?
Solved

Certificate error with Website on some terminal servers and not others.

Posted on 2008-10-23
2
Medium Priority
?
420 Views
Last Modified: 2013-12-08
I have a particular site that my users hit on a regular basis.  I have two sites where Terminal services resides.  In my primary site, users can hit mentioned website and everything opens properly.  In my Backup site however they get an error about the certificate. THis error only occurs from my terminal servers.  All Terminal servers are Windows 2003 R2, IE7, and the Root Authority is trusted on Both Servers. I have ran RSOP to make sure that the Group Policies are being applied properly and the results are identical.  The only real difference is the Physical Location and the path to the internet. From My laptop in the Backup Site I can hit the website without issue.  I have attached screenshots of the certificate information one from a working server in the primary site and one from a non-working server in the backup site.  On both instances the root certificate authority is trusted.  I have hit a brick wall, any help would be appreciated.
Cert-Error.doc
0
Comment
Question by:mdennis4422
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22795662
I'm guessing the problem one is the upper half, working lower half.  The upper right pic shows that the root certificate chain is not installed, only the server cert.  I would imagine the error is that it could not be trusted.

For some reason I am having difficulty finding their root chain for direct download, but here are a couple easy alternative methods:
1) Check the email that you got your certs in - they may have the root and intermediate certs attached or a download link there.
2) Open up Certificates MMC and look in the trusted root certificate store for:
"UTN - USERFirst-Hardware" and export that.  Also look here and if not here then in Intermediate store (may be in both or one or the other, either way is OK usually) - "Network Solutions Certificate Authority" and export that as well.

Copy them to your backup server and import them - try manually putting them in the trusted root store for the first and intermediate store for the second.  If this is 2008 server (also do this for Vista, but I'm assuming that isn't running on your server) when selecting from the list check the box underneath for 'show physical stores' prior to putting it in there for each.  For 2003 shouldn't matter if you do or don't, but if still giving you problems can try that.

0
 
LVL 3

Accepted Solution

by:
mdennis4422 earned 0 total points
ID: 22799340
The root certificate was installed, I actually found out that I had a firewall issue with the backup site.  I basically reconfigured the firewall last night and the problem went away.  I had tried exporting and importing the certificate.  My guess is that the firewall was bloocking the certificate from downloading fully.

Mark
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question