Changed Certificate on SBS 2008, IIS now broken.

petesulli
petesulli used Ask the Experts™
on
I have generated a self signed SAN certificate on SBS 2008.

Now I cant access IIS propperly.

This is what I did:-

Now I get 403.4 and site missing completely, and the default web site unable to start.



[PS] C:\Windows\System32>New-ExchangeCertificate -GenerateRequest -SubjectName "
C=GB, o=shortdomain Ltd., CN=remote.shortdomain.co.uk" -DomainName

remote.shortdomain.co.uk, autodiscover.longdomain.co.uk, exchange-svr, exchange-svr
.shortdomain.local, remote.longdomain.co.uk -FriendlyName "Exchange Hosting
 SAN" -KeySize 1024 -Path c:\san201105171150.txt -PrivateKeyExportable:$true

Thumbprint                                Services   Subject
----------                                --------   -------
*************************************A0B  .....      C=GB, O=shortdomain ...


[PS] C:\Windows\System32>certreq -submit -attrib "CertificateTemplate:WebServer"
 c:\san201105171150.csr
RequestId: 7
Certificate retrieved(Issued) Issued

[PS] C:\Windows\System32>Import-ExchangeCertificate -Path c:\san201105171150.p7b


Thumbprint                                Services   Subject
----------                                --------   -------
*************************************BFE  .....      CN=remote.shortdomain.co.u...


[PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint

*************************************BFE -Services IIS, POP, IMAP ,SMTP

Confirm
Overwrite existing default SMTP certificate,
'*************************************4AD' (expires 5/9/2013 11:30:55 AM), with
 certificate '*************************************BFE' (expires 5/16/2013
10:56:17 AM)?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):
[PS] C:\Windows\System32>


Any ideas what this may have messed up in IIS?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
Well for starters, you didn't use the wizards. At this point, I'd do the following.

1) delete the new certificate from all stores.
2) run the CTIW, then the IAMW, then the FMNW.
3) download and run the SBS BPA to clean up the leftover issues. That should get you back to a supported and stable state.

-Cliff

Author

Commented:
I'll give the points, as is the only response.  In the end I sorted it myself.  I am not a fan of SBS.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial