Re: Certifcate reset error - Need for mobile device connect

Steve,

In SBS the default site wizard does not permit requesting a certificate if one is installed. That is why I am thinking of revoking the current (not applied) GoDaddy certificate and removing the certificate from default and requesting a new one. The turnaround from GoDaddy is very fast.

Will this work.

Plus, How do I export the GoDaddy certificate to use on the mobile Motorola Q9c phone?

Thx

--

*****************
John Lenz
JohnLenz@xxxxxxxxxxx

"Steven Banks [SBS MVP]" <steve@xxxxxxxxxxxxxxxxxxxxxx> wrote in message news:ubMRS2cnJHA.864@xxxxxxxxxxxxxxxxxxxxxxx
Hi John,

I didn't see this thread earlier, so only going off of what is below in this reply. Have you installed the GoDaddy cert on the SBS box yet (intermediary and the actual certificate) yet? When you ordered it, did you create the request from your default Website?

To kill off the other certificates, I would go into the certificate mmc and remove them. I'll keep an eye on this thread if you need further help with this.

If you haven't ordered the GoDaddy cert yet, then clear out the other certs first (since they are not working anyways from the sounds of things), and then create the request from the default site. When you come back to install, follow the GoDaddy directions to add the intermediary cert, and then stop with their documentation and head over to the CEICW. There is an option to use a new certificate. It will ask you if it has been ordered and you can then choose the cert file. You'll have to change the file type in the browser to all file types to use the GoDaddy file type, but it will work.

Steve


Steven Banks [SBS MVP]
Banks Consulting Northwest Inc.
http://www.banksnw.com
Puget Sound Small Business Server User Group
http://www.pssbs.org
http://msmvps.com/blogs/steveb


"John L" <JohnLenz@xxxxxxxxxxx> wrote in message news:4E6E9FFF-1F5A-4377-9C59-AD8B14462847@xxxxxxxxxxxxxxxx
Miles,

Thanks for all your assistance. I sometimes forget that "when hip deep in alligators, I forgot the objective was to drain the swamp".

What I am trying to accopmlish is to have my SBS exchange server synch wireless with a Motorola Q phone (mobile 6.1). It failed because of the phone said certificate errror with a self-generated SBS certificate.

If I can get the GoDaddy certificate to take on the SBS, How do I export it to the mobile "Q" for client side verification?

I am on Verizon and someone must be able to do the wireless synch!

Thoughts and prayers appreciated.

John

BTW,

SInce I rebuilt the www.longsoho.com certificate so many times with CEICW, How do I know which is which? They all have the same name in the certificate store.

--

*****************
John Lenz
JohnLenz@xxxxxxxxxxx

"Miles Li [MSFT]" <v-mileli@xxxxxxxxxxxxxxxxxxxx> wrote in message news:ay0N55mlJHA.1700@xxxxxxxxxxxxxxxxxxxxxxxxx
Hello John,

Thanks for the update.

In the VPN connect log, I found that the client attempt to connect to the
SBS server with SSTP. However, please understand that in the SBS 2003
Environment SSTP is not supported. It is first introduced in the SBS 2008.
To correct the issue, I would like to suggest you to rerun the Connection
Manager packet from the SBS 2003 server to recreate the VPN connection. You
can also manually create a VPN connection using PPTP to check how it works.
To create a new VPN connection:

1. Open the Network connections from Control Panel.
2. Click File--->New connection--->Next--->Connect to the network at my
workplace--->VPN network connection.
3. Input the VPN server host name: vpn.longsoho.com and finish the wizard.
4. Then try to connect this VPN connection to check how it works.

If a manually created VPN connection fails, I'd like to suggest you to
perform the following tests to verify the VPN protocol connectivity.

Test 1:
---------------------------
Please try to VPN the SBS Server from a internal client, configure the VPN
gateway points to SBS internal network interface on the testing client.
Will you receive the error message?

Test 2: Ping 1723 port
---------------------------
On the external VPN client, click Start, click Run, type "cmd" (without the
quotation marks) and click OK. Type the following command and press ENTER:

telnet <Public IP or FQDN of the SBS server> 1723

Do you get a blank screen with a blinking cursor? If not, the port 1723 is
blocked by the VPN client, the router in front of your SBS server, or your
ISP.

Test 3: Test GRE Protocol 47
---------------------------
Could you please double-check if GRE Protocol 47 is enabled on your router?
Based on my experience, there are some similar issues caused by the router.

PPTP Ping allows you to test whether PPTP traffic, consisting of TCP port
1723 traffic for PPTP tunnel maintenance and IP protocol 47 for GRE traffic
for PPTP tunneled data, can be successfully sent and received between a
client and server computer. PPTP Ping does not verify that a successful
PTPP connection can be made (which requires a user authentication process),
only that PPTP traffic can be exchanged with a specified destination.

<How to get PPTPSRV.exe and PPTPCLNT.exe?>
Run SUPTOOLS.MSI from support\tools folder in Vista CD-ROM;
Then search your Vista for PPTPSRV.exe and PPTPCLNT.exe.

1) On server, open Routing and Remote Access console, right click the RAS
Server, select "All Tasks" -> Stop. (You can start it after the test), copy
the Pptpsrv.exe from Vista SP1 client to C:\ on Server. Then run the
Pptpsrv.exe from command prompt.
NOTE: You should stop the Routing and Remote Access service on the RRAS
(VPN) server so that PPTPSRV can bind to port 1723.

2) Run Pptpclnt.exe [ServerNameorIPaddress] on Vista SP1 client.

3) When prompted by Pptpclnt.exe, type some text to send to Pptpsrv.exe,
and then click Enter.
You see the text received at the host running Pptpsrv.exe. You then see
five GRE packets sent from Pptpclnt.exe and received at Pptpsrv.exe. Please
collect the output for us to perform further research.

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.



Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.




.

Relevant Pages

  • Re: Some Questions
    ... you may need to follow the steps below to configure VPN access ... And make sure you have typed the public FQDN of the SBS ... server on the Web Server Certificate page. ... log in and download Connection Manager. ...
    (microsoft.public.windows.server.sbs)
  • RE: Help with Internet and Email wizard
    ... Thank you for posting in the SBS newsgroup. ... On SBS Server, run the CEICW, go through "Connection Type" page, on ... Since we don't want to set up an external internet access, ... We can select Option one "Create a new Web server certificate" to ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: ActiveSync and T-Mobile Treo 650
    ... Thank you for posting in the SBS newsgroup. ... Generally, to publish ActiveSync, you just need to run the CEICW and enable ... Method 2 - Replace your Exchange Web Publishing rule with a Server ... new certificate on the Exchange server to match the new url being used to ...
    (microsoft.public.windows.server.sbs)
  • RE: Enabling VPN Remote Access using SBS 2003 standard with ISA 20
    ... I am glad to hear the VPN issue has been resolved! ... on the SBS Server. ... Enabling VPN Remote Access using SBS 2003 standard with ISA ...
    (microsoft.public.windows.server.sbs)