[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

how to repair https (SSL certificate) in SBS 2003

Posted on 2011-04-27
21
Medium Priority
?
918 Views
Last Modified: 2012-05-11
Hi, I have email on an SBS 2003 server. The Exchange server shows emails coming in and out fine. The problem I have is the SSL certificate is not working so when people try to connect to our mail server at mail10.**********.co.uk using https, the connection is not working. How can I trouble shoot IIS and the SSL certificate?
0
Comment
Question by:philswift_tecorum
  • 10
  • 5
  • 4
  • +1
21 Comments
 
LVL 8

Expert Comment

by:npinfotech
ID: 35474366
Is port 443 open on yoru firewall?
0
 
LVL 8

Expert Comment

by:tonyperth
ID: 35474369
If it is a self signed certificate, you can simply rerun the wizard to create a new one, however everyone would need to reinstall the certificate.
0
 
LVL 8

Expert Comment

by:npinfotech
ID: 35474372
Also, can internal clients log into https://yourserver.com/owa ok?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 8

Expert Comment

by:tonyperth
ID: 35474392
To check the current certificate.

Open Internet Information Services IIS Manager on the server.
Expand the server
Expand Web Sites
Right click on "Default Web Site" and select properties
Select the Directory Secuirity TAB
Click "View Certificate"
Check that the certificate is still valid, i.e. still in date etc.
Let me know if it is ok or not.
0
 
LVL 7

Expert Comment

by:Firmin Frederick
ID: 35474710
hi there a certificatge even in error won't prevent a connection so I'm just trying to clarify the problem...of the port 443 is open on your firewall have you bound 443 to the ip address of your exchange server?
0
 

Author Comment

by:philswift_tecorum
ID: 35474902
tonyperth

Hi T

Yes the certificate is valid.

Phil
0
 
LVL 8

Accepted Solution

by:
tonyperth earned 1500 total points
ID: 35474949
Further to npinfotech do either of the following work internally.

https://<yourserversinternalname>/exchange

http://<yourserversinternalname>/exchange

the first one should give you a certificate error, but continue past it.  The second should just work.

Sheild1  If the certificate is not being used then it will stop connection, e.g. when you are requesting a new certificate on an SBS2003 none of the secure web sites are accessible, they just won't open.
0
 

Author Comment

by:philswift_tecorum
ID: 35474953
npinfotech

Hi

https://yourserver.com/owa does not respond, maybe disabled, however, I can acess, send and receive mail via Outlook Web Access with this URL

https://mail.***********.co.uk/Remote/

Phil
0
 

Author Comment

by:philswift_tecorum
ID: 35474963
npinfotech

Port 443 must be open on the mail path route as I can access Outlook Web Access?

Phil
0
 

Author Comment

by:philswift_tecorum
ID: 35474973
SHIELD1:

I suspect connectivity is OK but it is a question of settings or config'

Phil
0
 
LVL 8

Expert Comment

by:tonyperth
ID: 35474999
in exchange 2003 outlook web acces is /exchange, not /owa
0
 
LVL 8

Expert Comment

by:npinfotech
ID: 35475036
Sorry, I saw you have sbs 2003, so the default path is /exchange, not /owa.  

When people try to use the https://mail.***********.co.uk/exchange/ address, what's happening?  Do they  get an error code, or does the browser just hang?

Port 443 has to be open on your firewall/router in order to have clients from outside connect to owa.  You also have to route outside clients hitting port 443 on your firewall/router to your exchange server.
0
 

Author Comment

by:philswift_tecorum
ID: 35475104
tonyperth

Hi T

Bit messy now.

Trying http and https on server via IE (is this ok)? Did it 3 times to check results and all different. Will be back soon.

P
0
 
LVL 7

Expert Comment

by:Firmin Frederick
ID: 35475106
tonyperth - I said that if the certificate was in error, not if it was omitted, then it wouldn't prevent connection ;)
0
 

Author Comment

by:philswift_tecorum
ID: 35475257
tonyperth

Bit messy now.......

OWA is OK from outside, it just says the certifcate is untrusted and we push past that and can get to
the OWA GUI.
I'll back track, this will be fun.......
MD has iPad and Nokia phone both using SSL to connect and now cannot.
User in satellite office can use OWA fine but his Outlook is set up to use https and cannot access.

I remoted into server and used IE on server to goto
http://<name>/exchange and it went straight to log on GUI but was pushed into https
I then add my test account username and password and I get this
https://server01/exchweb/bin/auth/owaauth.dll (see attached)
bin error dll
Went https://<name>/exchange and it went straight to log on GUI
I then add my test account username and password and I get a wait for a dll (see attached)
 waiting for dll
P
0
 

Author Comment

by:philswift_tecorum
ID: 35475348
I just tried to access OWA/Exchange from outside and it is fine. All works OK.
Let's get back to main issue. Where's the pub?
0
 
LVL 8

Expert Comment

by:npinfotech
ID: 35475373
The pub in my town is 3 blocks from my house.
0
 
LVL 8

Expert Comment

by:tonyperth
ID: 35475383
LOL, I hate it when issues just clear themselves up with no explanation.
0
 

Author Comment

by:philswift_tecorum
ID: 35475564
I still have an issue

Client Outlook off the network
Configured to use Exchange and using https (same link as above) as Outllook Anywhere
Emails can come in from the Exchange server but emails going out just sit in the out box.

However, emails sent via the OWA come and go just fine. Well weird! Maybe intermittent issue
The client Outlook toggles between Connected and disconnected
When i goto send a test email from client Outlook it says sending and goes to 95 % then stops there.

I will start another question as this has shifted a bit.

Thanks to all

P
0
 

Author Closing Comment

by:philswift_tecorum
ID: 35475700
Partial solution
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
This article explains how to move an Exchange 2013/2016 mailbox database and logs to a different drive.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month9 days, 13 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question