Solved

Unable to login to Remote Web Workplace since changing IP address to Server because Security Certificate points to old IP

Posted on 2006-11-01
12
369 Views
Last Modified: 2012-05-05
I recently changed the IP address to our server to resolve VPN issue. I've got everything communicating and no problems so far with the exception of remote login to Web Workplace. Users can access Remote Exchange. Users can access server with VPN now but when they (and myself) have gone to access Remote Web Workplace we get either the following message "the name on security certificate is invalid or does not match the name of the site. Issued to 192.xxx.x.x Issued by 192.xxx.x.x. or get a "page cannot be displayed". How do I go about correcting this matter? Quickly.
0
Comment
Question by:JeTopete
  • 7
  • 5
12 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
Do you have one or two NICs?  If two, did you change the internal IP Address?  If so, or if you have just one NIC, then you need to run the Change Server IP Address Wizard. (If you didn't use this, just run it with your new, current IP).

You will then follow that by rerunning the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw

You can recreate the server certificate within the CEICW.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
Comment Utility
Just the one NIC. I ran the Wizard but failed to run the certificate portion of it or I should say since it wasn't selected I left it as it was not realizing. Do you think that's what it is? I ran it again and initiated a new cert to be issued. I tried logging in last night and although the first window that popped up was a request to download and install a cert, I was still not able to log in. Reviewing the cert still showed the old IP address but I remember seeing something in another post that it could take several days to update. Is this true?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
You "ran the Wizard"?  I mentioned TWO wizards above...

So, no, it doesn't take several days to update this.  You need to run the Change Server IP Address Wizard, then the CEICW to REISSUE the certificate.  Do not skip this part.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
Comment Utility
Already ran both wizards when I changed the IP over the weekend. The wizard that I'm referring to is the CEICW. Originally ran it after I ran the Change Server IP address wizard, but did not create a new web server cert at that time because I was reluctant to change too many things. Did not realize that the cert had been created since all of this was already taken care of by the individual that set the server up last December. I just ran it again yesterday afternoon to reissue the cert. I hope that this takes care of the problem. Truth is I'm a bit concerned because if I issued the cert yesterday afternoon, people would be able to logon, wouldn't they?
0
 

Author Comment

by:JeTopete
Comment Utility
I hate to sound like a total Goober but I tried logging from home again last night and had no luck. The pop up to download the cert came up again but when I looked at the details it still shows that the cert is pointing to the old IP. What am I not doing? Am I missing a step or something?
I was going over the help info on SBS 2003 and it pointed to the location that the certificate should be at. I was able to find it under D:\ClientApps\SBScerts. It shows the date of 11/1 and that is when I created it. I moved the ClientApps folder off of the C drive a couple of months ago to regain disk space. Would that have something to do with it?
Is there a way to verify what IP address the Cert contains? The CEICW shows the correct IP address when I run it. Am I suppose to push it out to the clients somehow?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
The only issue with moving the clientapps folder is that it has to be moved back to install SP1 and then can be moved again to wherever you want.  But if the certificate was in the current ClientApps folder, then there's no problem with that.

Please open IIS Manager and go to Web Sites > Default Web Site.  Right Click for Properties and then go to the Directory Security Tab.  Click the View Certificate and see if that's the one you created on November 1st.  If it isn't you can replace it with the correct one using the "Server Certificate..." button on that screen.

Jeff
TechSoEasy
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:JeTopete
Comment Utility
Okay thanks.
0
 

Author Comment

by:JeTopete
Comment Utility
One more thing. When I ran the CEICW, under the create Web Server Certificate, the Web Server Name listed had our mail.companyname.com already listed when I selected Create a new Web server certificate. The old cert listed the IP address 192.168.1.1 when I looked under the details. Where does the program get the name or information? Should I have changed it to the IP address instead? Is one method preferrible over the other? If this is where the cert gets the information I'm thinking that had the guy who set this up previously listed the mail.company.com instead of the IP address nothing would have broken. Is this true?
0
 

Author Comment

by:JeTopete
Comment Utility
Yes it is listed. I'd like to add one more comment here before closing this. I'm assuming that this has now worked but am unable to verify, I'm waiting on our Sales Manager to get back to me with the results.
As I mentioned three posts ago, the information I was looking over this morning, I read somewhere that I would have to run the CEICW again to set the certificate. I did so right after that and when I accessed the site from here in the office the new cert that was pushing out was the new one I created, it listed the mail.companyname.com. Previously, it still showed the old Cert with the old IP address on it. So I think that was the one step I was missing. Do you agree?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Your certificate needs to be created with the FQDN that you use to connect remotely.  You would never want it to be 192.168.1.1 because that's an internal IP.  It would either need to be something like mail.company.com or your EXTERNAL static IP if that's what you are using to connect.

So, yes, that was the step you were missing.

Jeff
TechSoEasy
0
 

Author Comment

by:JeTopete
Comment Utility
OMGosh!!! LoL. Jeff, you won't believe this but THAT was the gateway IP address. The server IP was 192.168.1.10.
This has been quite a learning experience to say the least.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Well that is a good thing to learn, but it wouldn't have changed the outcome if you had used 192.168.1.10 because again that's the INTERNAL IP for the server.  192.168.x.x is a PRIVATE IP Range and is not resolvable on the Internet.  Take a look at http://sbsurl.com/net101 for info about how your network interfaces with the Internet.

Jeff
TechSoEasy
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now