Cyb3tT3ch
asked on
SBS 2003 and SSL OWA problem
Dear all
Thanks for a great forum, this is my first article so please be gentle.
Having a few problems with SSL on a client SBS 2003 Server and was hoping to get some much needed help here.
In short, I can’t get SSL working with a self-signed certificate on a Windows 2003 SBS box.
Situation
All troubleshooting is done from the localhost only not from an external IP, I can’t even get the "https://localhost/exchange" link to work when SSL is enabled.
When SSL is not ticked under IIS, OWA is working. In other words I get a user authentication screen and can log into the web interface.
When SSL is ticked I do not get any certificate warning or the option to log in. I just get a “Internet Explorer cannot display the webpage” error, check below screen.
Here is what I done so far in trying to troubleshoot the problem:
Thanks guys
SSL-Diag.txt
Thanks for a great forum, this is my first article so please be gentle.
Having a few problems with SSL on a client SBS 2003 Server and was hoping to get some much needed help here.
In short, I can’t get SSL working with a self-signed certificate on a Windows 2003 SBS box.
Situation
All troubleshooting is done from the localhost only not from an external IP, I can’t even get the "https://localhost/exchange" link to work when SSL is enabled.
When SSL is not ticked under IIS, OWA is working. In other words I get a user authentication screen and can log into the web interface.
When SSL is ticked I do not get any certificate warning or the option to log in. I just get a “Internet Explorer cannot display the webpage” error, check below screen.
Here is what I done so far in trying to troubleshoot the problem:
Reset the default virtual directories according to this article:
http://support.microsoft.com/kb/883380
http://support.microsoft.com/kb/883380
Disabled Form based authentication
Removed old certificate’s from the server
Trying to create a new self-signed certificate based on this article
http://www.msexchange.org/tutorials/ssl_enabling_owa_2003.html.
But without success, getting “Failed to Create ‘CerficateAuthority.Reques t’ object” when running after “Submit a certificate request by using a base-64-encoded CMC”, check below screen
http://www.msexchange.org/tutorials/ssl_enabling_owa_2003.html.
But without success, getting “Failed to Create ‘CerficateAuthority.Reques
Ran MS SSL Diagnostic and getting the following errors, check attachment "SSL_Diag" for full details:
#WARNING: SSL port (SecureBindings) set but certificate not installed
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work on this website)
#WARNING: SSL port (SecureBindings) set but certificate not installed
#WARNING:CertVerifyCertifi cateChainP olicy returned error -2146762487(0x800b0109)
In “SSL_Diag” Actual domain name is replaced with the name: “company_domain”
My certificate knowledge is not strong and I am struggling a bit on what to try next, so any help is appreciated.#WARNING: SSL port (SecureBindings) set but certificate not installed
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work on this website)
#WARNING: SSL port (SecureBindings) set but certificate not installed
#WARNING:CertVerifyCertifi
In “SSL_Diag” Actual domain name is replaced with the name: “company_domain”
Thanks guys
SSL-Diag.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guys thanks for the suggestions.
Chakko
That worked... Brilliant
I now have another problem though, which I believe is due to IIS authentication, however I will create a new post for that issue.
alanhardisty
The Wizard was already run once in the past and the cert was working previously. Running the wizard again would possibly also have solved the issue.
Chakko
That worked... Brilliant
I now have another problem though, which I believe is due to IIS authentication, however I will create a new post for that issue.
alanhardisty
The Wizard was already run once in the past and the cert was working previously. Running the wizard again would possibly also have solved the issue.
Running the wizard - because you have SBS is the correct way to go about fixing SBS.
The Wizard is extremely simple to use and ties all of the elements of SBS together and sets all of the settings correctly.
SBS was designed to be maintained by someone with little knowledge and the Wizards are there to ease the pain of administering it. Not using them ends up breaking SBS most of the time.
I am glad it worked for you - but you should be using the wizards. Case in point - You now have an IIS authentication problem which the Wizard would have probably fixed for you too.
The Wizard is extremely simple to use and ties all of the elements of SBS together and sets all of the settings correctly.
SBS was designed to be maintained by someone with little knowledge and the Wizards are there to ease the pain of administering it. Not using them ends up breaking SBS most of the time.
I am glad it worked for you - but you should be using the wizards. Case in point - You now have an IIS authentication problem which the Wizard would have probably fixed for you too.
Click on Start> Server Manager> To Do List> Connect to The Internet. Complete the wizard without changing anything unless you need to create a new correctly named SSL certificate and then test OWA.