I've just installed E2K3 (SP2) on a W2K3 SP2 server. -> So I can practice migratig to E2K10 (in case I ever have to do this). The problem is with OWA and SSL. If I attempt to access OWA locally, like this: http://localhost/exchange OWA opens just fine (with or without a prompt for credentials, depending on if I have Integrated Windows authentication enabled or not). But it does work. ################## ###### Note the lack of a "S" after http. ######################## If I add a "S", if I attempt to connect with SSL (required or not), I get this error: "Page cannot be displayed" There is no certificate prompt whatsoever. I do not even get to that part. This is also true if I attempt to connect with the server name: http://ex-03.mynet.int/exchange From the Exchange server itself, or from a remote client. - I am not attempting to connect from outside the LAN. - Windows Firewall is disabled on the W2K3 server. - This is a fresh install of both W2K3 and E2K3 (couple hours old). I did not modify NTFS permissions - or any other default settings. I did not encounter this problem the last time I installed E2K3 for the same purpose (practice migration to E2K10) several months ago. The only thing I may have done differently, this time, was to install .NET 3.5 SP1 on the mail server, thinking I needed it (I may not - I believe it's mostly necessary for PowerShell). Does anyone have a solution?

It means your cert is likley jacked up (seriously) Can you confirm your cert is good? Also try exporting and re-importing again. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

One other thing to check, the page cannot be dispalyed is also seen if the binding is incorrect in IIS, website properties, website tab, advanced button. Make sure the IPs are correct for both http and https.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Just to be sure... Did you check the box "Require secure channel (SSL)"? IIS - Exchange virtual directory - Directory Security - Secure Communications - Edit What happens when you clock "View Certificate"? Can you see the information? Any chance TCP port 443 blocked by firewall or any third party app.?

James, other than trying view certficate, how else would I check the cert? This is a fresh install so the only cert is the self-signed cert. I have not created a PKI cert for myself or acquired a 3rd party cert. I'm not in front of my (test) machines right now but will be in a couple hours.

That's pretty much it. Cert may not be the issue then if you're using the default self signed cert and wasn't mucking around creating, exporting, importing etc. Did you check the IP binding for https?James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Yes, I'll check bindings and try to export and re-import. If cert is bad somehow - don't see how that could fix it but I'll take a look. There is no firewall involved here.

In IIS 6, I'm trying to view cert propertied at the default website level but the View is grayed out. It is at the Exchange virtual directory as well. I can open the Web Server Certificate Wizard but it claims the web server does not have a certificate. Indeed, there is no option to export one. Under bindings there was nothing for port 443, only 80 (All Unassigned - no host headers). I added port 443 manually (All Unassigned) and restarted IIS. No luck. Same error message as before. Once again, fresh install, no firewall, no AV (closed test environment). No 3rd party apps installed. Have tried with SSL required and not requuired. And once again, http only connection brings up OWA and I can logon (tried as two different users).

All those signs indicate you have no cert, you need to generate a self signed cert in order to test. If you don't have an internal CA, use your e2k10 server to generate the cert then export it and import to your 2003 server.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

All those signs indicate you have no cert, you need to generate a self signed cert in order to test. If you don't have an internal CA, use your e2k10 server to generate the cert then export it and import to your 2003 server. James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com Agree with James. It is recommended that you obtain an SSL certificate by purchasing a certificate from a third-party certification authority (CA). As an alternative, you can use Certificate Services to install your own certification authorities. For more information, please refer to the Microsoft articles below: Configuring Exchange 2003 for Client Access http://technet.microsoft.com/en-us/library/aa995729(EXCHG.65).aspx

This is a test environment that I might take down in a couple weeks anyway, so I wouldn't buy a 3rd party SSL cert for that, even at only $50. At this point, my question is this: Shouldn't a self-signed cert be created when E2K3 is installed? I would have sworn that I did not need to produce one manually the last time I practiced a E2K3 to E2K10 migration.

No not for ek2003.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

OK, I must have just decided not to bother with SSL the last time I practiced with E2K3 (at work, we use E2K7).