Solved

Termianl Server 2003 IE8, all websites showing certificate errors

Posted on 2014-11-04
15
42 Views
Last Modified: 2016-03-09
Hello,

I have a Terminal Server 2003 using IE8.  All https sites that I go to show certificate errors.

Found a few articles on it,   The time is set correctly.  Nothing seems to be clearing up this error.  It is also affecting other programs (Winrater).

Not too sure where to go from here.

Larry
0
Comment
Question by:laltobelli
  • 7
  • 4
  • 4
15 Comments
 
LVL 24

Expert Comment

by:VB ITS
ID: 40423258
Are you 100% sure the time and date is set correctly?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40423327
I'm not having any problems with IE8 on XP.  Have you updated the Root Certificates on that machine?

Please give a link to a site that isn't working for you along with the error that you are seeing from it.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40423329
If you are in the US, the change from Daylight Savings to Standard time was 2:00 AM Sunday.
0
 

Author Comment

by:laltobelli
ID: 40423750
Things are a bit stranger than I originally thought.

As I stated above the time, date, timezone and daylight savings time are all correct. 11/5/14, EST,etc.....

I have reset the security in IE8.

I ran Microsoft Fix it 51014 to sync the trusted root certificates.

All SSL websites show the error as well as some non-SSL websites such as www.yahoo.com

A bank website www.leominstercu.com is an example of an SSL site that shows the error.

It is not isolated to a user, all users logging into the terminal server see the error.

Other users logged into PCs on site do not see the error.

Larry
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40424866
Yahoo http://www.yahoo.com/ switches to SSL/TLS as soon as you connect to it.  I'm having no problem connecting to Yahoo with IE8.  Or with http://www.leominstercu.com/ which also will switch to 'https' when you try to connect to it.

If you can not connect to Any 'https' sites then it sounds like port 443 (which is used for 'https') may be blocked on the terminal server.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40424872
In another question today, secure connections were being blocked because Windows XP had not been upgraded to Service Pack 3.  I don't know what the service packs are for Windows 2003 but you might check that.  Also, many sites are Not connecting with SSLv3 because of a security problem last month.  Check your internet options and disable/uncheck SSL3.
0
 

Author Comment

by:laltobelli
ID: 40425165
Hi Dave,

I checked port 443 at www.whatsmyip.org and it is open.  

The server is completely up to date will all service packs (SP2), etc...

I tried it with SSL3 on and off, no difference.

One thing to note that this did happen over the weekend, which makes it look like the time change caused the issue.  But I know the time is correct and Windows update also works - which it would not if the time was off.

This is strange.

Larry
0
Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

 
LVL 24

Expert Comment

by:VB ITS
ID: 40425198
Have you tried enabling TLS 1.0 in the same area where you enabled/disabled SSL 3.0?
0
 

Author Comment

by:laltobelli
ID: 40431692
Yes I tried it with TLS 1.0 enabled and disabled.  It did not change the cert error.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40431696
Can you please post a screenshot of the certificate error?
0
 

Author Comment

by:laltobelli
ID: 40439118
Here's a doc with a screen shot of what happens when I go to www.google.com and after I click continue.
cert-error.docx
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40439124
Looks like you may need to re-sync the Trusted Root CA list on your server. You can try using the For Windows Vista, Windows Server 2008 or Windows Server 2003 Fix it link on this Microsoft KB to address the issue: http://support.microsoft.com/kb/931125
0
 

Author Comment

by:laltobelli
ID: 40445994
Hi VB ITS,

Ran the Fix it from the link above, deleted temp files, still got the same results....

Thanks,

Larry
0
 

Accepted Solution

by:
laltobelli earned 0 total points
ID: 40926745
Updated the server and rebooted it.   Seems to have addressed the issue.
0
 

Author Closing Comment

by:laltobelli
ID: 41498615
No one else suggested updating the server and rebooting.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now