We help IT Professionals succeed at work.

External SSL problems on SBS 2008 (RWW, OWA etc)

dolphinituk
dolphinituk asked
on
I am having a problem with a customers SBS 2008 server.
Suddenly Thursday the SSL on external websites stopped working (seems to be timing out getting certificate).
They where using an self authorised certificate but as part of trying to fix I have installed a valid 3 party certificate.
SSL accress to Companyweb on port 987 is working ok, and ssl access to OWA etc is working fine internally

Spent hours on this so far and tried a lot of things. Anyone got some ideas?
Comment
Watch Question

David AtkinTechnical Director
Top Expert 2015
Commented:
Hello,

How did you install the certificate?  Did you use the Add a Trusted Certificate wizard in the SBS Console?

Try running the Fix My Network Wizard in the SBS Console.  This will detect certificate errors and will re-apply the certificate to IIS etc - This should work if you have used the previously mentioned Add a Trusted Certificate wizard.

Author

Commented:
Hi.

Yes certificate was installed by the Add trusted certificate wizard.

I have run the fix my network wizard a few times and also the SBS BPA.

Also tried going back to the self issued, then reinstall the trusted (tested with both and same problem)

Its a Comodo certificate by the way

Have checked the right certificate is being used in bindings in IIS

Author

Commented:
May have found something strange.
Stopped the World Wide Web Publishing service and checked port 443 at canyouseeme.org and it says that is can still see port open. That shouldn't happen should it

edit - just blocked port 443 on the server firewall and still got a response. I now think something has changed on the router (a Draytek that I don't manage unfortunately)
David AtkinTechnical Director
Top Expert 2015
Commented:
If its a Draytek then check the SSL VPN options.  The default port is 443 for the SSL VPN - Its irritated me many times...

Author

Commented:
Thanks. Just waiting to hear back from the person who controls the router.
He said nothing had been changed yesterday but think Ive proved him wrong (even got a response on port 443 when the server was rebooting
Technical Director
Top Expert 2015
Commented:
Ok, in the mean time run a 'netstat -a -n -o' via cmd and check to see if anything else is using port 443 on the server

Author

Commented:
Got into router in the end. Somehow the internal VPN's had been enabled. Turned off and all working now. Thanks for pointers