Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

Unable to login to Remote Web Workplace since changing IP address to Server because Security Certificate points to old IP

I recently changed the IP address to our server to resolve VPN issue. I've got everything communicating and no problems so far with the exception of remote login to Web Workplace. Users can access Remote Exchange. Users can access server with VPN now but when they (and myself) have gone to access Remote Web Workplace we get either the following message "the name on security certificate is invalid or does not match the name of the site. Issued to 192.xxx.x.x Issued by 192.xxx.x.x. or get a "page cannot be displayed". How do I go about correcting this matter? Quickly.
0
JeTopete
Asked:
JeTopete
  • 7
  • 5
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Do you have one or two NICs?  If two, did you change the internal IP Address?  If so, or if you have just one NIC, then you need to run the Change Server IP Address Wizard. (If you didn't use this, just run it with your new, current IP).

You will then follow that by rerunning the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw

You can recreate the server certificate within the CEICW.

Jeff
TechSoEasy
0
 
JeTopeteAuthor Commented:
Just the one NIC. I ran the Wizard but failed to run the certificate portion of it or I should say since it wasn't selected I left it as it was not realizing. Do you think that's what it is? I ran it again and initiated a new cert to be issued. I tried logging in last night and although the first window that popped up was a request to download and install a cert, I was still not able to log in. Reviewing the cert still showed the old IP address but I remember seeing something in another post that it could take several days to update. Is this true?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
You "ran the Wizard"?  I mentioned TWO wizards above...

So, no, it doesn't take several days to update this.  You need to run the Change Server IP Address Wizard, then the CEICW to REISSUE the certificate.  Do not skip this part.

Jeff
TechSoEasy
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
JeTopeteAuthor Commented:
Already ran both wizards when I changed the IP over the weekend. The wizard that I'm referring to is the CEICW. Originally ran it after I ran the Change Server IP address wizard, but did not create a new web server cert at that time because I was reluctant to change too many things. Did not realize that the cert had been created since all of this was already taken care of by the individual that set the server up last December. I just ran it again yesterday afternoon to reissue the cert. I hope that this takes care of the problem. Truth is I'm a bit concerned because if I issued the cert yesterday afternoon, people would be able to logon, wouldn't they?
0
 
JeTopeteAuthor Commented:
I hate to sound like a total Goober but I tried logging from home again last night and had no luck. The pop up to download the cert came up again but when I looked at the details it still shows that the cert is pointing to the old IP. What am I not doing? Am I missing a step or something?
I was going over the help info on SBS 2003 and it pointed to the location that the certificate should be at. I was able to find it under D:\ClientApps\SBScerts. It shows the date of 11/1 and that is when I created it. I moved the ClientApps folder off of the C drive a couple of months ago to regain disk space. Would that have something to do with it?
Is there a way to verify what IP address the Cert contains? The CEICW shows the correct IP address when I run it. Am I suppose to push it out to the clients somehow?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The only issue with moving the clientapps folder is that it has to be moved back to install SP1 and then can be moved again to wherever you want.  But if the certificate was in the current ClientApps folder, then there's no problem with that.

Please open IIS Manager and go to Web Sites > Default Web Site.  Right Click for Properties and then go to the Directory Security Tab.  Click the View Certificate and see if that's the one you created on November 1st.  If it isn't you can replace it with the correct one using the "Server Certificate..." button on that screen.

Jeff
TechSoEasy
0
 
JeTopeteAuthor Commented:
Okay thanks.
0
 
JeTopeteAuthor Commented:
One more thing. When I ran the CEICW, under the create Web Server Certificate, the Web Server Name listed had our mail.companyname.com already listed when I selected Create a new Web server certificate. The old cert listed the IP address 192.168.1.1 when I looked under the details. Where does the program get the name or information? Should I have changed it to the IP address instead? Is one method preferrible over the other? If this is where the cert gets the information I'm thinking that had the guy who set this up previously listed the mail.company.com instead of the IP address nothing would have broken. Is this true?
0
 
JeTopeteAuthor Commented:
Yes it is listed. I'd like to add one more comment here before closing this. I'm assuming that this has now worked but am unable to verify, I'm waiting on our Sales Manager to get back to me with the results.
As I mentioned three posts ago, the information I was looking over this morning, I read somewhere that I would have to run the CEICW again to set the certificate. I did so right after that and when I accessed the site from here in the office the new cert that was pushing out was the new one I created, it listed the mail.companyname.com. Previously, it still showed the old Cert with the old IP address on it. So I think that was the one step I was missing. Do you agree?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Your certificate needs to be created with the FQDN that you use to connect remotely.  You would never want it to be 192.168.1.1 because that's an internal IP.  It would either need to be something like mail.company.com or your EXTERNAL static IP if that's what you are using to connect.

So, yes, that was the step you were missing.

Jeff
TechSoEasy
0
 
JeTopeteAuthor Commented:
OMGosh!!! LoL. Jeff, you won't believe this but THAT was the gateway IP address. The server IP was 192.168.1.10.
This has been quite a learning experience to say the least.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Well that is a good thing to learn, but it wouldn't have changed the outcome if you had used 192.168.1.10 because again that's the INTERNAL IP for the server.  192.168.x.x is a PRIVATE IP Range and is not resolvable on the Internet.  Take a look at http://sbsurl.com/net101 for info about how your network interfaces with the Internet.

Jeff
TechSoEasy
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now