Solved

OWA is now not working

Posted on 2011-09-09
56
645 Views
Last Modified: 2012-05-12
I had to acquire a new certificate for exchange because the other one had expired...once I did this, we could no longer access our mail through OWA...any ideas on how to fix this...when I do go to our mail site, it redirects me to the IIS7 page...after it displays "the resource can not be found"  thanks in advance...
0
Comment
Question by:Daniel Fishkin
  • 29
  • 27
56 Comments
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514513
Go to this site and scroll down until you get to the IIS Manager Section and follow from there.
0
 

Author Comment

by:Daniel Fishkin
ID: 36514741
Which site should I go to?  thanks
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514748
0
 

Author Comment

by:Daniel Fishkin
ID: 36514795
Thanks...do I then need to go on to the create an ssl binding?
0
 

Author Comment

by:Daniel Fishkin
ID: 36514817
I think this is where I am having an issue... issue with certificate
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514820
Click on Default Web Site> on the right-side you will see Edit Site bindings as in the photo below.
 

Click on bindings and highlight https        443 and click Edit

Under SSL Certificate choose your new certificate and press okay.

Restart IIS service
0
 

Author Comment

by:Daniel Fishkin
ID: 36514884
Here is what I have under connections...I tried to create a new one, but it did not work...am I missing something here...
I did a new certificate at 2:50 today, and it is the Micrososft exchange certificate... Server Cert  Server Cert
0
 

Author Comment

by:Daniel Fishkin
ID: 36514886
here is a better screen shot of the server certificates server cert
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514902
Okay get out of that.

Open up Exchange Management Shell and input this, then post result here.

Get-ExchangeCertificate
0
 

Author Comment

by:Daniel Fishkin
ID: 36514912
Thanks so much for all your help....here is the screen shot... Exchange cert
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514919
Sorry thinking to fast... rerun but with

Get-ExchangeCertificate | List

The symbol is a PIPE below the backspace (hold SHIFT)
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514923
Also which was the old Exchange CERT?
0
 

Author Comment

by:Daniel Fishkin
ID: 36514939
Here it is...the screenshot of the old exchange cert is the first image...
 oldexchange list pt list pt2
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514963
Enable-ExchangeCertificate -Thumbprint D84003E50FA2FED378F44DAC572B22D8879FB8BB -Service IIS

(That was hard to read, but verify that Thumbprint is correct and paste and run)

Then run

Remove-ExchangeCertificate -Thumbprint CC95DE5A9C369........... (Fill in the old cert thumbprint)
0
 

Author Comment

by:Daniel Fishkin
ID: 36514985
OK...I did that...but still no access to the OWA...
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36514986
Did you restart you IIS service?
0
 

Author Comment

by:Daniel Fishkin
ID: 36514996
yes, however it still shows that it is not trusted still not trusted
0
 

Author Comment

by:Daniel Fishkin
ID: 36515001
if it helps, here is the owa address

https://mail.lhwcpas.com/owa

0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515004
What method did you use to renew your certificate? I noticed that your Certs are not similar from old cert to new cert.

Also when you use a self-signed certificate, it will show up as not trusted place it in the Trusted Root Certification Authorities store.

0
 

Author Comment

by:Daniel Fishkin
ID: 36515009
I just copied the LHW-DC-01 certificate into the trusted root cert folder, and it now shows it as trusted..but still no access.... cert ok 1 cert ok 2
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515017
Lets start over and create a new Exchange Certificate. Use this command in Exchange Management Shell:

New-ExchangeCertificate

Enter: y

The certificate needs to have in the same attributes that the old cert had.
0
 

Author Comment

by:Daniel Fishkin
ID: 36515026
ok...did that... new exchange cert
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515106
Run this.... it will duplicate the configuration of the original Cert.

New-ExchangeCertificate -FriendlyName "Exchange Self-Signed Certificate" -SubjectName "cn=Sites" -DomainName Sites,LHW-DC-01.lhwcpas.local -PrivateKeyExportable:$True | Enable-ExchangeCertificate -Services POP,IMAP,IIS,SMTP
0
 

Author Comment

by:Daniel Fishkin
ID: 36515135
OK, did that, however it still says that it is not trusted...giving me the to enable please install in the trusted root cert folder
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515137
Enable-ExchangeCertificate -Thumbprint ############ -Service IIS

(Insert the Thumbprint of the new CERT)

Then run

Remove-ExchangeCertificate -Thumbprint D84003E50FA2FED378F44DAC572B22D8879FB8BB (Fill in the thumbprint for both obsolete Certs now)
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515143
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515145
Also, please post the new Get-ExchangeCertificate | List


Thank you
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515154
Also post Get-WebServicesVirtualDirectory | fl server,*url
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Daniel Fishkin
ID: 36515167
Here is the new list...which one is the thumbprint I want to use....
Thumbprint         : 518A6C90F50821AC9B356FF673B0C8DDDDCEA762
or
Thumbprint         : 2C2C1E0F60350B21A085F6170BE52E9F163AF61D

         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #27:

Do you want to work with data that is contained in a CSV file? Use Import-CSV to
 assign the data to an object. For example, type:

 $MyCSV = Import-CSV TestFile.CSV

You can then manipulate the data easily in the Exchange Management Shell. For ex
ample, if there is a column called Mailboxes in the CSV data, you can use the fo
llowing commands to sort or group the data by the Mailboxes column:

To sort: $MyCSV | Sort Mailboxes
To group: $MyCSV | Group Mailboxes

[PS] C:\Windows\System32>Get-ExchangeCertificate | List


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, LHW-DC-01.lhwcpas.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Sites
NotAfter           : 9/9/2012 11:02:38 PM
NotBefore          : 9/9/2011 11:02:38 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 2327C03099E8B28A45336AC09B846825
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : 518A6C90F50821AC9B356FF673B0C8DDDDCEA762

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {LHW-DC-01, LHW-DC-01.lhwcpas.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=LHW-DC-01
NotAfter           : 9/9/2012 10:14:17 PM
NotBefore          : 9/9/2011 10:14:17 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : E95707F800D4BE844056919B26B7DC6B
Services           : SMTP
Status             : Valid
Subject            : CN=LHW-DC-01
Thumbprint         : 2C2C1E0F60350B21A085F6170BE52E9F163AF61D

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {LHW-DC-01.lhwcpas.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=lhwcpas-LHW-DC-01-CA
NotAfter           : 9/8/2012 9:39:05 PM
NotBefore          : 9/9/2011 9:39:05 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 61030B84000000000010
Services           : None
Status             : Valid
Subject            : CN=LHW-DC-01.lhwcpas.local
Thumbprint         : 45075DB49638690EADABEC53EFF8E4B91C780861

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {lhwcpas-LHW-DC-01-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=lhwcpas-LHW-DC-01-CA
NotAfter           : 8/31/2014 11:25:06 AM
NotBefore          : 8/31/2009 11:15:06 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 659542A92E4D26AD40502F682EA2E98B
Services           : None
Status             : Valid
Subject            : CN=lhwcpas-LHW-DC-01-CA
Thumbprint         : B6A2F05759F25BCB25B1CD2979150C4428A7405B

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-W6USPDUS3FZ}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-W6USPDUS3FZ
NotAfter           : 8/23/2019 6:36:39 PM
NotBefore          : 8/25/2009 6:36:39 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : C804AD7DFF6A248D487EF2E10F890FD8
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-W6USPDUS3FZ
Thumbprint         : 480E6FFEA4F73DC13D5B12CE0B07892CCDD41FA2



[PS] C:\Windows\System32>
0
 

Author Comment

by:Daniel Fishkin
ID: 36515183
here is the screenshot of the webserivces diorectory webservices
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515190
These are good to use:

Enable-ExchangeCertificate -Thumbprint 518A6C90F50821AC9B356FF673B0C8DDDDCEA762 -Service IIS



Remove-ExchangeCertificate -Thumbprint 2C2C1E0F60350B21A085F6170BE52E9F163AF61D

0
 

Author Comment

by:Daniel Fishkin
ID: 36515224
Here is the latest getExchangeCert List

Remove-ExchangeCertificate -Thumbprint 2C2C1E0F60350B21A085F6170BE52E9F163AF61D


Get-ExchangeCertificate | List


         Welcome to the Exchange Management Shell!

 Full list of cmdlets:          get-command
 Only Exchange cmdlets:         get-excommand
 Cmdlets for a specific role:   get-help -role *UM* or *Mailbox*
 Get general help:              help
 Get help for a cmdlet:         help <cmdlet-name> or <cmdlet-name> -?
 Show quick reference guide:    quickref
 Exchange team blog:            get-exblog
 Show full output for a cmd:    <cmd> | format-list

Tip of the day #21:

Sometimes it's useful to convert the output of a cmdlet to a string to interoper
ate with native cmdlets. For example, type:

 Get-Command | Out-String | Findstr "command"

[PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint 518A6C90F50821AC
9B356FF673B0C8DDDDCEA762 -Service IIS
[PS] C:\Windows\System32>Remove-ExchangeCertificate -Thumbprint 2C2C1E0F60350B21
A085F6170BE52E9F163AF61D

Confirm
Are you sure you want to perform this action?
Remove certificate with thumbprint 2C2C1E0F60350B21A085F6170BE52E9F163AF61D?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y
[PS] C:\Windows\System32>Get-ExchangeCertificate | List


AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, LHW-DC-01.lhwcpas.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Sites
NotAfter           : 9/9/2012 11:02:38 PM
NotBefore          : 9/9/2011 11:02:38 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 2327C03099E8B28A45336AC09B846825
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : 518A6C90F50821AC9B356FF673B0C8DDDDCEA762

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {LHW-DC-01.lhwcpas.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=lhwcpas-LHW-DC-01-CA
NotAfter           : 9/8/2012 9:39:05 PM
NotBefore          : 9/9/2011 9:39:05 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 61030B84000000000010
Services           : None
Status             : Valid
Subject            : CN=LHW-DC-01.lhwcpas.local
Thumbprint         : 45075DB49638690EADABEC53EFF8E4B91C780861

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {lhwcpas-LHW-DC-01-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=lhwcpas-LHW-DC-01-CA
NotAfter           : 8/31/2014 11:25:06 AM
NotBefore          : 8/31/2009 11:15:06 AM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 659542A92E4D26AD40502F682EA2E98B
Services           : None
Status             : Valid
Subject            : CN=lhwcpas-LHW-DC-01-CA
Thumbprint         : B6A2F05759F25BCB25B1CD2979150C4428A7405B

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-W6USPDUS3FZ}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-W6USPDUS3FZ
NotAfter           : 8/23/2019 6:36:39 PM
NotBefore          : 8/25/2009 6:36:39 PM
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : C804AD7DFF6A248D487EF2E10F890FD8
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-W6USPDUS3FZ
Thumbprint         : 480E6FFEA4F73DC13D5B12CE0B07892CCDD41FA2



[PS] C:\Windows\System32>
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515237
Have you implemented the Trusted Certificate Group Policy?

0
 

Author Comment

by:Daniel Fishkin
ID: 36515259
Doing that now...
0
 

Author Comment

by:Daniel Fishkin
ID: 36515274
still not working....when I go to https://mail.lhwcpas.com/owa i get server error 404 and says it is not trusted...although it says trusted on the site..
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515369
We are down to IIS now. Go into IIS and drill down to owa. over on the right side see if you can browse with 443
0
 

Author Comment

by:Daniel Fishkin
ID: 36515374
How do I go into IIS...
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515387
administrative tools> internet information services manager.

Same place we were when we began.

check owa SSL settings to make sure that SSL is enabled, require 128-bit SSL is checked and ignore client certificates is checked.
0
 

Author Comment

by:Daniel Fishkin
ID: 36515389
here seems to be the issue... issue
0
 

Author Comment

by:Daniel Fishkin
ID: 36515393
evertything is set in SSL
 SSL settings
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515433
Early did you make a change to the binding 443 in the default web site? If so, go back in and change it back to the servers cert.

Okay, lets make checks from the top. Click on your server name in IIS> Server Certificates

Take a screenshot and post.

Next, click Default Web Site. On the right under Manage Website, click Restart.

Test external site mail.server.com/owa

0
 

Author Comment

by:Daniel Fishkin
ID: 36515452
In regards to the bindings, it is set on the Exchange Self-Signed Certi...by server, do you mean another certificate...
if I select another certificate, I get a warning message...

I have attached the screen shots... Server Certificates
still nothing... warnings...
0
 

Author Comment

by:Daniel Fishkin
ID: 36515456
here is an issue that I get if I click into OWA under SBS web applications...will this cause an issue... owa/home
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515488
change the 443 binding to LHW-DC-01.lhwcpas.local
0
 

Author Comment

by:Daniel Fishkin
ID: 36515497
did that...still a no go...when I go to https://localhost, it directs me to the IIs7 page...
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515520
right click Default web site > edit permissions and verify names are as follows:

SYSTEM                   FULL CONTROL
LOCAL SERVICE      FULL CONTROL
NETWORK SERVICE FULL CONTROL
Administrators         FULL CONTROL
Users                       R&E, List, Read
IIS_IUSRS                R&E, List, Read
Trusted Installer      FULL CONTROL
0
 

Author Comment

by:Daniel Fishkin
ID: 36515529
all setup like this
0
 

Author Comment

by:Daniel Fishkin
ID: 36515544
just noticed this issue...and it won't met me set it up img 1 img 2
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515763
run the Fix My Network wizard from the SBS Console
0
 

Author Comment

by:Daniel Fishkin
ID: 36515818
Here i another issue issue
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515838
Open Services.msc and Restart All exchange services that are running/Automatic and IIS services.

You need to add the external url to OWA in Exchange Console, as well.
0
 
LVL 5

Accepted Solution

by:
Feebleminder earned 500 total points
ID: 36515863
Did you run the Fix My Network utility by chance?

It is a good to find mistakes with the server/certificates/etc...
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36515866
Can you start the OWA Web Site, yet? The site is pulling the correct certificate now it just need to be enabled.
0
 

Author Comment

by:Daniel Fishkin
ID: 36517918
Still having issues...fix my network will not fix the OWA issue...here are the screens shots of the issues... issue1 issue2
0
 

Author Comment

by:Daniel Fishkin
ID: 36530599
I was able to resolve this, however, I can not now scan to email with the BizHub c451...it says login error...I believe at some point I deleted the scan to email receive connector, and don't recall the settings...
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36531230
I do not have much experience working with a bizhub. Please submit a new question To have someone with more experience assist you.

What was the final fix, please post?

Thank you,
Feebleminder
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now