HTTPS has stopped working - SBS 2003 - Cert is valid

A couple of hours ago, I was alerted by my monitoring service that it couldn't connect to the server (the test is done by trying to connect to an https link). Anyway, I checked it myself and it wasn't working.
First thing I did was check the cert as I had the same issue with another client a month before. Anyway, the certificate is valid 1/7/2009 - 1/7/2010

I've tried access from the server itself https://locahost/ - says it can't display the webpage - same message if I check from outside.
Mobile Phones/ActiveSync have stopped working, can't access the server from anywhere using RWW (because of the https)

I checked all the logs, the one "information" alert I found in the system event viewer was Event ID: 12503 - WinHttpAutoProxySvc has been idle for 15 minutes, it will be shut down. But - this message seems to be in the logs alot and doesn't have any correlation to any other downtime.

Not sure what that really means. I reset IIS - nothing changed.

ISA NOT installed.
TrendMicro antivirus.
Windows SBS 2003
Exchange 2003
GoDaddy Certificate
Checkpoint Firewall

Any suggestions?
rheideAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Create a test account and run the Outlook Anywhere test in the Microsoft test site and see what it flags. Post the errors here for more help.

https://www.testexchangeconnectivity.com/
0
rheideAuthor Commented:
Wow, cool app. Here you go:

 
Attempting to Resolve the host name mail.xxx.com in DNS.
 Host successfully Resolved
Additional Details
 IP(s) returned: 74.87.xx.xx
 
Testing TCP Port 443 on host mail.xxx.com to ensure it is listening/open.
 The port was opened successfully.
 
Testing SSL Certificate for validity.
 The SSL Certificate failed one or more certificate validation checks.
 Tell me more about this issue and how to resolve it
 
Additional Details
 A network error occurred while communicating with remote host: 
Exception Details:
Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Type: System.IO.IOException
Stack Trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
Exception Details:
Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Type: System.IO.IOException
Stack Trace:
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()

Open in new window

0
ParanormasticCryptographic EngineerCommented:
Usually resetting IIS is all you need to do, but since that didn't work I would recommend bouncing the box if possible.

You may need to disconnect the network cable for this, but you can try disabling your antivirus and/or software firewall just to rule those out.

If that doesn't work, I would try removing the cert and reinstalling it from a backup .pfx if you had exported it with the private key.  If not, you might try exporting it with the private key and then creating a new cert request and installing that.  

If it is a commercial cert, try calling up the sales team for the commercial CA and explain your situation briefly and ask if they can issue you a test cert to determine if this is the actual issue - most companies will do this for free for testing purposes, although if it does work then they will vary since it is well past the initial issuance whether they will let you keep it for free (since you already paid for it), issue you a shorter-timeframe cert until the original would expire, or give you a credit for the remaining time from your old cert towards the purchase of a new one.

Also, double check permissions to the website and the folder, make sure you can access the page you are trying to access locally as a file instead of through IIS, etc.  Also make a basic test page and publish that to a new test site.

Another option might be to restore from backup if replacing the cert doesn't work.  Maybe resintalling IIS if it isn't too big of a deal, depending on your configuration it may just be easier to restore from tape.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
As the error says "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host."

Check your firewall to see if port 443 is open and is forwarding traffic to the CAS server.

Check this video to setup wild card certs  http://www.msexchange.org/articles_tutorials/videos/exchange-server-2007/mobility-client-access/video-how-to-configure-outlook-anywhere-work-wildcard-certificate.html
0
rheideAuthor Commented:
Rebooting the server worked. I should have done that first but I just thought it was odd that it was "die" in the middle of the morning.

Thanks for all the help.
0
ParanormasticCryptographic EngineerCommented:
Darn servers just aren't worth anything until they've had their morning cup o' coffee...

Glad things are working for you! Thanks for the points...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.