Re: Certificate error when accessing OWA or RWW from external site

Tech-Archive recommends: Fix windows errors by optimizing your registry

On Mar 25, 8:44 pm, "Merv Porter [SBS-MVP]"
<mwport@xxxxxxxxxxxxxxxxxxx> wrote:
OK, I found this... Are you using a Linksys WRVS4400N router? If so,

WRVS4400N Single Port Forwarding of SSL port 443 not working
(2 pages to this thread. Second page lists a ".13" firmware upgrade that
fixes the port 443 problem)
(firmware 1.00.13 released 2/23/2007)http://forums.linksys.com/linksys/board/message?board.id=Wireless_Rou...

WRVS4400N - Wireless-N Gigabit Security Router with VPN
(Firmware)http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagenam...

--
Merv Porter [SBS-MVP]
============================<jasperfann...@xxxxxxxxx> wrote in message

news:1174874794.793320.186050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



On Mar 25, 7:08 pm, "Merv Porter [SBS-MVP]"
<mwport@xxxxxxxxxxxxxxxxxxx> wrote:
Yes, that should be OK.

When you re-ran CEICW, did you enable the firewall, then select the
services
you wanted, then created the Web Server Certifcate, then complete CEICW?

Also, could you please post the results of an ipconfig /all for the
server.

In addition, it appears that you may have ISA installed. I'm going to
assume this is ISA 2000. If so, check:

Start | Programs | Microsoft ISA Server | ISA Management | Internet
Security
and Accerlation Server | (expand) Servers and Arrays | rt. click
<yourSBSservername> | Properties | Incoming Web Requests | Configure
Listeners individually by IP Address | (highlight) click on the Listener
in
the window | Edit | Use a servercertificateto autheniticate to web
cleints
| Select |

Select the one that is not "publishing.domain.local" and OK your way out
of
the opens windows.

Then go to the Services MMC, find the "Microsoft ISA Server Control"
service
and restart it.

(You may also need to do an iisreset at a command prompt).

--
Merv Porter [SBS-MVP]
============================

<jasperfann...@xxxxxxxxx> wrote in message

news:1174869400.945450.320930@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Mar 25, 3:29 pm, "Merv Porter [SBS-MVP]"
<mwport@xxxxxxxxxxxxxxxxxxx> wrote:
Hmmm...

Start | Control Panel | Administrative Tools | IIS | (expand) IIS |
<your
SBS servername> | Websites | (rt. click) Default Web Site | Properties
|
ViewCertificate

Does the "Valid From" field indicate the thecertificatehas expired?
If
so, click OK to close the ViewCertificatewindow. Then click on:

ServerCertificate| Next | Renew the currentCertificate... finish
the
wizard. Then go back to the ViewCertificateto make sure the cert
actually
renewed.

Then test from an outside client to see if the renewed cert will allow
access.

--
Merv Porter [SBS-MVP]
============================

<jasperfann...@xxxxxxxxx> wrote in message

news:1174846324.902926.292280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Mar 25, 6:55 am, "Merv Porter [SBS-MVP]"
<mwport@xxxxxxxxxxxxxxxxxxx> wrote:
Les Connor posted in another thread...

If you have the router configured to allow administration via the
external
interface (public IP), disable that and try again.

See if your router has remote administration checked. Is so, turn
it
off
and then tryOWAagain.

--
Merv Porter [SBS-MVP]
============================

<jasperfann...@xxxxxxxxx> wrote in message

news:1174805728.265200.66240@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Mar 24, 5:40 pm, "Merv Porter [SBS-MVP]"
<mwport@xxxxxxxxxxxxxxxxxxx> wrote:
Yourcertificatesays that it was issued by "ccvv" and issued to
"ccvv"
and
is valid from 12/2/2005 to 12/2/2006. So, it's expired. Was
there
a
cert
associated with the router?

--
Merv Porter [SBS-MVP]
============================

<jasperfann...@xxxxxxxxx> wrote in message

news:1174774647.143170.50720@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I recently changed the configuration of our network, simply
swapped
one router for another b/w the cable modem and sbs box.
Config:

Modem
Router
SBS external nic
SBS internal nic
internal network

I reran ceicw after swapping routers as I changed some
settings
on
the
external router related to the isp.

Anyway, can connect toOWAon internal network, but not from the
outside. I can telnet port 443 and connect through the
router.
However I get the followingcertificateerrorwhen I try to
accessowa
from the outside world:

The securitycertificatepresented by this website was not
issued
by a
trustedcertificateauthority.
The securitycertificatepresented by this website has expired
or
is
not yet valid.
The securitycertificatepresented by this website was issued
for a
different website's address.

I've rerun CEICW several times. It appears thecertificateis
not
being published??? public FQDN is urnrd.org, thus trying to
connect
to
https://urnrd.org/exchange

Thanks in advance- Hide quoted text -

- Show quoted text -

I've seen the same cert. I don't think it's anything associated
with
the router. But, then again I have no idea as to what's going on
with
the certificates.

JF- Hide quoted text -

- Show quoted text -

I tried disabling remote management on the router and that did not
solve the problem. The certificates on all of the virtual servers
and
the website on the sbs box are for urnrd.org, but am still getting
the
certificateerrors as thecertificateseen from the outside is expired
and for ccw as mentioned above.

Thanks, anything else you can think of?- Hide quoted text -

- Show quoted text -

Checked thecertificatein IIS. It is valid, but is issued to and by
publishing.urnrd.local rather than urnrd.org the FQDN that I use to
accessowa. Is this right?- Hide quoted text -

- Show quoted text -

Yes I ran ceicw, enabled firewall and selected services, created new
cert for urnrd.org, and finished ceicw with no errors.

Here is the ipconfig /all report

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\jfanning>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : urnrdserver
Primary Dns Suffix . . . . . . . : URNRD.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : URNRD.local

Ethernet adapter WAN:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 S Server
Adapter
Physical Address. . . . . . . . . : 00-0E-0C-C0-EF-1A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-14-22-75-41-46
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.2

C:\Documents and Settings\jfanning>

urnrd.orgcertificatewas cert selected for authentication in isa. I
restarted ISA services and did iisreset.

Unfortunately still noowaorrwwfrom outside of network. ???- Hide quoted text -

- Show quoted text -

Yep its a WRVS4400N and the firmware upgrade fixed the problem. Never
should have given up on the router as the problem, since that was the
only real change I'd made. telnet 443 wasn't enough to rule it out I
guess.

Many thanks!!

.

Relevant Pages

  • Re: Cost of setting up a network
    ... A router capable of acting as a VPN endpoint for more than one user simultaneously with four Ethernet ports or a switch to suit. ... The rationale for using a server here is basically that the router doesn't need to be able to decide which PC to route the connection to. ... If you are using a router which supports it, you can set up a port-forwarding inbound rule which also _translates_ the port supplied to the receiving port. ... You can use several of these connections to different machines simultaneously. ...
    (uk.comp.homebuilt)
  • Re: Still cant connect to RWW or OWA remotely
    ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... No Phantom NICs as far as I can see. ... that it can not find the server. ... Configure your Router as an Eithernet Bridge. ... Once you have this then configure the Routers Firewall and Port ...
    (microsoft.public.windows.server.sbs)
  • Re: changed IP address: cant receive email & need to make domain name match IP address
    ... Port Forwarding for 2Wire 1701HG ... SBS CDs, but it's always a good idea to keep them handy. ... As you are set up now, your SBS server is "bare to the Internet" (not ... need to buy at least another inexpensive router to put between the SBS ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant connect to Mailserver
    ... domain's zone files on the dyndns server, ... I'm presuming it's a simple port forward from WAN to LAN on ... When I telnet to port 25 I should get a response from your ... Are the correct ports open in the router? ...
    (microsoft.public.windows.server.sbs)