SteveMat11
asked on
Broken Exchange 2007 OWA after SSL Install
I was following instructions online after unsuccessfully installing a renewal SSL cert for exchange 2007 owa. It had me run a command to overwrite the default SMTP cert by using this "certutil -repairstore" command. After I ran that, I went from users getting a cert error to a 404! Anyone have any ideas how I can get my OWA back up and running?
Running SBS 2008 with Exchange 2007
Running SBS 2008 with Exchange 2007
Do you have SP2 for Exchange on SBS machine?
Does the Exchange 2007 is updated with the latest servicepacks? If not, update it. It will fix the problem.
Hope this helps,
Shree
Hope this helps,
Shree
ASKER
Tony, I tried those exact instructions. It asked me if I wanted to overwrite, I said yes. I still have nothing. I am using a GoDaddy SSL Cert. Thanks for any help you can give.
ASKER
Not sure if this matters but the cert file extension is .crt not .cer
Hmm. Can you see the certificate in the cert manager snapin?
Start -> Run -> MMC -> File -> Add/Remove Snapin -> Certificate -> Computer Account -> Local Computer
Can you confirm the certificate is there and has a private key?
Start -> Run -> MMC -> File -> Add/Remove Snapin -> Certificate -> Computer Account -> Local Computer
Can you confirm the certificate is there and has a private key?
ASKER
Ah yes - OWA in 2007/2010 has to be via HTTPS
What are you getting now?
What are you getting now?
ASKER
Error 403
I'm seeing 503 when I look (when I reread, I saw your owa address!) - service unavailable.
Has anything else changed? Any other software installed?
Has anything else changed? Any other software installed?
If you're getting 403, I suspect you aren't adding /OWA to the end of the web address?
i.e. https://address/owa
i.e. https://address/owa
ASKER
nothing, i believe you got the 503 when I was restarting iis.
Ha yeah that'd do it :)
This is weird because your cert looks ok from here although once we get this going we maybe need to talk about SAN/UC certs down the line.
Anything in the event logs?
This is weird because your cert looks ok from here although once we get this going we maybe need to talk about SAN/UC certs down the line.
Anything in the event logs?
If you run the Get-ExchangeCertificate command, what do you get back?
ASKER
nope, checked there. Basically what I did right before it broke was did a -repairstore on the cert per instructions I had found line since I was getting an error while trying to install it. It said something about private key missing and the instructions said to use the repairstore command if that happened. As soon as I did that, it stopped working.
ASKER
i get back the following:
mail.cihva.org (this is what I purchased from godaddy) Services are "WS"
livewire - no services
remote.cihva.org "IPWS"
WMSVC-WIN-SOMETHING.... No services
sbsserver.cihva.local "IPS"
Sites "IPS"
CIHVA-SBSSERVER-CA ..... No services
mail.cihva.org (this is what I purchased from godaddy) Services are "WS"
livewire - no services
remote.cihva.org "IPWS"
WMSVC-WIN-SOMETHING.... No services
sbsserver.cihva.local "IPS"
Sites "IPS"
CIHVA-SBSSERVER-CA ..... No services
Try this:
enable-ExchangeCertificate -thumbprint [value you got from above] -services “IIS,IMAP,POP,SMTP”
enable-ExchangeCertificate
ASKER
tried that, nothing
I'm getting the address rewrite in the IE address bar now but it just times out.
Can you have a quick look through the event logs?
Can you have a quick look through the event logs?
mail.cihva.org (this is what I purchased from godaddy) Services are "WS"
W = Web
S = SMTP
That should be ok for what we're doing.
The only solution I can see for this appears quite drastic:
Uninstall IIS
Reinstall IIS
Uninstall CAS
Reinstall CAS
Reregister OWA in IIS
The following URL http://support.microsoft.com/default.aspx?kbid=320202
W = Web
S = SMTP
That should be ok for what we're doing.
The only solution I can see for this appears quite drastic:
Uninstall IIS
Reinstall IIS
Uninstall CAS
Reinstall CAS
Reregister OWA in IIS
The following URL http://support.microsoft.com/default.aspx?kbid=320202
ASKER
Would you be opposed to rdping in and taking a look? If not, email me at stevem11 at optonline dot net
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still cant believe he figured this one out. Thanks for all of the help!!!
How To-Enable SSL on Exchange 2007 services.
Step 1: Obtain a SSL certificate- E.g. www.thawte.com or www.verisign.com
Step 2: Import the SSL certificate and copy thumbprint.
- Run the following command where “c:\newcert.cer” is the location and name of your certificate: Import-ExchangeCertificate
- Copy the thumbprint by doing the following:
- Open the Exchange Management Shell.
- Run the following command: dir cert:\LocalMachine\My | fl
- Locate the certificate you just imported and copy the Thumbprint property to the Windows Clipboard.
Step 3: Enable the certificate on the Default Web Site:
- Open the Exchange Management Shell.
- Run the following command: enable-ExchangeCertificate