Re: SSL for SharePoint errors

I have noticed something very interesting after applying the cert to my
sharepoint site:

When on the homepage, everything is HTTPS and works fine. If I click on a
document library from the home page, I am still in HTTPS however when I try
to access a folder inside the library, it switches back to HTTP and prompts
me to log in. I log in and everything is there, however I am not completely
in HTTP. If I go to the address bar and add an S and change port to 444 and
leave everything else, I can log in and now I am back in HTTPS.

I hope that wasnt to confusing.

Thanks,
James

"Terence Liu [MSFT]" wrote:

Hello James,

Thank you for your update. I'm sorry for delay response due to the weekend.

For the error "Windows firewall cannot run because another program or
service is running¡­", it is normal. On SBS 2003 sp1 or later, we have RRAS
basic firewall or ISA server, therefore we unable to start Windows Firewall
(ICS). It is correct.

After you success run CEICW to create self-signed certificate for SBS, you
can access the websites which is assigned the new certificate thru HTTPS.
However, the certificate is new, when you access the HTTPS website from
client side you will get certificate warning. Now, you need to add the new
certificate to the Trusted Root Certification Authorities on client side:

Scenario 1:For IE 6 clients:

a. Launch the WSS 3.0 site. When you get Security Alert, click View
Certificate
b. Click Install Certificate button
c. In the Certificate Import Wizard, click Next.
d. Select Place all certificates in the following store, select Trusted
Root Certification Authorities after you click Browse button.
e. Click Next and Finish.

Scenario 2: For IE 7 clients:

a. Right mouse click Internet Explorer and Click on Run as Administrator
b. Approve IE
c. Ensure that the IE window down at the bottom says "Protected Mode off"
d. Launch the WSS 3.0 site and click through the cert error (click continue)
e. click on the bar that says "Certificate Error" on the upper right.
f. Click View Certificate
g. Click on install certificate
h. Click next
i. Specifically place the cert in the trusted Root Certification Authorities
j. click next
k. Click finish.
l. At the end of hitting finish you will get a "are you sure" window... if
you don't see this the cert install isn't working right.
m. Click yes.
n. To confirm this, close down IE and relaunch as a normal user (not as
Admin)

After you install the new certificate on the client side, you will not get
the certificate warning when you access WSS 3.0 site.

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: SSL for SharePoint errors
| thread-index: AchfrbKUeT3bW4BcQLudDycGCIto0g==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?SmFtZXM=?= <James@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <2BB1D3FE-F85D-4C7C-A572-F87ACDCF35A1@xxxxxxxxxxxxx>
<58866A98-30EA-4A87-B596-104A655C8075@xxxxxxxxxxxxx>
<e2cgiImXIHA.4272@xxxxxxxxxxxxxxxxxxxx>
<0BA49540-09D2-45B4-B166-D4C9F834E190@xxxxxxxxxxxxx>
<4FPgYwyXIHA.4208@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: SSL for SharePoint errors
| Date: Fri, 25 Jan 2008 15:55:01 -0800
| Lines: 309
| Message-ID: <41CD8B2D-5B2F-4F59-AC0F-61A7F89754DB@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:88804
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| You can disregard that last post. It appears that I have everything
working
| correctly. The only point of interest is that I recieve a certificate
error
| message when accessing the site that is now HTTPS?
|
| THanks a ton,
| James
|
| "Terence Liu [MSFT]" wrote:
|
| > Hello James,
| >
| > Thank you for posting here. Let's also thank Russ for the input.
| >
| > According to your description, I understand that you want to assign
| > certificate to your WSS 3.0 web site on SBS. If I have misunderstood
the
| > problem, please don't hesitate to let me know.
| >
| > First, in SBS we use the CEICW to create self-signed certificate and
assign
| > the certificate to web sites which on SBS. We do not recommend customer
| > manually create certificate. As we know, the CEICW is very important
for
| > SBS. However you get error when you run CEICW. Therefore, we need to
focus
| > on the CEICW error issue, and resolve it. Then, we can use the
recommend
| > steps to create and assign certificate to your WSS 3.0 site.
| >
| > Based on my research, I suggest we try the following steps to see if we
can
| > resolve this issue:
| >
| > Step 1: From the error message I know you install Visual Studio 2005 on
| > your SBS. General, we do not recommend customer install develop tools
(like
| > Visual Studio 2005) on SBS. I suggest you uninstall it from SBS and see
if
| > this issue resolved.
| >
| > Step 2: If uninstall Visual Studio 2005 unable to resolve this issue, I
| > suggest we except CEICW from DEP list:
| >
| > 1. Open Control Panel / System
| >
| > 2. Click the Advanced Tab
| >
| > 3. Under the Performance section, click the Settings button and then
click
| > the Data Execution Tab
| >
| > 4. Change the Data Execution Prevention setting to "Turn on DEP for all
| > programs and services except for those I select."
| >
| > 5. Added "icw.exe" (C:\Program Files\Microsoft Windows Small Business
| > Server\Networking\ICW\) in the list
| >
| > 6. Click OK twice and reboot the server.
| >
| > 7. After reboot the server, please test to run CEICW again.
| >
| > Step 3: After we can success run CEICW, we can run as following steps
to
| > create SBS self-signed certificate:
| >
| > Go through the follow KB and rerun CEICW carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > Detailed steps for your reference:
| >
| > a. On the SBS 2003 Server open the Server Management console. Go to
| > Standard Management\To Do List.
| >
| > b. Click the "Connect to the Internet" link.
| >
| > c. When navigating to the Firewall page, select "Enable firewall" and
click
| > Next.
| >
| > d. On the "Services Configuration" page, select all the items and then
| > click Next.
| >
| > e. On the "Web Services Configuration" page, make sure "Allow access to
the
| > entire Web site from the Internet" is selected. If you select "Allow
access
| > to only the following Web site services from the Internet", make sure
all
| > items in the list are selected. Click Next.
| >
| > f. On the "Web Server Certificate" page, choose to create a new Web
server
| > certificate and then type the public domain name (your public DNS name)
| > that you will use to access OWA and RWW and WSS 3.0 (for example, if
your
| > public domain name that you use to access the sites is www.xyz.com, you
| > should type www.xyz.com as the new certificate name).
| >
| > g. Go through the remaining steps.
| >
| > Step 4: Assign SBS self-signed certificate to WSS 3.0 site:
| >
| > a. Run inetmgr on SBS.
| >
| > b. Go to SBSname/Web Sites.
| >
| > c. Right click WSS 3.0 site and click Properties.
| >
| > d. Under "Directory Security" tab, click Server Certificate button.
| >
| > e. Click Next, select Assign an existing certificate, click Next.
| >
| > f. Select the certificate you created when run CEICW, click Next.
| >
| > g. Input the SSL port. Ensure this port is not use by other web sites,
and
| > ensure this port is forwarded from router/firewall to SBS.
| >
| > h. Finish the wizard and Click OK.
| >
| > Additional information for your reference:
| >
| > Installing Windows SharePoint Services 3.0 on a Server Running Windows
| > Small Business Server 2003
| >
http://www.microsoft.com/downloads/details.aspx?FamilyID=0daafc81-efff-4f5b-
| > a28a-8265f1e99f5b&displaylang=en
| >
| > If we cannot resolve the issue after we perform the above steps, please
| > help me collect some information for further investigation:
| >
| > 1. If you still unable to run CEICW, please gather the CEICW log and
send
| > it to me. You can find the log under: C:\Program Files\Microsoft
Windows
| > Small Business Server\Support\icwlog.txt.
| >
| > 2. Gather MPS network report on SBS:
| >
| > a. Download MPSrepot_network from
| >
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
| > 15706/MPSRPT_NETWORK.EXE
| >
| > b. Run MPSRPT_NETWORK.exe.
| >
| > c. The tool will automatically collect the information. This procedure
will
| > take 10~15 minutes.
| >
| > d. Open Windows Explorer, navigate to the folder:
| > %SystemRoot%\MPSReports\Network\Reports\Cab\
| >
| > e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx
| >
| > I hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
.

Quantcast