Solved

Server SBS 2011 certificate problems!

Posted on 2012-12-20
3
791 Views
Last Modified: 2013-01-02
Okay so we had a 3rd party company set up our server previously. I recently started helping doing IT here.

I like to think I'm pretty knowledgeable at a lot of things on windows...except certificates. I'm not exactly sure how to fix some of our problems.

We have a wireless radius server where the clients use to connect without having to worry with passwords using machine authentication. Problem is it stopped working today. After digging around I found out that some of the certificates expired. Problem is I have no idea how to renew them. They're just self signed ones.

How do I fix this?


ALSO

They must have set up the mail server to expire too. I ran the SBS fix it for me wizard, and it fixed it, but now it's getting me an error that the name is wrong. How do i change the certificate's name, because it's pointing at the wrong server.

PS

How do I simply decommission the mail server on our server? We are using our headquarters e-mail server now, I mean I'm getting certificate errors for a server we're not using anymore.
0
Comment
Question by:Pancake_Effect
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
marcustech earned 500 total points
ID: 38713160
I don't actually have any live SBS2011 radius deployments, unfortunately, but I'm fairly sure that the certificate used is actually the same certificate that's used for IIS/OWA. The easiest way to create a new one of these, and most likely also fix the non-matching name issue you're getting from Exchange, is to run the "set up your internet address" wizard, under the "Network" --> "Connectivity" tab in SBS Management. This will issue a new self-signed certificate for the domain name you specify and update Exchange and IIS to use the new certificate. I believe this will automatically update the cert used for Radius, but I'm not 100% sure, I'm just setting up a quick test, will report back.
Regarding removing exchange from SBS2011, it's not really possible - the SBS2011 package is pretty much all-or-nothing, but there's no real reason not to just let exchange run in the background. You could just use Windows 2008 Standard, or 2011 Essentials, but you'd lose the useful management and reporting tools. Googleing for "SBS 2011 remove exchange" (sans quotes) gives a few possible approaches, but there's nothing supported.
0
 
LVL 12

Assisted Solution

by:marcustech
marcustech earned 500 total points
ID: 38713201
Just had a quick look on one of my sbs2011's - It looks like once you've issued the new certificate you might have to update the NPS config to use it. To do this, open "Network Policy Server" from Administrative Tools. In the drop-down in the centre of this screen, select "Radius Server", then drill down to Policies --> Network Policies. Open the "Secure Wireless Connections" policy (this is the default name, it might be different on your server), and select the "Constraints" tab. Select "Microsoft Smart Card or other Certificate" in the "EAP Types" section and click "Edit". Select your new certificate, and ok all the way out. Re-start the NPS services and you should be good to go.
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 38738019
Thanks for the help!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now