Server SBS 2011 certificate problems!
Okay so we had a 3rd party company set up our server previously. I recently started helping doing IT here.
I like to think I'm pretty knowledgeable at a lot of things on windows...except certificates. I'm not exactly sure how to fix some of our problems.
We have a wireless radius server where the clients use to connect without having to worry with passwords using machine authentication. Problem is it stopped working today. After digging around I found out that some of the certificates expired. Problem is I have no idea how to renew them. They're just self signed ones.
How do I fix this?
ALSO
They must have set up the mail server to expire too. I ran the SBS fix it for me wizard, and it fixed it, but now it's getting me an error that the name is wrong. How do i change the certificate's name, because it's pointing at the wrong server.
PS
How do I simply decommission the mail server on our server? We are using our headquarters e-mail server now, I mean I'm getting certificate errors for a server we're not using anymore.
I like to think I'm pretty knowledgeable at a lot of things on windows...except certificates. I'm not exactly sure how to fix some of our problems.
We have a wireless radius server where the clients use to connect without having to worry with passwords using machine authentication. Problem is it stopped working today. After digging around I found out that some of the certificates expired. Problem is I have no idea how to renew them. They're just self signed ones.
How do I fix this?
ALSO
They must have set up the mail server to expire too. I ran the SBS fix it for me wizard, and it fixed it, but now it's getting me an error that the name is wrong. How do i change the certificate's name, because it's pointing at the wrong server.
PS
How do I simply decommission the mail server on our server? We are using our headquarters e-mail server now, I mean I'm getting certificate errors for a server we're not using anymore.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I don't actually have any live SBS2011 radius deployments, unfortunately, but I'm fairly sure that the certificate used is actually the same certificate that's used for IIS/OWA. The easiest way to create a new one of these, and most likely also fix the non-matching name issue you're getting from Exchange, is to run the "set up your internet address" wizard, under the "Network" --> "Connectivity" tab in SBS Management. This will issue a new self-signed certificate for the domain name you specify and update Exchange and IIS to use the new certificate. I believe this will automatically update the cert used for Radius, but I'm not 100% sure, I'm just setting up a quick test, will report back.
Regarding removing exchange from SBS2011, it's not really possible - the SBS2011 package is pretty much all-or-nothing, but there's no real reason not to just let exchange run in the background. You could just use Windows 2008 Standard, or 2011 Essentials, but you'd lose the useful management and reporting tools. Googleing for "SBS 2011 remove exchange" (sans quotes) gives a few possible approaches, but there's nothing supported.
Regarding removing exchange from SBS2011, it's not really possible - the SBS2011 package is pretty much all-or-nothing, but there's no real reason not to just let exchange run in the background. You could just use Windows 2008 Standard, or 2011 Essentials, but you'd lose the useful management and reporting tools. Googleing for "SBS 2011 remove exchange" (sans quotes) gives a few possible approaches, but there's nothing supported.
Just had a quick look on one of my sbs2011's - It looks like once you've issued the new certificate you might have to update the NPS config to use it. To do this, open "Network Policy Server" from Administrative Tools. In the drop-down in the centre of this screen, select "Radius Server", then drill down to Policies --> Network Policies. Open the "Secure Wireless Connections" policy (this is the default name, it might be different on your server), and select the "Constraints" tab. Select "Microsoft Smart Card or other Certificate" in the "EAP Types" section and click "Edit". Select your new certificate, and ok all the way out. Re-start the NPS services and you should be good to go.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial