RE: SSL for Exchange stops WSUS
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 13 Jul 2006 04:07:56 GMT
Hi Purtech,
Thanks for your update. I am glad to know that things are getting fine now.
I appreciate your time and effort to try my suggestions and get this
resolved.
To answer the certificate concern, could you let me know the following
information?
1. Have you installed the ISA Server 2000 or 2004 on the SBS server box?
2. Do you use a commercial certificate that was bought from third party
trusted authority?
Scenario 1:
===================
If you do not want to use a commercial certificate on your web site, the
process as follows:
When we run the CEICW wizard and choose create a new web server certificate
in web server certificate page, the wizard will help us automatically
create certificate (one certificate if the ISA is not installed; two
certificates if the ISA is installed). The internal one is called
publishing.domain.local which is imported into the IIS website. The other
certificate which is named by the FQDN is imported into the ISA's web
listener. Once we complete the CEICW Wizard, these two certificates will be
automatically configured and the OWA/RWW will be published by the ISA
Server.
In this way, after the build-in certificates are created properly, you can
directly import the certificate from the IIS manager using web server
certificate wizard if the certificate on the default web site is corrupt.
***There is no difference whether you do this using the CEICW wizard or the
web server certificate wizard on the IIS manager console.
However if you have ISA server installed, the process will be more complex.
You not only need import the internal certificate to the IIS manager
console, but also we need import the other certificate named FQDN into the
web listener of the ISA server.
Scenario 2:
===================
If you want to use a commercial certificate instead of the built-in
certificate created by the wizard, we should do as follows:
For OWA/RWW publishing, we DON'T need to import the third party certificate
into the IIS, we only need to import it into the ISA's Web Listener.
Please let me explain how the certificate works in the web publishing
scenario:
The certificate which is imported into the IIS website is responsible for
encrypting the traffic between the IIS and the ISA Server. The certificate
which is imported into the ISA's Web Listener is responsible for encrypting
the traffic between the ISA Server and the remote client who wants to
access the OWA/RWW.
As you know, when we run the CEICW Wizard, you will be prompted to enter
the name of the certificate or import an existing commercial third-party
certificate. This certificate will be imported to the ISA's Web Listener
and the other certificate called "publishing.domain.local" will always be
generated by the CEICW Wizard and imported into the IIS website.
Therefore, if you purchase a commercial certificate and want to use it for
OWA and RWW, we only need to Rerun the CEICW Wizard and the wizard will
automatically import the certificate into the ISA's Web Listener and the
built-in certificate "publishing.domain.local" will still be used on the
IIS website.
Scenario 3:
===================
If the ISA server is not installed and you have a commercial certificate,
***there is no difference whether you import the certificate using the
CEICW wizard or the web server certificate wizard on the IIS manager
console.
Scenario 4:
===================
If the ISA server is not installed and there is no a commercial
certificate, you must first run CEICW wizard to create a build-in
certificate. ***After that, there is no difference whether you import the
created certificate using the CEICW wizard or the web server certificate
wizard on the IIS manager console.
In a word, if you have any certificate related issue, the better way is to
re-run CEICW wizard to re-create or re-import certificate and the wizard
will help us configure them properly.
Hope above information helps. Please let me know if you have further
question on the issue. I am glad to be assistance to you.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
The partner mail content:
====================
Jenny:
Correct. I had not run it. I ran it and now I can uncheck it.
Your suggestion about creating the Certificate via the wizard did solve the
issue. Doing it in IIS created the problem.
Why the difference? Why does creating a cert in the default web site break
WSUS?
====================
--------------------
X-Tomcat-ID: 169809805<Vq9PlNpnGHA.5892@xxxxxxxxxxxxxxxxxxxxx>
References: <1151700082.616943.249220@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0wizard
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
Organization: Microsoft
Date: Wed, 05 Jul 2006 10:57:33 GMT
Subject: RE: SSL for Exchange stops WSUS
X-Tomcat-NG: microsoft.public.windows.server.sbs
Message-ID: <oYLfVHCoGHA.4632@xxxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
Lines: 220
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:279207
NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
Hi Purtech,
Thanks for your update.
The option "do not change" grayed out indicates that the wizard can not
detect your current network configuration settings or you never run CEICW
to configure network.
You should follow the wizard to re-configure network connection. The
can easily configure the network properties for both an internal and anmore
external network interface (if two network cards are used) as well as
configuring ISA Server 2000 as a gateway server, firewall, and web caching
server, and configuring Exchange for all e-mail. It also configures many
of the local server services such as DNS, DHCP, WINS and RRAS.
It is recommended that you take a look at the following article to get
information to configure SBS network.the
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
I appreciate your time. Please let me know if you have further question on
the issue.
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
"Notify me of replies" box to receive e-mail notifications when there aredoing
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
so, it will ensure your issues are resolved in a timely manner.things
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
The customer mail content:
========================
Jenny:
Thanks! First question:
When I run CECIW "do not change" is grayed out. I really don't want to
change anything. I have load balanced NIC's in the machine.
Is there a way around this or should I simply run it expecting to put
back where they were.that
========================
--------------------
X-Tomcat-ID: 174577547
References: <1151700082.616943.249220@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
Organization: Microsoft
Date: Mon, 03 Jul 2006 11:25:28 GMT
Subject: RE: SSL for Exchange stops WSUS
X-Tomcat-NG: microsoft.public.windows.server.sbs
Message-ID: <Vq9PlNpnGHA.5892@xxxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
Lines: 148
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:278836
NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
Hi Purtech,
Thanks for posting here.
I am sorry for the delayed response due to weekend. Please understand
certificatethe newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
From your description, I understand the issue is that you enabled SSL onthe default web site, however the WSUS stopped working. If I am off base,
please don't hesitate to let me know.
How you added a certificate to the default web site? What type
suggestyou used to import to the default web site? Is it third party certificate(Server
or self-issued certificate?
In SBS 2003 environment, it is recommended that we run CEICW wizard
Management console -> Configuration E-mail and internet connection ->affect
Connect to the Internet) to configure certificate settings. The steps:
A. Click Start, click Server Management.
B. Click To Do List and then click "Connect to the Internet".
C. Click Next, select "Do not change connection type" and click Next.
D. Select "Do not change firewall configuration" and click Next.
E. In Web server certificate page, please choose the option "Use a web
server certificate from a trusted authority" if you need import a third
party certificate. Or you can choose the option "Create a new web server
certificate".
F. Then please follow the guide to finish the wizard.
The certificate only is applied to the default web site. It does not
the WSUS site. How you installed the WSUS on the SBS server box? I
thethat you refer to the following article to check if you have installed
UpdateWSUS on the SBS server box properly:
Step-by-Step Guide to Getting Started with Microsoft Windows Server
2Services on Windows Small Business Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=28c43d57-2e15-47b
-S
9a6f-1514aa3ed05f&displaylang=en
WSUS on SBS
http://wsus.editme.com/WSUSonSBS
More information:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/WSU
/s
WSUSReleaseNotesTC/4244109a-395a-4ff8-9989-ea55ab0964a3.mspx
Additionally there is WSUS newsgroup that focuses on WSUS issues, you can
ask the WSUS related issues here and learn from others' experience.
For your convenience, I list the following link to WSUS newsgroup:
http://www.microsoft.com/windowsserver2003/community/centers/sus/default.m
pcorresponding
x
Hope above information helps! I am happy to be of assistance to you and
look forward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
manner.newsgroups so that they can be resolved in an efficient and timely
rights.You can locate the newsgroup here:the
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
"Notify me of replies" box to receive e-mail notifications when there aredoing
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
SV1;
--------------------
From: "Purtech" <mklick@xxxxxxxxxx>20:41:27 GMT)
Newsgroups: microsoft.public.windows.server.sbs
Subject: SSL for Exchange stops WSUS
Date: 30 Jun 2006 13:41:22 -0700
Organization: http://groups.google.com
Lines: 17
Message-ID: <1151700082.616943.249220@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 69.59.86.28
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1151700087 26288 127.0.0.1 (30 Jun 2006
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Fri, 30 Jun 2006 20:41:27 +0000 (UTC)
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
0.NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1),gzip(gfe),gzip(gfe)
Complaints-To: groups-abuse@xxxxxxxxxxTK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed
Injection-Info: 75g2000cwc.googlegroups.com; posting-host=69.59.86.28;
posting-account=JUBRAg0AAADnhs4UAOKlgrcJDXNg9I3r
Path:
0a
.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dc
.
- References:
- RE: SSL for Exchange stops WSUS
- From: "Jenny wu [MSFT]"
- RE: SSL for Exchange stops WSUS
- From: "Jenny wu [MSFT]"
- RE: SSL for Exchange stops WSUS
- Prev by Date: RE: SBS 2003 Fax routing to email
- Next by Date: Re: Wireless Backup
- Previous by thread: RE: SSL for Exchange stops WSUS
- Next by thread: Re: mdbperf.dll library is not aligned on an 8-byte boundary
- Index(es):
Relevant Pages
|
