Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Certificate error with Website on some terminal servers and not others.

Posted on 2008-10-23
2
Medium Priority
?
422 Views
Last Modified: 2013-12-08
I have a particular site that my users hit on a regular basis.  I have two sites where Terminal services resides.  In my primary site, users can hit mentioned website and everything opens properly.  In my Backup site however they get an error about the certificate. THis error only occurs from my terminal servers.  All Terminal servers are Windows 2003 R2, IE7, and the Root Authority is trusted on Both Servers. I have ran RSOP to make sure that the Group Policies are being applied properly and the results are identical.  The only real difference is the Physical Location and the path to the internet. From My laptop in the Backup Site I can hit the website without issue.  I have attached screenshots of the certificate information one from a working server in the primary site and one from a non-working server in the backup site.  On both instances the root certificate authority is trusted.  I have hit a brick wall, any help would be appreciated.
Cert-Error.doc
0
Comment
Question by:mdennis4422
2 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22795662
I'm guessing the problem one is the upper half, working lower half.  The upper right pic shows that the root certificate chain is not installed, only the server cert.  I would imagine the error is that it could not be trusted.

For some reason I am having difficulty finding their root chain for direct download, but here are a couple easy alternative methods:
1) Check the email that you got your certs in - they may have the root and intermediate certs attached or a download link there.
2) Open up Certificates MMC and look in the trusted root certificate store for:
"UTN - USERFirst-Hardware" and export that.  Also look here and if not here then in Intermediate store (may be in both or one or the other, either way is OK usually) - "Network Solutions Certificate Authority" and export that as well.

Copy them to your backup server and import them - try manually putting them in the trusted root store for the first and intermediate store for the second.  If this is 2008 server (also do this for Vista, but I'm assuming that isn't running on your server) when selecting from the list check the box underneath for 'show physical stores' prior to putting it in there for each.  For 2003 shouldn't matter if you do or don't, but if still giving you problems can try that.

0
 
LVL 3

Accepted Solution

by:
mdennis4422 earned 0 total points
ID: 22799340
The root certificate was installed, I actually found out that I had a firewall issue with the backup site.  I basically reconfigured the firewall last night and the problem went away.  I had tried exporting and importing the certificate.  My guess is that the firewall was bloocking the certificate from downloading fully.

Mark
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question