Solved

Server SBS 2011 certificate problems!

Posted on 2012-12-20
3
799 Views
Last Modified: 2013-01-02
Okay so we had a 3rd party company set up our server previously. I recently started helping doing IT here.

I like to think I'm pretty knowledgeable at a lot of things on windows...except certificates. I'm not exactly sure how to fix some of our problems.

We have a wireless radius server where the clients use to connect without having to worry with passwords using machine authentication. Problem is it stopped working today. After digging around I found out that some of the certificates expired. Problem is I have no idea how to renew them. They're just self signed ones.

How do I fix this?


ALSO

They must have set up the mail server to expire too. I ran the SBS fix it for me wizard, and it fixed it, but now it's getting me an error that the name is wrong. How do i change the certificate's name, because it's pointing at the wrong server.

PS

How do I simply decommission the mail server on our server? We are using our headquarters e-mail server now, I mean I'm getting certificate errors for a server we're not using anymore.
0
Comment
Question by:Pancake_Effect
  • 2
3 Comments
 
LVL 12

Accepted Solution

by:
marcustech earned 500 total points
ID: 38713160
I don't actually have any live SBS2011 radius deployments, unfortunately, but I'm fairly sure that the certificate used is actually the same certificate that's used for IIS/OWA. The easiest way to create a new one of these, and most likely also fix the non-matching name issue you're getting from Exchange, is to run the "set up your internet address" wizard, under the "Network" --> "Connectivity" tab in SBS Management. This will issue a new self-signed certificate for the domain name you specify and update Exchange and IIS to use the new certificate. I believe this will automatically update the cert used for Radius, but I'm not 100% sure, I'm just setting up a quick test, will report back.
Regarding removing exchange from SBS2011, it's not really possible - the SBS2011 package is pretty much all-or-nothing, but there's no real reason not to just let exchange run in the background. You could just use Windows 2008 Standard, or 2011 Essentials, but you'd lose the useful management and reporting tools. Googleing for "SBS 2011 remove exchange" (sans quotes) gives a few possible approaches, but there's nothing supported.
0
 
LVL 12

Assisted Solution

by:marcustech
marcustech earned 500 total points
ID: 38713201
Just had a quick look on one of my sbs2011's - It looks like once you've issued the new certificate you might have to update the NPS config to use it. To do this, open "Network Policy Server" from Administrative Tools. In the drop-down in the centre of this screen, select "Radius Server", then drill down to Policies --> Network Policies. Open the "Secure Wireless Connections" policy (this is the default name, it might be different on your server), and select the "Constraints" tab. Select "Microsoft Smart Card or other Certificate" in the "EAP Types" section and click "Edit". Select your new certificate, and ok all the way out. Re-start the NPS services and you should be good to go.
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 38738019
Thanks for the help!
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HSRP not working on N7K-c7018 3 44
forward schedule of change 1 24
cant gain access to the internet 4 46
FInd Local Administrators 6 25
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now