shandscomb
asked on
https no longer working - post windows update.
L&G,
This past weekend, I applied the following MS security fixes:
Successful 25 April 2004 Security Update for Windows 2000 (KB835732) Automatic update
Successful 25 April 2004 Security Update for Windows 2000 (KB828741) Automatic update
Successful 25 April 2004 Security Update for Windows 2000 (KB837001) Automatic update
Successful 24 April 2004 Critical Update for Internet Explorer 6 Service Pack 1 (KB831167) Automatic update
Successful 24 April 2004 Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB837009) Automatic update
It would appear that having done this, our ability to use owa on port 443 (https://) has vanished.
now, when we type the usual url, we get the usual "This page cannot be displayed" in IE
I've tried it locally, with the same results.
The only thing I can see is this in the event viewer:
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36871
Date: 28/04/2004
Time: 08:02:24
User: N/A
Computer: MAIN-SERVER
Description:
A fatal error occurred while creating an SSL server credential.
I cant find any information on this error, and it's causing me alot of trouble, as we have alot of managers away at the moment, unable to view their mail because the mean IT manager wont open port 80 for them.
Please help !
Note: We signed our own certificate; It's in date, no problems there.
Thanks in advance
Steve
This past weekend, I applied the following MS security fixes:
Successful 25 April 2004 Security Update for Windows 2000 (KB835732) Automatic update
Successful 25 April 2004 Security Update for Windows 2000 (KB828741) Automatic update
Successful 25 April 2004 Security Update for Windows 2000 (KB837001) Automatic update
Successful 24 April 2004 Critical Update for Internet Explorer 6 Service Pack 1 (KB831167) Automatic update
Successful 24 April 2004 Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB837009) Automatic update
It would appear that having done this, our ability to use owa on port 443 (https://) has vanished.
now, when we type the usual url, we get the usual "This page cannot be displayed" in IE
I've tried it locally, with the same results.
The only thing I can see is this in the event viewer:
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36871
Date: 28/04/2004
Time: 08:02:24
User: N/A
Computer: MAIN-SERVER
Description:
A fatal error occurred while creating an SSL server credential.
I cant find any information on this error, and it's causing me alot of trouble, as we have alot of managers away at the moment, unable to view their mail because the mean IT manager wont open port 80 for them.
Please help !
Note: We signed our own certificate; It's in date, no problems there.
Thanks in advance
Steve
jkr
This is caused by the installation of http://www.microsoft.com/germany/ms/technetservicedesk/bulletin/bulletinMS04-011.htm - see http://support.microsoft.com/default.aspx?scid=kb;en-us;261328 ("Cipher Strength Appears as 0-Bit in Internet Explorer") that describes how to fix that problem.
ASKER
That first url is in german, which I dont speak / read - I will try to find the english version.
From looking at the second url, it seems to imply that it's a client error.;
To clarify, it's a windows 2000 Server that im using for Outlook Web Access via https.
Any client in the outside world is having this problem, therefore (IMO) meaning that its something server side ?
I'm sorry if I've misinterpreted your reply.
From looking at the second url, it seems to imply that it's a client error.;
To clarify, it's a windows 2000 Server that im using for Outlook Web Access via https.
Any client in the outside world is having this problem, therefore (IMO) meaning that its something server side ?
I'm sorry if I've misinterpreted your reply.
>>That first url is in german, which I dont speak
Ooops, sorry, the english version is at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Ooops, sorry, the english version is at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Have you confirmed that the OWA is still configured to use SSL in IIS snap in.
See the cause and resolution...
http://support.microsoft.com/default.aspx?kbid=831167
Hope this helps... ;-)
http://support.microsoft.com/default.aspx?kbid=831167
Hope this helps... ;-)
It's an IE issue on the server update...below is the fix.
http://www.microsoft.com/downloads/details.aspx?amp;amp;displaylang=en&familyid=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en
http://www.microsoft.com/downloads/details.aspx?amp;amp;displaylang=en&familyid=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en
ASKER
It was a virus / trojan !
I used TCPView to find the program listening (ntoskrnl.exe of 704KB) and a google search gave me:
http://rgautier.tripod.com/2004_04_25_blogchive.html
And this is the excerpt:
"Found a virus (or a trojan) this morning on two web servers that had been put on servers over the weekend. This virus/trojan disabled the port 443 (SSL) web sites on these two boxes. It was listening on port 443 and another 1489 or somesuch port. I found it using fport.exe to be a file called ntoskrnl.exe. It had installed itself as a service called MS Windows Update, running as SYSTEM. So, I killed the process and moved off the file. Instead of 1660 KB, the file was 704KB, and it was in a different directory c:\winnt\system32\config. Once the service was disabled, IIS had no problem taking the port back.
These two servers had not had the patches that came from Microsoft last week (week before?), and I'm supposing that that was the entry point for this particular bug. I'm still looking through the bug to see what I can see, but it's an executable, so full analysis will be tough, and I probably don't have the time for it."
Problem solved.
Steve
I used TCPView to find the program listening (ntoskrnl.exe of 704KB) and a google search gave me:
http://rgautier.tripod.com/2004_04_25_blogchive.html
And this is the excerpt:
"Found a virus (or a trojan) this morning on two web servers that had been put on servers over the weekend. This virus/trojan disabled the port 443 (SSL) web sites on these two boxes. It was listening on port 443 and another 1489 or somesuch port. I found it using fport.exe to be a file called ntoskrnl.exe. It had installed itself as a service called MS Windows Update, running as SYSTEM. So, I killed the process and moved off the file. Instead of 1660 KB, the file was 704KB, and it was in a different directory c:\winnt\system32\config. Once the service was disabled, IIS had no problem taking the port back.
These two servers had not had the patches that came from Microsoft last week (week before?), and I'm supposing that that was the entry point for this particular bug. I'm still looking through the bug to see what I can see, but it's an executable, so full analysis will be tough, and I probably don't have the time for it."
Problem solved.
Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.