Wolfgang

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.