External SSL problems on SBS 2008 (RWW, OWA etc)

I am having a problem with a customers SBS 2008 server.
Suddenly Thursday the SSL on external websites stopped working (seems to be timing out getting certificate).
They where using an self authorised certificate but as part of trying to fix I have installed a valid 3 party certificate.
SSL accress to Companyweb on port 987 is working ok, and ssl access to OWA etc is working fine internally

Spent hours on this so far and tried a lot of things. Anyone got some ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David AtkinTechnical DirectorCommented:

How did you install the certificate?  Did you use the Add a Trusted Certificate wizard in the SBS Console?

Try running the Fix My Network Wizard in the SBS Console.  This will detect certificate errors and will re-apply the certificate to IIS etc - This should work if you have used the previously mentioned Add a Trusted Certificate wizard.
dolphinitukAuthor Commented:

Yes certificate was installed by the Add trusted certificate wizard.

I have run the fix my network wizard a few times and also the SBS BPA.

Also tried going back to the self issued, then reinstall the trusted (tested with both and same problem)

Its a Comodo certificate by the way

Have checked the right certificate is being used in bindings in IIS
dolphinitukAuthor Commented:
May have found something strange.
Stopped the World Wide Web Publishing service and checked port 443 at canyouseeme.org and it says that is can still see port open. That shouldn't happen should it

edit - just blocked port 443 on the server firewall and still got a response. I now think something has changed on the router (a Draytek that I don't manage unfortunately)
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

David AtkinTechnical DirectorCommented:
If its a Draytek then check the SSL VPN options.  The default port is 443 for the SSL VPN - Its irritated me many times...
dolphinitukAuthor Commented:
Thanks. Just waiting to hear back from the person who controls the router.
He said nothing had been changed yesterday but think Ive proved him wrong (even got a response on port 443 when the server was rebooting
David AtkinTechnical DirectorCommented:
Ok, in the mean time run a 'netstat -a -n -o' via cmd and check to see if anything else is using port 443 on the server

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dolphinitukAuthor Commented:
Got into router in the end. Somehow the internal VPN's had been enabled. Turned off and all working now. Thanks for pointers
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.