Configuring Windows 2003 Certificate Services for OWA 2003 SSL: Template and 404 Errors

Posted on 2004-11-14
Last Modified: 2012-06-27
I conducted fairly extensive tests and don't want to create a hard-to-read narrative.  So, for clarity, let's divide this up and use numbered items.

To enable SSL for OWA 2003 by using Windows 2003 Certificate Services, the following was tried.

1. Installed Certificate Services on the Exchange 2003 server.

2. Created a pending certificate request from the Default Web Site on the MSExch 2003 server

3. Browsed to http://exchangeserver/certsrv to submit a certificate request

4. Selected the "Request a Certificate" link

4. The first indication of trouble was that the certificate services interface failed to present the expected options for creating either a User Cert or submitting an Advanced Certificate Request and proceeded, immediately after the "Request a Certificate" link was clicked, to the "Advanced Certificate Request" page.  This was unexpected behavior.

5. From the "Advanced Certificate Request" page the "Submit a certificate request by using a base 64 encoded CMC..." option was selected.

6. The Certificate Services interface produced an error message: "No Certificate Templates Could be Found..."

7. Researched this error and found a Microsoft recommenced fix: use ADSIEDIT.msc to verify that the dNSHostName attribute of Active Directory matches the sServerConfig value found within the file.

8. Followed this advice but found zero discrepancies - the relevant values within Active Directory and the file matched precisely.

At this point, I decided to try another route.

1. I installed Certificate Services on the domain controller (also running Windows Server 2003).

2. After installation was complete I browsed to http://domaincontroller/certsrv to submit a certificate request.

3. This time, the interface behaved as expected and produced zero errors.

4. Using the "Submit a certificate request by using a base 64 encoded CMC..." option, I pasted the contents of the certificate request generated by the Exchange server's default website request - certreq.txt - into the appropriate field and downloaded the certificate.

5. I then completed the pending certificate request on the Exchange server's IIS server by appending the downloaded certificate to the default website.

6. The "Require secure channel" option was selected to enforce SSL.

This seemed to go without incident but the following behavior occurred.

1. I browsed to https://exchangeserver/exchange and, as expected, was prompted to accept a certificate.

2. After the certificate was accepted, I received a "Page Not Found" error.

All very frustrating.

Important Notes.

Before trying this on the production servers, I attempted it in a test environment.  The test went forward without a hitch, inspiring confidence of success (all an illusion, as it turned out) but there is a (potentially) significant difference between the test and live situations.

The test box is both a domain controller and an Exchange server.

In the production environment the Certificate Services interface behaved as expected on the domain controller but malfunctioned on the Exchange server.

I'm wondering if there are unknown (to me) dependencies that are spoiling my efforts.

Any help or guidance would be appreciated and of course, point rewarded.
Question by:idoru345
    LVL 40

    Accepted Solution

    Rather than drill through this entire list, ck out this article and see if it will help you...  I use this site for all my exchange issue problems...

    Implementing Email Security with Exchange Server 2003


    Author Comment

    Thanks FE.

    I'll give the info at the link a try and let you know whether it solves these problems.

    LVL 40

    Expert Comment

    You are welcome..  look forward to hearing some good results..


    Author Comment


    Well unfortunately the directions available at the site were of zero help.  Although interesting, it didn't actually address the issue at-hand, which revolved around the Win 2003's Certificate Services' inability to generate certs.

    I decided to boil the problem down to its simplest components and see what other options presented themselves.

    In a nutshell, I was trying to activate SSL for OWA 2003 using a certificate generated from Win 2003 Cert Services.

    I figured this would be easier than going through an outside CA.  But, after struggling with Win 2003 Cert Services' persistent error announcing that "no certificate templates could be found" (which wasn't solved by using Microsoft's recommended action of making sure the dNSHostName attribute of the pkiEnrollmentService object matched the sServerConfig value of the file) I decided to cut my losses and use FreeSSL (just learned about them today) to generate a cert for me.

    Using their cert I was able to get SSL up and running just fine on OWA within minutes.

    Since I used Microsoft's suggested fix - to no avail - I haven't a clue as to why Cert Services fell down on the job.  Even so, because you replied so fast and helped me eliminate the possibilities I'm awarding you all the points.
    LVL 40

    Expert Comment

    That is a great tip regarding FreeSSL...  much better ($ wise) than Verisign, eh?  Thanks for letting me  (us) know about it.

    And thanks for the pts..

    LVL 1

    Expert Comment

    I think I have exactely the same problem. Where can I find this free SSL provider and can you give me a qucik 30 seconds heads up on what I'm going to have to do.



    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now