Re: Problems setting up SSL on Exchange 2003 Front End server

Reinstall Certsvc.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:ueK8EJHXGHA.4212@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

No it doesn't look like there is anything under IIS Manager about CertSrv,
and I have a feeling IIS wasn't installed at the time the CA was
installed, athough I'm not 100% sure about this. Is it possible for me to
manually at the necessary details in IIS, or would it be easier to
un-install and re-install the CA? At present the CA isn't being used by
any other applications. It was installed in preperation for the Exchange
FE server.

Regards,

Curtis.

--------------------------------------
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:uRluVzlWGHA.196@xxxxxxxxxxxxxxxxxxxxxxx
Check the virtual directory in IIS Manager.... not inetpub.
Was IIS installed when you installed Cert. svc?

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:OHeekrlWGHA.3660@xxxxxxxxxxxxxxxxxxxxxxx
We're almost there! I've got as far as the "Submit a certificate
request" stage but when I try and go to http://<webserver>/CertSrv/ I'm
just getting a page can not be displayed error. I'm assuming I'm
supposed to be going to a webpage on my CA server? I've checked IIS on
the CA Server and as far as I can see there are no pages under the
"Default Web Site". Does this mean the CA hasn't been installed
properly?? If we're getting a bit far away from Exchange questions now
please let me know and I'll post in the IIS newsgroup.

Thanks again for you on-going help!

Curtis.

--
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:%23tQvdPlWGHA.3660@xxxxxxxxxxxxxxxxxxxxxxx
This should help.
http://support.microsoft.com/default.aspx?scid=kb;en-us;299875

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:ul5B2$kWGHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
If you have time, would you mind giving me instructions on how to do
this? My certificate knoweldge is fairly minimal.

Thanks,

Curtis.

--
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:O33Ks0kWGHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
What you saw was a self-signed cert issued by SSLDiag. This allowed
you to quickly isolate the problem to the certificate itself and once
that was changed by SSLDiag SSL worked.

You can delete the old certificate and revoke it from your CA. Then
submit a new cert req.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:%23ndR%23akWGHA.1352@xxxxxxxxxxxxxxxxxxxxxxx
One other question, I've noticed the certificate its picked up has
been issued by the Exchange FE server itself. It doesn't seem to
have picked one up from the actual CA in the forest root. And the
one had has issued itself is only valid for seven days.

Do you have any ideas how can get a certificate from the CA server
itself? Or move the self-generated one to the CA?

Thanks,

Curtis.

--
"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:OfQfbYkWGHA.2080@xxxxxxxxxxxxxxxxxxxxxxx
Hi Bharat,

Thanks for the quick reply. That's managed to fix my problem. It
flagged up an error about the certificate. I just right clicked the
error and selected "Create New Cert" and it sorted itself out. Not
sure exactly what was wrong but it's all ok now.

Thanks again!!

Curtis.

--
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:OgzlIIkWGHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
Run SSLDiag
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en


--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:u%23YSx0jWGHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I've had a 2-node 2003 cluster running for a while now. I'm just
in the process of setting up a FE server for this. I've installed
it and got it running, and all looks ok, but now I've come to
setting up SSL I'm running into problems.

I have installed a an Enterprise Root CA on a server in the
forest root. The Exchange servers are all running in the
sub-domain of this. I've followed the instructions found on this
website: http://tinyurl.com/4xa74

All seems to go well up until step 14 of the section called
"Creating the Certificate Request". I get the "Certificate
Request Submission" as it says I should, and on clicking Next I
get a screen informing me I've successfully completed the wizard
and the certificate is now installed on this server. However, if
I then Edit the Secure Communications I found it hadn't
automatically ticked the SSL and Require 128-bit encryption
boxes. If I tick those manually and try and access the OWA site
by going to the http:// address I do get a message saying it's
secured by SSL. But if I try and go to the https:// address I
simply get a page cannot be displayed error. Incidently, if I
remove the Require SSL option I can access OWA over http.

I've also noticed under the Directory Security tab where I set
this up, the "View Certificate" box is greyed out. Does this mean
the certificate itself hasn't been installed correctly?

Thanks in advance,

Curtis.
--
Please reply to news group only. Thank you.





















.

Relevant Pages

  • RE: Exchange Web
    ... Use Metabase Explorer from the IIS 6.0 Resource Kit Tools to reset OWA VD ... To restart the Microsoft Exchange System Attendant service, ... When you are prompted to restart the dependant Exchange Server ...
    (microsoft.public.windows.server.sbs)
  • RPC over HTTP, Microsoft solution
    ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
    (microsoft.public.exchange.setup)
  • Re: how to configure rpc over http connection for a client
    ... This is a server for my client. ... When i work at my office, outlook can connect to the exchange server. ... Yep - this is where you accept & then install the certificate after you get ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS2k3 and activesync over the air
    ... Do you have ISA server in your structure? ... the Exchweb virtual directory. ... Open IIS from the Server Management ... Check the same settings on the Exchange Virtual Directory and make sure ...
    (microsoft.public.windows.server.sbs)
  • Re: Dead Exchange Server
    ... Microsoft Certified Partner ... Server, and matched up every setting on my default, then deleted the new one, ... I would suggest downloading Exchange Best Practice and SBS Best Practice ... > certificate that was generated with the install, but i made a new one> to ...
    (microsoft.public.exchange.connectivity)