Solved

Certificate error with Website on some terminal servers and not others.

Posted on 2008-10-23
2
415 Views
Last Modified: 2013-12-08
I have a particular site that my users hit on a regular basis.  I have two sites where Terminal services resides.  In my primary site, users can hit mentioned website and everything opens properly.  In my Backup site however they get an error about the certificate. THis error only occurs from my terminal servers.  All Terminal servers are Windows 2003 R2, IE7, and the Root Authority is trusted on Both Servers. I have ran RSOP to make sure that the Group Policies are being applied properly and the results are identical.  The only real difference is the Physical Location and the path to the internet. From My laptop in the Backup Site I can hit the website without issue.  I have attached screenshots of the certificate information one from a working server in the primary site and one from a non-working server in the backup site.  On both instances the root certificate authority is trusted.  I have hit a brick wall, any help would be appreciated.
Cert-Error.doc
0
Comment
Question by:mdennis4422
2 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22795662
I'm guessing the problem one is the upper half, working lower half.  The upper right pic shows that the root certificate chain is not installed, only the server cert.  I would imagine the error is that it could not be trusted.

For some reason I am having difficulty finding their root chain for direct download, but here are a couple easy alternative methods:
1) Check the email that you got your certs in - they may have the root and intermediate certs attached or a download link there.
2) Open up Certificates MMC and look in the trusted root certificate store for:
"UTN - USERFirst-Hardware" and export that.  Also look here and if not here then in Intermediate store (may be in both or one or the other, either way is OK usually) - "Network Solutions Certificate Authority" and export that as well.

Copy them to your backup server and import them - try manually putting them in the trusted root store for the first and intermediate store for the second.  If this is 2008 server (also do this for Vista, but I'm assuming that isn't running on your server) when selecting from the list check the box underneath for 'show physical stores' prior to putting it in there for each.  For 2003 shouldn't matter if you do or don't, but if still giving you problems can try that.

0
 
LVL 3

Accepted Solution

by:
mdennis4422 earned 0 total points
ID: 22799340
The root certificate was installed, I actually found out that I had a firewall issue with the backup site.  I basically reconfigured the firewall last night and the problem went away.  I had tried exporting and importing the certificate.  My guess is that the firewall was bloocking the certificate from downloading fully.

Mark
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now