?
Solved

Error accessing Certsrv virtual directory

Posted on 2010-11-23
15
Medium Priority
?
1,287 Views
Last Modified: 2012-06-27
Hi experts,

I am trying to access http://server/certsrv on my Exchange server however I am getting 'the page cannot be found 404 error. I could previously access it. bit of history below...

Setting up Active Sync on an Exchange 2003 box as we've picked up a few iPhones recently for management. My first time doing so and I'm using my own SSL certificate and following this article: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html 

Been through it once but when I tried testing using testexchangeconnectivity.com I got an error about the hostname not matching any name on certifiicate. Ok, started the process again, firstly removed the certificate I had setup and started preparing new certificate. its now at the point of trying to log into Microsoft Certificate Services page I am stuck. First time round I had no problem, why so now?

Am using domain admin account and permissions to the certsrv directory all look fine to me. Have ran an IIS reset.

Thanks
0
Comment
Question by:BGilhooley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 34196187
You may find my guide more helpful when configuring Activesync:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html

Also - a 3rd party SSL certificate is a lot less hassle to get implemented and also very cheap for Exchange 2003.  If you visit GoDaddy.com and buy a single name cert you are looking at about £30 for 1 year.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34196712

Cheers Alan. Yea read and been told various things on pros/cons of paid versus homemade cert. Was going the paid route initially and then had mind changed but this teething issue has changed me back to paying a little. The GoDaddy Standard SSL will be sufficient you say? i have 2 mail domanis hosted so the multidomain package will cost  €157 for 3 years.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34196802
With Exchange 2003 - you only need a single name domain certificate irrespective of how many domains you have mail for on the server.

I used to have a few domains on my Exchange 2003 server with a single name SSL certificate and it worked fine.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:BGilhooley
ID: 34204855

Thanks again Alan. Just to confirm something, I am creating the CSR via IIS now, the Common Name am I right in thinking is going to be mail.mydomain.com (whats it accessed by from the internet) as opposed to FQDN locally servername.domain.com?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204880
Correct - the name (whichever you use), has to resolve externally in DNS on anyone's computer, anywhere in the world.

mail.domain.com will be fine as long as it resolves in DNS correctly.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204887
Cool. Yea thats what im currently accessing the webmail by externally.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204893
Then you should be fine.

The cert will take a few hours to get approved - so you will be without SSL for a while : (

Don't be tempted to do anything with SSL until you receive your certificate and are ready to install it.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34204915
Thats fine, I'll wait and hope to get it before COB today. thanks for the pointers, Will leave question open until I get it up and running in case I have any more queries ;)
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34204917
Sure - here if you need anything.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34205865
Got that cert Alan and have it installed. Running the online test though fails whilst doing the foldersync with:

Exchange ActiveSync returned an HTTP 500 response.

 I see you have some suggestions in your guide about this error. First one seems fairly heavy duty recreating the virtual directories, anything else I should be checking for before looking into this?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34209544
The virtual directory re-creation is the first step I would take sadly.  It is minimal impact - and quick to complete - method 2 is my preferred method.

Are you using Forms Based Authentication (pretty login screen for OWA or plain Username / Password Window)?
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213431
Alan, thanks again. Something I came across when trying to implement method 2 there.

This Exchange server in ESM - Servers - Protocols - HTTP, has a second HTTP virtual server running to provide OWA to mailboxes for the domain, is this setup an issue? Its here the forms based authtication is enabled.
0
 
LVL 1

Author Comment

by:BGilhooley
ID: 34213608
Alan, looks like I'm in business. Deleted that second HTTP VS and setup the default Exchange VS properly for OWA, got that working then tried the Activesyn online test again. Got 403 error described in your article, went into the global settings and added my account as an exception and test completed successfully. Bingo. Now just need to get an iPhone to test 100% in the morning but I should be good to go I hope.
0
 
LVL 1

Author Closing Comment

by:BGilhooley
ID: 34218240
Thanks Alan, all up and running now. The GoDaddy saved hassle of native certs, plus your article on troubleshooting is top class!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34218337
Fantastic news - well done.

Glad you are sorted and thanks for the comments about my article - it has proven to be popular!

Thanks for the points.

Alan
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question