Error accessing Certsrv virtual directory

Hi experts,

I am trying to access http://server/certsrv on my Exchange server however I am getting 'the page cannot be found 404 error. I could previously access it. bit of history below...

Setting up Active Sync on an Exchange 2003 box as we've picked up a few iPhones recently for management. My first time doing so and I'm using my own SSL certificate and following this article: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html 

Been through it once but when I tried testing using testexchangeconnectivity.com I got an error about the hostname not matching any name on certifiicate. Ok, started the process again, firstly removed the certificate I had setup and started preparing new certificate. its now at the point of trying to log into Microsoft Certificate Services page I am stuck. First time round I had no problem, why so now?

Am using domain admin account and permissions to the certsrv directory all look fine to me. Have ran an IIS reset.

Thanks
LVL 1
BGilhooleyAsked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
You may find my guide more helpful when configuring Activesync:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Also - a 3rd party SSL certificate is a lot less hassle to get implemented and also very cheap for Exchange 2003.  If you visit GoDaddy.com and buy a single name cert you are looking at about £30 for 1 year.
0
 
BGilhooleyAuthor Commented:

Cheers Alan. Yea read and been told various things on pros/cons of paid versus homemade cert. Was going the paid route initially and then had mind changed but this teething issue has changed me back to paying a little. The GoDaddy Standard SSL will be sufficient you say? i have 2 mail domanis hosted so the multidomain package will cost  €157 for 3 years.
0
 
Alan HardistyCo-OwnerCommented:
With Exchange 2003 - you only need a single name domain certificate irrespective of how many domains you have mail for on the server.

I used to have a few domains on my Exchange 2003 server with a single name SSL certificate and it worked fine.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
BGilhooleyAuthor Commented:

Thanks again Alan. Just to confirm something, I am creating the CSR via IIS now, the Common Name am I right in thinking is going to be mail.mydomain.com (whats it accessed by from the internet) as opposed to FQDN locally servername.domain.com?
0
 
Alan HardistyCo-OwnerCommented:
Correct - the name (whichever you use), has to resolve externally in DNS on anyone's computer, anywhere in the world.

mail.domain.com will be fine as long as it resolves in DNS correctly.
0
 
BGilhooleyAuthor Commented:
Cool. Yea thats what im currently accessing the webmail by externally.
0
 
Alan HardistyCo-OwnerCommented:
Then you should be fine.

The cert will take a few hours to get approved - so you will be without SSL for a while : (

Don't be tempted to do anything with SSL until you receive your certificate and are ready to install it.
0
 
BGilhooleyAuthor Commented:
Thats fine, I'll wait and hope to get it before COB today. thanks for the pointers, Will leave question open until I get it up and running in case I have any more queries ;)
0
 
Alan HardistyCo-OwnerCommented:
Sure - here if you need anything.
0
 
BGilhooleyAuthor Commented:
Got that cert Alan and have it installed. Running the online test though fails whilst doing the foldersync with:

Exchange ActiveSync returned an HTTP 500 response.

 I see you have some suggestions in your guide about this error. First one seems fairly heavy duty recreating the virtual directories, anything else I should be checking for before looking into this?
0
 
Alan HardistyCo-OwnerCommented:
The virtual directory re-creation is the first step I would take sadly.  It is minimal impact - and quick to complete - method 2 is my preferred method.

Are you using Forms Based Authentication (pretty login screen for OWA or plain Username / Password Window)?
0
 
BGilhooleyAuthor Commented:
Alan, thanks again. Something I came across when trying to implement method 2 there.

This Exchange server in ESM - Servers - Protocols - HTTP, has a second HTTP virtual server running to provide OWA to mailboxes for the domain, is this setup an issue? Its here the forms based authtication is enabled.
0
 
BGilhooleyAuthor Commented:
Alan, looks like I'm in business. Deleted that second HTTP VS and setup the default Exchange VS properly for OWA, got that working then tried the Activesyn online test again. Got 403 error described in your article, went into the global settings and added my account as an exception and test completed successfully. Bingo. Now just need to get an iPhone to test 100% in the morning but I should be good to go I hope.
0
 
BGilhooleyAuthor Commented:
Thanks Alan, all up and running now. The GoDaddy saved hassle of native certs, plus your article on troubleshooting is top class!
0
 
Alan HardistyCo-OwnerCommented:
Fantastic news - well done.

Glad you are sorted and thanks for the comments about my article - it has proven to be popular!

Thanks for the points.

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.