SBS 2008 'Set up your Internet address" crashes

Posted on 2009-02-10
Medium Priority
Last Modified: 2012-05-06
When I try to run the 'Set up your Internet address' wizard it crashes when I click 'Configure' with the following error:
  Stopped working

Problem signature:
  Problem Event Name:      CLR20r3
  Problem Signature 01:      dpcw.exe
  Problem Signature 02:      6.0.5601.0
  Problem Signature 03:      48a22617
  Problem Signature 04:      CNetManagement
  Problem Signature 05:
  Problem Signature 06:      48a225e2
  Problem Signature 07:      224
  Problem Signature 08:      38
  Problem Signature 09:      XGZEYFXLD1ZB2Q0GIV0K3Q05ZLHZUF5L
  OS Version:      6.0.6001.
  Locale ID:      1033

I think it all boils down to certificates already on the server.  It shows the mydomain.local CA ConfigString as Go Daddy Secure Certification Authority but it would really be a self signed certificate.  I put 'Go Daddy Secure Certification Authority' in my answer file for the migration, but I thought it was referring to the SSL CA for my Internet domain name cert, not my local domain name certs.  Maybe that's the problem somehow?
I've been banging on my head on this for a couple days now and the clock is ticking on my 21 day migration countdown... :(

Running 'Fix my network settings' doesn't fix anything for me either.  Every problem it finds (Could not configure the router, The Internet domain name is not configured, The Root web certificate is invalid, etc.) it either skips or has errors.

If I open up 'Certification Authority' it has 'Go Daddy Certification Authority' underneath 'Certification Authority (local)'.  How do I delete that and start from scratch with a new local CA?  Is that possible?


The DCPW log says:
[5280] 090210.152032.4993: General: Initializing...C:\Program Files\Windows Small Business Server\Bin\DPCW.exe
[5280] 090210.152032.6865: CoreNet: Retrieving LastBasicConfigSuccessful flag from registry
[5280] 090210.152032.6865: CoreNet: LastBasicConfigSuccessful found.
[5280] 090210.152033.4977: CoreNet: Retrieving Domain Name Max Length from NetworkConfig
[5280] 090210.152042.8268: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.DoYouOwnDomainPage
[5280] 090210.152045.1357: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.DoYouWantToTransferPage
[5280] 090210.152047.2262: WizardChainEngine Next Clicked: Going to page {0}.: Networking.Wizards.NetSvcWizard.ProvidLoginInfomationPage
[5280] 090210.152100.0654: CoreNet: Getting root cert
[5280] 090210.152100.1590: CoreNet: CA ConfigString: SERVER01.mydomain.local\Go Daddy Secure Certification Authority
[5280] 090210.152100.1746: CoreNet: CA ConfigString: SERVER01.mydomain.local\Go Daddy Secure Certification Authority
[5280] 090210.152100.1746: CoreNet: Converting to bytes
[5280] 090210.152100.1746: CoreNet: No leaf cert thumbprint found in NetworkConfig

Open in new window

Question by:kcorbinakc
  • 5
  • 4

Author Comment

ID: 23606252
I just saw this: http://sbs.seandaniel.com/2008/08/gotcha-using-sbs-2008-answer-file.html
So maybe it doesn't matter what I put in the answer file as long as it's not my Internet domain name?
So why can't I still set the internet domain name?...
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 23615736
You really don't need anything in the CA field of the answer file, and it's best left blank.

So now you need to get rid of that "Go Daddy Secure Certification Authority" from the CA ConfigString.

Follow the steps here to fix it:  http://msmvps.com/blogs/bradley/archive/2009/01/31/watch-that-ca-name.aspx


Author Comment

ID: 23618671
That link doesn't show how to actually change the CA name, just the domain name you use for remote connections.
So is the solution to wipe the machine and rebuild with a new answer file?  I'm not convinced now that the CA name is the real problem.  It doesn't seem to matter what I put in for the domain name while running the wizard, it crashes with made up names as well.

I'm going to try a re-install  before I try a wipe and rebuild to see if that fixes anything.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 23619022
Well, there's a workaround in that article:

"One solution to the problem is to go into the Advanced settings and use some other URL:

Once in there then remove "remote" and use something else instead to prepend the web site URL for Remote Web Workplace access.  Because the CA is remote.domain.com as set by the answer file, you can't now use remote.domain.com as your Domain name.  "

But to be honest... since you've just installed this server, if it were me, I'd reinstall correctly to avoid any possible problems in the future.



Author Comment

ID: 23687062
Well, here's a lesson for those who follow: Make sure you leave the CA field blank!
A re-install didn't fix it and actually broke DHCP.

So, I had to do a full rebuild of the server.  The hassle is though that I had to sieze the FSMO roles back to the original server as well as remove all the Exchange stuff it connects to the original server.  Additionally, I must have still been missing something because I had to rename the server because the install failed when I re-used the new servers name.

Thanks for trying though.  I can't believe M$ made it that much of a hassle...
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 23696469
Well, the documentation is rather clear... but I would agree that it would have been better if they didn't let you fill that out at all... or did something like they did with the way "remote" has to be changed if you want to use a different FQDN  (it's hidden in an "advanced" setting window).  Because the VAST majority of the time, folks want to leave that field blank.

Glad you got it worked out though.


Author Comment

ID: 23696841
Well, I think both the documentation and the programming are poor.  If you are allowed to set the CA name to any arbitrary value (regardless of whether it's a valid CA or not) but doing so will hose your installation then that is poor design.  I used a valid CA name and it still hosed it. From MS docs:

"The name of the certificate authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (syntax: <InternalDomainName>-<Windows SBS 2008 ServerName>) to generate a self-signed certificate (for example, Contoso-NewServer)."

Hmm, nothing to fear here.  How could entering a value possible prevent the server from setting the Internet domain name for Exhange and RWW?  Oops!

Maybe by Serviced Pack 1 or something they'll fix it and the docs too.
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 23697440
Well, they actually have already updated the on-line documentation:
Which now reads:
The name of the certificate authority that you want to use. If you leave this field blank, Windows SBS 2008 uses the internal domain name and the server name (the syntax -) to generate a self-signed certificate (for example, Contoso-Server1-CA). This is the name in the Issued By field when you view the certificate from the Internet.

Do not use the domain name as the certificate authority name.
I would still agree, though, that it should be more fool-proof. (and don't think for a minute that I'm insinuating anything!)    :-)
I'd suggest that you take a moment to help others that may run into this problem by adding your own comments to the TechNet Documentation page I linked above.

Author Comment

ID: 23700885
Thanks, I think I will!
I got my info from the migration docs: http://technet.microsoft.com/en-us/library/cc527566.aspx
and it has a little less info than the docs you linked to so I'm going to post to both places.

Expert Comment

ID: 23770154
i put mail.domain.com in the answer file and it obviously broke everything. no wizards would run because they all go through sharepoint. the problem was that mail.domain.com was set as the name of the local certification authority and it was distributing mail.domain.com certificate  as a local one that was signed by the sbs 2008.
what i did, i went to certification authority, MMC, Add, Certificates, Local Computer on SBS 2008 and deleted local mail.domain.com certificate from ALL authorities (personal, etc....) then i imported and installed the valid public certificate in place of all that i have deleted. Ran Install My Certificate Wizard and added a valid Pubclic cert. All wizards started running and all issues resolved themselves.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question