Solved

Error accessing Certsrv virtual directory

Posted on 2010-11-23
15
1,282 Views
Last Modified: 2012-06-27
Hi experts,

I am trying to access http://server/certsrv on my Exchange server however I am getting 'the page cannot be found 404 error. I could previously access it. bit of history below...

Setting up Active Sync on an Exchange 2003 box as we've picked up a few iPhones recently for management. My first time doing so and I'm using my own SSL certificate and following this article: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html 

Been through it once but when I tried testing using testexchangeconnectivity.com I got an error about the hostname not matching any name on certifiicate. Ok, started the process again, firstly removed the certificate I had setup and started preparing new certificate. its now at the point of trying to log into Microsoft Certificate Services page I am stuck. First time round I had no problem, why so now?

Am using domain admin account and permissions to the certsrv directory all look fine to me. Have ran an IIS reset.

Thanks
0
Comment
Question by:BGilhooley
  • 8
  • 7
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34196187
You may find my guide more helpful when configuring Activesync:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Also - a 3rd party SSL certificate is a lot less hassle to get implemented and also very cheap for Exchange 2003.  If you visit GoDaddy.com and buy a single name cert you are looking at about £30 for 1 year.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34196712

Cheers Alan. Yea read and been told various things on pros/cons of paid versus homemade cert. Was going the paid route initially and then had mind changed but this teething issue has changed me back to paying a little. The GoDaddy Standard SSL will be sufficient you say? i have 2 mail domanis hosted so the multidomain package will cost  €157 for 3 years.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34196802
With Exchange 2003 - you only need a single name domain certificate irrespective of how many domains you have mail for on the server.

I used to have a few domains on my Exchange 2003 server with a single name SSL certificate and it worked fine.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 1

Author Comment

by:BGilhooley
ID: 34204855

Thanks again Alan. Just to confirm something, I am creating the CSR via IIS now, the Common Name am I right in thinking is going to be mail.mydomain.com (whats it accessed by from the internet) as opposed to FQDN locally servername.domain.com?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204880
Correct - the name (whichever you use), has to resolve externally in DNS on anyone's computer, anywhere in the world.

mail.domain.com will be fine as long as it resolves in DNS correctly.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204887
Cool. Yea thats what im currently accessing the webmail by externally.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204893
Then you should be fine.

The cert will take a few hours to get approved - so you will be without SSL for a while : (

Don't be tempted to do anything with SSL until you receive your certificate and are ready to install it.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204915
Thats fine, I'll wait and hope to get it before COB today. thanks for the pointers, Will leave question open until I get it up and running in case I have any more queries ;)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204917
Sure - here if you need anything.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34205865
Got that cert Alan and have it installed. Running the online test though fails whilst doing the foldersync with:

Exchange ActiveSync returned an HTTP 500 response.

 I see you have some suggestions in your guide about this error. First one seems fairly heavy duty recreating the virtual directories, anything else I should be checking for before looking into this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34209544
The virtual directory re-creation is the first step I would take sadly.  It is minimal impact - and quick to complete - method 2 is my preferred method.

Are you using Forms Based Authentication (pretty login screen for OWA or plain Username / Password Window)?
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213431
Alan, thanks again. Something I came across when trying to implement method 2 there.

This Exchange server in ESM - Servers - Protocols - HTTP, has a second HTTP virtual server running to provide OWA to mailboxes for the domain, is this setup an issue? Its here the forms based authtication is enabled.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213608
Alan, looks like I'm in business. Deleted that second HTTP VS and setup the default Exchange VS properly for OWA, got that working then tried the Activesyn online test again. Got 403 error described in your article, went into the global settings and added my account as an exception and test completed successfully. Bingo. Now just need to get an iPhone to test 100% in the morning but I should be good to go I hope.
0
 
LVL 1

Author Closing Comment

by:BGilhooley
ID: 34218240
Thanks Alan, all up and running now. The GoDaddy saved hassle of native certs, plus your article on troubleshooting is top class!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34218337
Fantastic news - well done.

Glad you are sorted and thanks for the comments about my article - it has proven to be popular!

Thanks for the points.

Alan
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question