RE: CEICW fails on create on create secure web site configuration

Hello Mike,

Thank you for posting here.

According to your description, I understand that you get error when you run
the CEICW, and you can not connect RWW after you change the IP address of
the router. If I have misunderstood the problem, please don't hesitate to
let me know.

Based on my research, I suggest we try the following steps to see if we can
resolve this issue:

Step 1: Reinstalled Administration tools

1. Rename the Intranet key in HKLM\Software\Microsoft\SmallBusinessServer.

2. Click Start, point to Control Panels and click Add or Remove Programs.

3. Select "Windows Small Business Server 2003" and click Change/Remove.

4. In the "Component Selection" page, change Action to Reinstall for Server
Tools.

5. Follow the instructions to finish.

6. Restart SBS and rerun CEICW.

Then, test this issue.

Step 2: Recreate the web listener

1. Open ISA 2004 console

2. Extend Firewall Policy, select Toolbox tab in right panel, click Network
Objects->Web Listeners

3. Delete SBS CompanyWeb Listener and SBS Web Listener

Note: You have to delete the rules which using these 2 web listeners first.

4. Click Apply button.

5. Go through the follow KB and Rerun CEICW again carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

Detailed steps for your reference:

a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.

b. Click the "Connect to the Internet" link.

c. When navigating to the Firewall page, select "Enable firewall" and click
Next (I suppose you have 2 network adapters in SBS 2003).

d. On the "Services Configuration" page, select all the items and then
click Next.

e. On the "Web Services Configuration" page, make sure "Allow access to the
entire Web site from the Internet" is selected. If you select "Allow access
to only the following Web site services from the Internet", make sure all
item in the list are selected. Click Next.

f. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public FQDN (your public DNS name) or IP
address that you will use to access OWA and RWW (for example, if your
public FQDN that you use to access the sites is www.xyz.com, you should
type www.xyz.com as the new certificate name).

g. Go through the remaining steps.

If we can not resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. Please send the icwlog.txt file to me at v-terliu@xxxxxxxxxxxxx

2. Can you access the OWA or RWW?

3. Please try to use another computer to access the SBS remotely, is it
fine?

4. How do you access the SBS remotely?

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: mike_engle@xxxxxxxxxxxx
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: CEICW fails on create on create secure web site configuration
| Date: Tue, 12 Jun 2007 12:39:03 -0700
| Organization: http://groups.google.com
| Lines: 60
| Message-ID: <1181677143.900806.167860@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 208.76.203.67
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1181677144 4658 127.0.0.1 (12 Jun 2007
19:39:04 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Tue, 12 Jun 2007 19:39:04 +0000 (UTC)
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 1.1.4322; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: o11g2000prd.googlegroups.com; posting-host=208.76.203.67;
| posting-account=pzQNww0AAADbareutqNT4oOZRWeJdwZG
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!news.glorb.com!postnews.google.com!o11g2000prd
googlegroups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:43425
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have an SBS2k3 install where the ISP required a change to the fixed
| IP address.
| This is a SBS Premium with ISA 2004. 2 nic's, 1 internal and the
| other connecting to a router which connects to the internet.
| I remotely logged into the server, and connected to the router and
| changed its settings on the internet side. IP address and DNS
| settings. The Inside (LAN) was not changed. The servers external NIC
| was not changed and remains static. (192.168.1.5). After I applyed
| this change, I was disconnected from the server, as was to be
| expected.
|
| I waited a couple of minutes to let the router finish up and tried to
| remote to the server again. I got the Certifcate, It indicated that
| it was self issued and that the IP did not match, again, as I
| expected, but when I continued, The page could not be displayed, error
| code 403 forbidden.
|
| I went on site the next day and ran the CEICW, adding the new DNS as
| forwarders, and creating a new certificate with the new IP address.
| The Wizard failed during the Secure Web Site Configuration. I was
| given the option to continue or cancel.
|
| The icwlog.txt has the following errors
| ***saving the cert for clients returned ERROR 80070015
| ***CCertCommit::EnableSSL returned ERROR 80070015
| ***CCertCommit::CommitEx returned ERROR 80070015
|
| Nothing else looked like an error to me.
|
| The last time I had run this wizard previously was Feb 21 3007, and it
| worked then, although I probably did not create a new certificate
| then.
|
| I have not applied Windows 2003 SP2 or IE 7 this machine, But it is up
| to date on patches as far as I know (not including the ones that came
| out today)
|
| I am not doing anything fancy with this setup, It was probably
| upgraded from SBS 2000, and ISA 2000, although I don't remember if I
| did a clean install of SBS2003 or a migration.
|
| I have run the CEICW many times, and tried using both
| servername.domain.com and servername.domain.local. all failed. The
| last time I went back to the IP address.
|
| When I attempt remote access now, the certificate does not complain
| about the IP being different, but it gives a different error when I
| attempt to go on to the web page.
|
| The New error is Error Code 500 Internal Server Error, The certificate
| chain was issued by an authority that is not trusted (-2146893019)
|
| Any Ideas as to why this is not working the way we expect it to, And
| what I can do to fix it. Internet access and email continue to work
| fine, so business can go on, But I cannot access remotely.
|
| Thanks for any help you may have.
|
| Mike
|
|

.