Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.
COURSE of the MONTH
8 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Installation of a UC digital certificate in EBS environment
Posted on 2010-09-20
Dear Experts,
I have just purchased a new cert and want to install it into my EBS environment. Previously we had domainA.com and now we will be using domainB.com. So we still need domainA.com to feature in our organisation for a year (or so).
So I purchased a UC cert from comodo for the fqdn remote.domainA.com and remote.domainB.com. I have completed the cert request in IIS7 on the management server. I exported it and added to the trusted root authority and personal store on the security server (forefront) then added it to listener in the rww publishing rule within forefront.
I have made all the necessary DNS changes for MX and A records for the domainB.com
In exchange, I have added domainB.com to the list of accepted domains and changed the recipient policy to make it the default for sending for all users. I have tested mailflow to and from user@domainB.com and all seems ok.
2 questions:
1. Given the information above, I can still access the rww site by visitng https://remote.domainA.com and all works fine. When I view the certificate presented, it shows me the new one. But when I visit https://remote.domainB.com i get the "The page cannot be displayed " with "Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)"
What gives here?
2. What else have I missed? I'm pretty sure that I have to update and enable the exchange certificate services.
Bear in mind I have no experience with UC certificates and am treading carefully here...
Many thanks in advance.
I have just purchased a new cert and want to install it into my EBS environment. Previously we had domainA.com and now we will be using domainB.com. So we still need domainA.com to feature in our organisation for a year (or so).
So I purchased a UC cert from comodo for the fqdn remote.domainA.com and remote.domainB.com. I have completed the cert request in IIS7 on the management server. I exported it and added to the trusted root authority and personal store on the security server (forefront) then added it to listener in the rww publishing rule within forefront.
I have made all the necessary DNS changes for MX and A records for the domainB.com
In exchange, I have added domainB.com to the list of accepted domains and changed the recipient policy to make it the default for sending for all users. I have tested mailflow to and from user@domainB.com and all seems ok.
2 questions:
1. Given the information above, I can still access the rww site by visitng https://remote.domainA.com and all works fine. When I view the certificate presented, it shows me the new one. But when I visit https://remote.domainB.com i get the "The page cannot be displayed " with "Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)"
What gives here?
2. What else have I missed? I'm pretty sure that I have to update and enable the exchange certificate services.
Bear in mind I have no experience with UC certificates and am treading carefully here...
Many thanks in advance.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
3
11 Comments
you need to install the new certificate onto the exchange server
then run the following to locate the cert
get-exchangecertificate | fl
then using the thumbprint for the new cert run
enable-exchangecertificate
you do not need to restart any services
then run the following to locate the cert
get-exchangecertificate | fl
then using the thumbprint for the new cert run
enable-exchangecertificate
you do not need to restart any services
Ok. great. Will that sort the problem of accessing RWW using the https://remote.domainB.com ?
the error displayed in IE8 is:
The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
--------------------------
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
--------------------------
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
--------------------------
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
--------------------------
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
try going to
https://remote.domainb.com/owa
https://remote.domainb.com/owa
just the same. I will install the cert on the exchange server tomorrow to see if that fixes the issues and report back.
thanks.
thanks.
I installed the new cert on the exchange server. I ran the enable-exchangecertificate
Any thoughts.
Any thoughts.
I have looked at the forefront logs and found the following entry. I have changed the private names and addresses where applicable:
##########################
Denied Connection SECURITYSERVER 21/09/2010 12:06:56
Log type: Web Proxy (Reverse)
Status: 12202 The Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (external IP)
Destination: Local Host (192.168.1.2:443)
Request: GET http://remote.domainB.com/
Filter information: Req ID: 228512d6; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.3...
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type: -
##########################
It would appear that ISA is denying access when the name remote.domainB.com is used by the client.
Any further thoughts?
##########################
Denied Connection SECURITYSERVER 21/09/2010 12:06:56
Log type: Web Proxy (Reverse)
Status: 12202 The Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (external IP)
Destination: Local Host (192.168.1.2:443)
Request: GET http://remote.domainB.com/
Filter information: Req ID: 228512d6; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.3...
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type: -
##########################
It would appear that ISA is denying access when the name remote.domainB.com is used by the client.
Any further thoughts?
When you set up the publishing rule on your ISA, did you import the private key with the certificates?
I believe so. I exported the cert from the management server and imported it into ISA. Then i added it to the listener.
I got this resolved. Please see the link below:
http://www.experts-exchange.com/Microsoft/Windows_Security/Q_26537328.html
Thanks for your input.
http://www.experts-exchange.com/Microsoft/Windows_Security/Q_26537328.html
Thanks for your input.
Featured Post
Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync.
To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online.
The email signature template has been downloaded from:
www.mail-signatures…
Suggested Courses
Course of the Month8 days, 20 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.