Link to home
Start Free TrialLog in
Avatar of kcorbinakc
kcorbinakc

asked on

SBS 2008 'Set up your Internet address" crashes

When I try to run the 'Set up your Internet address' wizard it crashes when I click 'Configure' with the following error:
Description:
  Stopped working

Problem signature:
  Problem Event Name:      CLR20r3
  Problem Signature 01:      dpcw.exe
  Problem Signature 02:      6.0.5601.0
  Problem Signature 03:      48a22617
  Problem Signature 04:      CNetManagement
  Problem Signature 05:      6.0.0.0
  Problem Signature 06:      48a225e2
  Problem Signature 07:      224
  Problem Signature 08:      38
  Problem Signature 09:      XGZEYFXLD1ZB2Q0GIV0K3Q05ZLHZUF5L
  OS Version:      6.0.6001.2.1.0.305.9
  Locale ID:      1033

I think it all boils down to certificates already on the server.  It shows the mydomain.local CA ConfigString as Go Daddy Secure Certification Authority but it would really be a self signed certificate.  I put 'Go Daddy Secure Certification Authority' in my answer file for the migration, but I thought it was referring to the SSL CA for my Internet domain name cert, not my local domain name certs.  Maybe that's the problem somehow?
I've been banging on my head on this for a couple days now and the clock is ticking on my 21 day migration countdown... :(

Running 'Fix my network settings' doesn't fix anything for me either.  Every problem it finds (Could not configure the router, The Internet domain name is not configured, The Root web certificate is invalid, etc.) it either skips or has errors.

If I open up 'Certification Authority' it has 'Go Daddy Certification Authority' underneath 'Certification Authority (local)'.  How do I delete that and start from scratch with a new local CA?  Is that possible?

Thanks!

The DCPW log says:
[5280] 090210.152032.4993: General: Initializing...C:\Program Files\Windows Small Business Server\Bin\DPCW.exe
[5280] 090210.152032.6865: CoreNet: Retrieving LastBasicConfigSuccessful flag from registry
[5280] 090210.152032.6865: CoreNet: LastBasicConfigSuccessful found.
[5280] 090210.152033.4977: CoreNet: Retrieving Domain Name Max Length from NetworkConfig
[5280] 090210.152042.8268: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.DoYouOwnDomainPage
[5280] 090210.152045.1357: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.DoYouWantToTransferPage
[5280] 090210.152047.2262: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.ProvidLoginInfomationPage
[5280] 090210.152100.0654: CoreNet: Getting root cert
[5280] 090210.152100.1590: CoreNet: CA ConfigString: SERVER01.mydomain.local\Go Daddy Secure Certification Authority
[5280] 090210.152100.1746: CoreNet: CA ConfigString: SERVER01.mydomain.local\Go Daddy Secure Certification Authority
[5280] 090210.152100.1746: CoreNet: Converting to bytes
[5280] 090210.152100.1746: CoreNet: No leaf cert thumbprint found in NetworkConfig

Open in new window

Avatar of kcorbinakc
kcorbinakc

ASKER

I just saw this: http://sbs.seandaniel.com/2008/08/gotcha-using-sbs-2008-answer-file.html
So maybe it doesn't matter what I put in the answer file as long as it's not my Internet domain name?
So why can't I still set the internet domain name?...
Avatar of Jeffrey Kane - TechSoEasy
You really don't need anything in the CA field of the answer file, and it's best left blank.

So now you need to get rid of that "Go Daddy Secure Certification Authority" from the CA ConfigString.

Follow the steps here to fix it:  http://msmvps.com/blogs/bradley/archive/2009/01/31/watch-that-ca-name.aspx

Jeff
TechSoEasy
That link doesn't show how to actually change the CA name, just the domain name you use for remote connections.
So is the solution to wipe the machine and rebuild with a new answer file?  I'm not convinced now that the CA name is the real problem.  It doesn't seem to matter what I put in for the domain name while running the wizard, it crashes with made up names as well.

I'm going to try a re-install  before I try a wipe and rebuild to see if that fixes anything.
ASKER CERTIFIED SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Well, here's a lesson for those who follow: Make sure you leave the CA field blank!
A re-install didn't fix it and actually broke DHCP.

So, I had to do a full rebuild of the server.  The hassle is though that I had to sieze the FSMO roles back to the original server as well as remove all the Exchange stuff it connects to the original server.  Additionally, I must have still been missing something because I had to rename the server because the install failed when I re-used the new servers name.

Thanks for trying though.  I can't believe M$ made it that much of a hassle...
Well, the documentation is rather clear... but I would agree that it would have been better if they didn't let you fill that out at all... or did something like they did with the way "remote" has to be changed if you want to use a different FQDN  (it's hidden in an "advanced" setting window).  Because the VAST majority of the time, folks want to leave that field blank.

Glad you got it worked out though.

Jeff
TechSoEasy
Well, I think both the documentation and the programming are poor.  If you are allowed to set the CA name to any arbitrary value (regardless of whether it's a valid CA or not) but doing so will hose your installation then that is poor design.  I used a valid CA name and it still hosed it. From MS docs:

"The name of the certificate authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (syntax: <InternalDomainName>-<Windows SBS 2008 ServerName>) to generate a self-signed certificate (for example, Contoso-NewServer)."

Hmm, nothing to fear here.  How could entering a value possible prevent the server from setting the Internet domain name for Exhange and RWW?  Oops!

Maybe by Serviced Pack 1 or something they'll fix it and the docs too.
Well, they actually have already updated the on-line documentation:
http://technet.microsoft.com/en-us/library/cc707658.aspx
Which now reads:
The name of the certificate authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (the syntax -) to generate a self-signed certificate (for example, Contoso-Server1-CA). This is the name in the Issued By field when you view the certificate from the Internet.

Important:
Do not use the domain name as the certificate authority name.
I would still agree, though, that it should be more fool-proof. (and don't think for a minute that I'm insinuating anything!)    :-)
I'd suggest that you take a moment to help others that may run into this problem by adding your own comments to the TechNet Documentation page I linked above.
Jeff
TechSoEasy
Thanks, I think I will!
I got my info from the migration docs: http://technet.microsoft.com/en-us/library/cc527566.aspx
and it has a little less info than the docs you linked to so I'm going to post to both places.
i put mail.domain.com in the answer file and it obviously broke everything. no wizards would run because they all go through sharepoint. the problem was that mail.domain.com was set as the name of the local certification authority and it was distributing mail.domain.com certificate  as a local one that was signed by the sbs 2008.
what i did, i went to certification authority, MMC, Add, Certificates, Local Computer on SBS 2008 and deleted local mail.domain.com certificate from ALL authorities (personal, etc....) then i imported and installed the valid public certificate in place of all that i have deleted. Ran Install My Certificate Wizard and added a valid Pubclic cert. All wizards started running and all issues resolved themselves.