External Exchange stopped working after cert renew
Settup: SBS2003 R2 with exchange 2003 and ISA (2006?)
The cert expired, so I recreated a self signed cert *.mydomain.net. (the old cert was for servr.mydomain.net)
I updated IIS standard website to use this cert.
Internally on LAN OWA is working OK: serv/exchange
However, externally,:
- OWA: in Chrome going to http://www.mydomain.net/exchange redirects to https but then results in error 'Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error'
in IE I imediatelly get 'Internet Explorer cannot display the webpage'
- RCP no longer functionning
I get a feeling that the ISA is messing up something, but can't see what to change.
So question: on what locations do you need to change somethign when changing a certificate?
Thanks,
Christof
March 22nd, 2012 6:46am
Thanks Casper,
I believe that the SP1 was already installed a^s part of normal updates of the server many years ago.
Anyway, once it worked, the wildcard didn't seem to bother ISA.
Thanks,
Christof
Free Windows Admin Tool Kit Click here and download it now
March 23rd, 2012 6:58am
Thanks Christof,
The web listener plays an important role in ISA. Good that issue has been resolved.
You can mark as answered if your issue has been resolved.APK
March 23rd, 2012 8:34am
Hi there,
I am really puzzled: it worked for some time (at least while testing) but then, shortly after, it stopped working again, with the same symptoms.
So it seems like it worked for some time after aligning the listner cert to the new wildcard cert (previously no wildcard cert)
In IE I get a 'webpage can not be displayed' (so not a 404 orso) and in Chrome I again get 'Error 107 (net::ERR_SSL_PROTOCOL_ERROR): Error with SSL-protocol.'
HELP.
ISA version
I just check the ISA version. I am mistaken: it's not 2006 but 2004 ! Could that explain the issue with wildcard cert?
Thanks,
Christof
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2012 5:13am
Hi,
Please have a look at the article below:
Step-by-Step: Publishing a Single Exchange 2003 OWA with ISA 2004 Firewall Forms Based Authentication
http://www.isaserver.org/tutorials/2004owafba.htmlXiu Zhang
TechNet Community Support
March 29th, 2012 5:18am
How is the issue now?Xiu Zhang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 2nd, 2012 2:04am
Hi,
I tried the howto you linked, but no luck.
In the end, I tried to do the 'connect to internet' wizard. But that crashed.
Then I found the reason: I added a virtual 2nd IP to the LAN and WAN interface..causing the Wizard to go 'banana'
So removed the additional IP's .. Then after 3 more trials and reboots, the wizard more or less completed.
Anyway, this caused the publishing of the sites to be reactivated.
At least the ones running on the default IP. Adding the VIP's didn't work out as apparently also the listeners on OS level went.. so after adding those with the admin tools ... things started to get back to normal.
The only downside is that now, the certificate is again the one with the wrong FQN .. causing certificate warnings in browsers etc. The Wizard didn't ask how I wanted (hostname) to publish these sites.
Too bad, that's how it was before, but by far the most important is that the sites and RCP/HTTPS are up again from the outside world.
Thanks all for your assistance.
April 3rd, 2012 5:38pm
Glad to hear that the outlook anywhere is working now.
For certificate, if it is a self-signed certifcate, then please ensure that you have install the certificate on the client computer.
Besides, I recommend you to have a look at the article below:
Configuring ISA to Redirect OWA Users to the Correct Directories and Protocols (Part 2)
http://www.msexchange.org/articles/Redirecting-OWA-Users-Correct-Directories-Protocols-Part2.htmlXiu Zhang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 4th, 2012 2:20am