We help IT Professionals succeed at work.

SBS 2008 'Set up your Internet address" crashes

kcorbinakc
kcorbinakc asked
on
Medium Priority
7,061 Views
Last Modified: 2012-05-06
When I try to run the 'Set up your Internet address' wizard it crashes when I click 'Configure' with the following error:
Description:
  Stopped working

Problem signature:
  Problem Event Name:      CLR20r3
  Problem Signature 01:      dpcw.exe
  Problem Signature 02:      6.0.5601.0
  Problem Signature 03:      48a22617
  Problem Signature 04:      CNetManagement
  Problem Signature 05:      6.0.0.0
  Problem Signature 06:      48a225e2
  Problem Signature 07:      224
  Problem Signature 08:      38
  Problem Signature 09:      XGZEYFXLD1ZB2Q0GIV0K3Q05ZLHZUF5L
  OS Version:      6.0.6001.2.1.0.305.9
  Locale ID:      1033

I think it all boils down to certificates already on the server.  It shows the mydomain.local CA ConfigString as Go Daddy Secure Certification Authority but it would really be a self signed certificate.  I put 'Go Daddy Secure Certification Authority' in my answer file for the migration, but I thought it was referring to the SSL CA for my Internet domain name cert, not my local domain name certs.  Maybe that's the problem somehow?
I've been banging on my head on this for a couple days now and the clock is ticking on my 21 day migration countdown... :(

Running 'Fix my network settings' doesn't fix anything for me either.  Every problem it finds (Could not configure the router, The Internet domain name is not configured, The Root web certificate is invalid, etc.) it either skips or has errors.

If I open up 'Certification Authority' it has 'Go Daddy Certification Authority' underneath 'Certification Authority (local)'.  How do I delete that and start from scratch with a new local CA?  Is that possible?

Thanks!

The DCPW log says:
[5280] 090210.152032.4993: General: Initializing...C:\Program Files\Windows Small Business Server\Bin\DPCW.exe
[5280] 090210.152032.6865: CoreNet: Retrieving LastBasicConfigSuccessful flag from registry
[5280] 090210.152032.6865: CoreNet: LastBasicConfigSuccessful found.
[5280] 090210.152033.4977: CoreNet: Retrieving Domain Name Max Length from NetworkConfig
[5280] 090210.152042.8268: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.DoYouOwnDomainPage
[5280] 090210.152045.1357: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.DoYouWantToTransferPage
[5280] 090210.152047.2262: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.ProvidLoginInfomationPage
[5280] 090210.152100.0654: CoreNet: Getting root cert
[5280] 090210.152100.1590: CoreNet: CA ConfigString: SERVER01.mydomain.local\Go Daddy Secure Certification Authority
[5280] 090210.152100.1746: CoreNet: CA ConfigString: SERVER01.mydomain.local\Go Daddy Secure Certification Authority
[5280] 090210.152100.1746: CoreNet: Converting to bytes
[5280] 090210.152100.1746: CoreNet: No leaf cert thumbprint found in NetworkConfig

Open in new window

Comment
Watch Question

Author

Commented:
I just saw this: http://sbs.seandaniel.com/2008/08/gotcha-using-sbs-2008-answer-file.html
So maybe it doesn't matter what I put in the answer file as long as it's not my Internet domain name?
So why can't I still set the internet domain name?...
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
You really don't need anything in the CA field of the answer file, and it's best left blank.

So now you need to get rid of that "Go Daddy Secure Certification Authority" from the CA ConfigString.

Follow the steps here to fix it:  http://msmvps.com/blogs/bradley/archive/2009/01/31/watch-that-ca-name.aspx

Jeff
TechSoEasy

Author

Commented:
That link doesn't show how to actually change the CA name, just the domain name you use for remote connections.
So is the solution to wipe the machine and rebuild with a new answer file?  I'm not convinced now that the CA name is the real problem.  It doesn't seem to matter what I put in for the domain name while running the wizard, it crashes with made up names as well.

I'm going to try a re-install  before I try a wipe and rebuild to see if that fixes anything.
Principal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
Well, there's a workaround in that article:

"One solution to the problem is to go into the Advanced settings and use some other URL:

Once in there then remove "remote" and use something else instead to prepend the web site URL for Remote Web Workplace access.  Because the CA is remote.domain.com as set by the answer file, you can't now use remote.domain.com as your Domain name.  "

But to be honest... since you've just installed this server, if it were me, I'd reinstall correctly to avoid any possible problems in the future.

Jeff
TechSoEasy

 

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Well, here's a lesson for those who follow: Make sure you leave the CA field blank!
A re-install didn't fix it and actually broke DHCP.

So, I had to do a full rebuild of the server.  The hassle is though that I had to sieze the FSMO roles back to the original server as well as remove all the Exchange stuff it connects to the original server.  Additionally, I must have still been missing something because I had to rename the server because the install failed when I re-used the new servers name.

Thanks for trying though.  I can't believe M$ made it that much of a hassle...
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Well, the documentation is rather clear... but I would agree that it would have been better if they didn't let you fill that out at all... or did something like they did with the way "remote" has to be changed if you want to use a different FQDN  (it's hidden in an "advanced" setting window).  Because the VAST majority of the time, folks want to leave that field blank.

Glad you got it worked out though.

Jeff
TechSoEasy

Author

Commented:
Well, I think both the documentation and the programming are poor.  If you are allowed to set the CA name to any arbitrary value (regardless of whether it's a valid CA or not) but doing so will hose your installation then that is poor design.  I used a valid CA name and it still hosed it. From MS docs:

"The name of the certificate authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (syntax: <InternalDomainName>-<Windows SBS 2008 ServerName>) to generate a self-signed certificate (for example, Contoso-NewServer)."

Hmm, nothing to fear here.  How could entering a value possible prevent the server from setting the Internet domain name for Exhange and RWW?  Oops!

Maybe by Serviced Pack 1 or something they'll fix it and the docs too.
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Well, they actually have already updated the on-line documentation:
http://technet.microsoft.com/en-us/library/cc707658.aspx
Which now reads:
The name of the certificate authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (the syntax -) to generate a self-signed certificate (for example, Contoso-Server1-CA). This is the name in the Issued By field when you view the certificate from the Internet.

Important:
Do not use the domain name as the certificate authority name.
I would still agree, though, that it should be more fool-proof. (and don't think for a minute that I'm insinuating anything!)    :-)
I'd suggest that you take a moment to help others that may run into this problem by adding your own comments to the TechNet Documentation page I linked above.
Jeff
TechSoEasy

Author

Commented:
Thanks, I think I will!
I got my info from the migration docs: http://technet.microsoft.com/en-us/library/cc527566.aspx
and it has a little less info than the docs you linked to so I'm going to post to both places.
i put mail.domain.com in the answer file and it obviously broke everything. no wizards would run because they all go through sharepoint. the problem was that mail.domain.com was set as the name of the local certification authority and it was distributing mail.domain.com certificate  as a local one that was signed by the sbs 2008.
what i did, i went to certification authority, MMC, Add, Certificates, Local Computer on SBS 2008 and deleted local mail.domain.com certificate from ALL authorities (personal, etc....) then i imported and installed the valid public certificate in place of all that i have deleted. Ran Install My Certificate Wizard and added a valid Pubclic cert. All wizards started running and all issues resolved themselves.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.