Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Unable to browse to our Certificate Authority website

Posted on 2013-01-08
9
Medium Priority
?
1,168 Views
Last Modified: 2013-01-19
I am in the middle of renewing our Exchange certificate. When I browse to http://localhost/certserv, IE tells me that the website can't be displayed.
More specifically, when I browse to that site via IIS, I receive the error below.
My IIS expertice is limited so I don't want to start to change how the modules are handled etc without knowing exactly what I'm doing.

Thanks for your input!

Error Summary
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred. Detailed Error InformationModule IsapiModule
Notification ExecuteRequestHandler
Handler AboMapperCustom-17386171
Error Code 0x800700c1
Requested URL http://192.168.**.**:80/CertSrv 
Physical Path C:\Windows\system32\CertSrv\en-US
Logon Method Negotiate
Logon User *******\*****
0
Comment
Question by:mark-199
  • 6
  • 2
9 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 38753870
are you sure that Classic ASP is enabled ?!
0
 
LVL 19

Expert Comment

by:Kash
ID: 38754095
is it something like this >> http://forums.iis.net/t/1144489.aspx
0
 

Author Comment

by:mark-199
ID: 38754182
I don't think so. I don't actually get the options below in IIS7 manager; I don't see 'Advanced settings' anywhere with the Application Pool selected as described in the article.
Could that have something to do with IIS7 running on Server 2008R2?

Any other suggestions anyone?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:mark-199
ID: 38758029
I have tried mapping script points to the ISAPI .dll in Handler Mappings. There are still a few sources that don't have a specific file assigned to them such as AboMapperCustom-1738171, AboMapperCustom-17386187, OPTIONSVerbHandler, TRACEVerbHandler and StaticFile.
The simply have a * path.

Checking the default application pool, which is the one certsrv uses, 32bit application is set to false (and so are all the other pools).

Two things I have noticed when comparing IIS on a CA which has the certsrv site working with our IIS setup is that:
•there is no .ASP section in the certsrv configuration pane and
•when trying to enable HTTPS it says: 'The Site does not have a secure binding (HTTPS) and cannot accept SSL connections

Is there an easy way to repair certsrv or IIS?

In the worst case scenario, can I just setup a new CA server?

Thanks
0
 
LVL 33

Expert Comment

by:Busbar
ID: 38758046
uninstall the web enrollment role and IIS then reinstall them again, you can always install new CA server.
0
 

Author Comment

by:mark-199
ID: 38767316
New developments:
I played around a bit more with the Handler Mappings and assigned .NET Classic mode to the certsrv site.
I was then able to access the website but got the following error:
'No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occured while accessing the Active Directory'.

Any further suggestions are appreciated.
0
 

Author Comment

by:mark-199
ID: 38767356
Some more info:I can only access the site through IIS manager (not by opening a browser session outside IIS) and HTTPS access also isn't working at this stage... (page cannot be displayed).
0
 

Accepted Solution

by:
mark-199 earned 0 total points
ID: 38774227
Thank you all for your help with this. I couldn't fix the issue in the end... it boiled down to the account not having sufficient permissions. We ended up assigning the computer account full permissions and were able to renew the certificate through the local certificate store on the CA.
I might start a new post with more specific error messages.
0
 

Author Closing Comment

by:mark-199
ID: 38796042
I implemented a workaround to the issue myself.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question