Solved

Error accessing Certsrv virtual directory

Posted on 2010-11-23
15
1,281 Views
Last Modified: 2012-06-27
Hi experts,

I am trying to access http://server/certsrv on my Exchange server however I am getting 'the page cannot be found 404 error. I could previously access it. bit of history below...

Setting up Active Sync on an Exchange 2003 box as we've picked up a few iPhones recently for management. My first time doing so and I'm using my own SSL certificate and following this article: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html 

Been through it once but when I tried testing using testexchangeconnectivity.com I got an error about the hostname not matching any name on certifiicate. Ok, started the process again, firstly removed the certificate I had setup and started preparing new certificate. its now at the point of trying to log into Microsoft Certificate Services page I am stuck. First time round I had no problem, why so now?

Am using domain admin account and permissions to the certsrv directory all look fine to me. Have ran an IIS reset.

Thanks
0
Comment
Question by:BGilhooley
  • 8
  • 7
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34196187
You may find my guide more helpful when configuring Activesync:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Also - a 3rd party SSL certificate is a lot less hassle to get implemented and also very cheap for Exchange 2003.  If you visit GoDaddy.com and buy a single name cert you are looking at about £30 for 1 year.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34196712

Cheers Alan. Yea read and been told various things on pros/cons of paid versus homemade cert. Was going the paid route initially and then had mind changed but this teething issue has changed me back to paying a little. The GoDaddy Standard SSL will be sufficient you say? i have 2 mail domanis hosted so the multidomain package will cost  €157 for 3 years.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34196802
With Exchange 2003 - you only need a single name domain certificate irrespective of how many domains you have mail for on the server.

I used to have a few domains on my Exchange 2003 server with a single name SSL certificate and it worked fine.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204855

Thanks again Alan. Just to confirm something, I am creating the CSR via IIS now, the Common Name am I right in thinking is going to be mail.mydomain.com (whats it accessed by from the internet) as opposed to FQDN locally servername.domain.com?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204880
Correct - the name (whichever you use), has to resolve externally in DNS on anyone's computer, anywhere in the world.

mail.domain.com will be fine as long as it resolves in DNS correctly.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204887
Cool. Yea thats what im currently accessing the webmail by externally.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204893
Then you should be fine.

The cert will take a few hours to get approved - so you will be without SSL for a while : (

Don't be tempted to do anything with SSL until you receive your certificate and are ready to install it.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 1

Author Comment

by:BGilhooley
ID: 34204915
Thats fine, I'll wait and hope to get it before COB today. thanks for the pointers, Will leave question open until I get it up and running in case I have any more queries ;)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204917
Sure - here if you need anything.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34205865
Got that cert Alan and have it installed. Running the online test though fails whilst doing the foldersync with:

Exchange ActiveSync returned an HTTP 500 response.

 I see you have some suggestions in your guide about this error. First one seems fairly heavy duty recreating the virtual directories, anything else I should be checking for before looking into this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34209544
The virtual directory re-creation is the first step I would take sadly.  It is minimal impact - and quick to complete - method 2 is my preferred method.

Are you using Forms Based Authentication (pretty login screen for OWA or plain Username / Password Window)?
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213431
Alan, thanks again. Something I came across when trying to implement method 2 there.

This Exchange server in ESM - Servers - Protocols - HTTP, has a second HTTP virtual server running to provide OWA to mailboxes for the domain, is this setup an issue? Its here the forms based authtication is enabled.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213608
Alan, looks like I'm in business. Deleted that second HTTP VS and setup the default Exchange VS properly for OWA, got that working then tried the Activesyn online test again. Got 403 error described in your article, went into the global settings and added my account as an exception and test completed successfully. Bingo. Now just need to get an iPhone to test 100% in the morning but I should be good to go I hope.
0
 
LVL 1

Author Closing Comment

by:BGilhooley
ID: 34218240
Thanks Alan, all up and running now. The GoDaddy saved hassle of native certs, plus your article on troubleshooting is top class!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34218337
Fantastic news - well done.

Glad you are sorted and thanks for the comments about my article - it has proven to be popular!

Thanks for the points.

Alan
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now