Link to home
Get AccessLog in
Avatar of mark-199
mark-199Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Unable to browse to our Certificate Authority website

I am in the middle of renewing our Exchange certificate. When I browse to http://localhost/certserv, IE tells me that the website can't be displayed.
More specifically, when I browse to that site via IIS, I receive the error below.
My IIS expertice is limited so I don't want to start to change how the modules are handled etc without knowing exactly what I'm doing.

Thanks for your input!

Error Summary
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred. Detailed Error InformationModule IsapiModule
Notification ExecuteRequestHandler
Handler AboMapperCustom-17386171
Error Code 0x800700c1
Requested URL http://192.168.**.**:80/CertSrv 
Physical Path C:\Windows\system32\CertSrv\en-US
Logon Method Negotiate
Logon User *******\*****
Avatar of Busbar
Busbar
Flag of Egypt image

are you sure that Classic ASP is enabled ?!
Avatar of Kash
is it something like this >> http://forums.iis.net/t/1144489.aspx
Avatar of mark-199

ASKER

I don't think so. I don't actually get the options below in IIS7 manager; I don't see 'Advanced settings' anywhere with the Application Pool selected as described in the article.
Could that have something to do with IIS7 running on Server 2008R2?

Any other suggestions anyone?
I have tried mapping script points to the ISAPI .dll in Handler Mappings. There are still a few sources that don't have a specific file assigned to them such as AboMapperCustom-1738171, AboMapperCustom-17386187, OPTIONSVerbHandler, TRACEVerbHandler and StaticFile.
The simply have a * path.

Checking the default application pool, which is the one certsrv uses, 32bit application is set to false (and so are all the other pools).

Two things I have noticed when comparing IIS on a CA which has the certsrv site working with our IIS setup is that:
•there is no .ASP section in the certsrv configuration pane and
•when trying to enable HTTPS it says: 'The Site does not have a secure binding (HTTPS) and cannot accept SSL connections

Is there an easy way to repair certsrv or IIS?

In the worst case scenario, can I just setup a new CA server?

Thanks
uninstall the web enrollment role and IIS then reinstall them again, you can always install new CA server.
New developments:
I played around a bit more with the Handler Mappings and assigned .NET Classic mode to the certsrv site.
I was then able to access the website but got the following error:
'No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occured while accessing the Active Directory'.

Any further suggestions are appreciated.
Some more info:I can only access the site through IIS manager (not by opening a browser session outside IIS) and HTTPS access also isn't working at this stage... (page cannot be displayed).
ASKER CERTIFIED SOLUTION
Avatar of mark-199
mark-199
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access
I implemented a workaround to the issue myself.