Solved

Error accessing Certsrv virtual directory

Posted on 2010-11-23
15
1,280 Views
Last Modified: 2012-06-27
Hi experts,

I am trying to access http://server/certsrv on my Exchange server however I am getting 'the page cannot be found 404 error. I could previously access it. bit of history below...

Setting up Active Sync on an Exchange 2003 box as we've picked up a few iPhones recently for management. My first time doing so and I'm using my own SSL certificate and following this article: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Been through it once but when I tried testing using testexchangeconnectivity.com I got an error about the hostname not matching any name on certifiicate. Ok, started the process again, firstly removed the certificate I had setup and started preparing new certificate. its now at the point of trying to log into Microsoft Certificate Services page I am stuck. First time round I had no problem, why so now?

Am using domain admin account and permissions to the certsrv directory all look fine to me. Have ran an IIS reset.

Thanks
0
Comment
Question by:BGilhooley
  • 8
  • 7
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34196187
You may find my guide more helpful when configuring Activesync:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Also - a 3rd party SSL certificate is a lot less hassle to get implemented and also very cheap for Exchange 2003.  If you visit GoDaddy.com and buy a single name cert you are looking at about £30 for 1 year.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34196712

Cheers Alan. Yea read and been told various things on pros/cons of paid versus homemade cert. Was going the paid route initially and then had mind changed but this teething issue has changed me back to paying a little. The GoDaddy Standard SSL will be sufficient you say? i have 2 mail domanis hosted so the multidomain package will cost  €157 for 3 years.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34196802
With Exchange 2003 - you only need a single name domain certificate irrespective of how many domains you have mail for on the server.

I used to have a few domains on my Exchange 2003 server with a single name SSL certificate and it worked fine.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204855

Thanks again Alan. Just to confirm something, I am creating the CSR via IIS now, the Common Name am I right in thinking is going to be mail.mydomain.com (whats it accessed by from the internet) as opposed to FQDN locally servername.domain.com?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204880
Correct - the name (whichever you use), has to resolve externally in DNS on anyone's computer, anywhere in the world.

mail.domain.com will be fine as long as it resolves in DNS correctly.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204887
Cool. Yea thats what im currently accessing the webmail by externally.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204893
Then you should be fine.

The cert will take a few hours to get approved - so you will be without SSL for a while : (

Don't be tempted to do anything with SSL until you receive your certificate and are ready to install it.
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 1

Author Comment

by:BGilhooley
ID: 34204915
Thats fine, I'll wait and hope to get it before COB today. thanks for the pointers, Will leave question open until I get it up and running in case I have any more queries ;)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204917
Sure - here if you need anything.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34205865
Got that cert Alan and have it installed. Running the online test though fails whilst doing the foldersync with:

Exchange ActiveSync returned an HTTP 500 response.

 I see you have some suggestions in your guide about this error. First one seems fairly heavy duty recreating the virtual directories, anything else I should be checking for before looking into this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34209544
The virtual directory re-creation is the first step I would take sadly.  It is minimal impact - and quick to complete - method 2 is my preferred method.

Are you using Forms Based Authentication (pretty login screen for OWA or plain Username / Password Window)?
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213431
Alan, thanks again. Something I came across when trying to implement method 2 there.

This Exchange server in ESM - Servers - Protocols - HTTP, has a second HTTP virtual server running to provide OWA to mailboxes for the domain, is this setup an issue? Its here the forms based authtication is enabled.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213608
Alan, looks like I'm in business. Deleted that second HTTP VS and setup the default Exchange VS properly for OWA, got that working then tried the Activesyn online test again. Got 403 error described in your article, went into the global settings and added my account as an exception and test completed successfully. Bingo. Now just need to get an iPhone to test 100% in the morning but I should be good to go I hope.
0
 
LVL 1

Author Closing Comment

by:BGilhooley
ID: 34218240
Thanks Alan, all up and running now. The GoDaddy saved hassle of native certs, plus your article on troubleshooting is top class!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34218337
Fantastic news - well done.

Glad you are sorted and thanks for the comments about my article - it has proven to be popular!

Thanks for the points.

Alan
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now