Registered users    
MembershipMembership:
Latest New UserLatest:Chris Addison
New TodayNew Today:9
New YesterdayNew Yesterday:11
User CountOverall:23331
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12895
Marina Roos12523
Eriq Neale2114
Michael Patrick1913
Stan Guinn1913
Robert Pearman1771
Nick Pieters1425
Stewart Brown616
william warren601
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > Remote Access
Subject: Problem with SSL Certificate following a reinstall of ISA 2004
Prev Next
You are not authorized to post a reply.

Author Messages
Paul Smith User is Offline
Tadley UK
Member since
4/20/2005

Registered Users
Posts: 297
7/17/2008 12:54 PM  
Some Background:
I was changing the Network Rules in ISA 2004 to try and resolve a routing problem caused by trying to implement a Web Screening service (from Messagelabs). Things were not working out, I could not get Direct Push from Exchange to work through this Proxy Service, I decided to remove the plug ins rule changes etc....., I disabled the extra rules and Web Chaining, and deleted my additional network then applied the changes, at this point it all went horribly wrong ISA had a fit and decided that it could not see any Network definitions at all. When I tried to view them through ISA Server MGR it gave me 0x8007.... something cannot find file. I could not re-import the configuration either it gave me the same error.
 
After a lot of poking about in the registry, Internet research and looking at ISA I concluded that it was necessary to completely uninstall ISA and start again. I did so applied SP3 and re-imported my ISA configuration which I had taken the precaution of saving before I started all my previous changes, and I was back to working again. During this reinstall process however it reran the CEICW, this recreated the default certificate (this may have been a mistake on my part letting it run but that's what I did).
 
The new problem:
All my users were working again. However my mobile phones could no longer SYNC they give me code 0x80072F0D which tells me that the server certificate is not valid. I went back and checked my Web Listener rules and sure enough they were pointing to my default certificate, so of course the mobile phones could no longer see a 'Valid' SSL Certificate. (These phones BTW will not allow me to import my own SSL Cert so this is the only way to get them to work)
 
I created a new web Listener and attempted to set this looking at my valid 'SSL (InstantSSL) certificate'. I cant see it. Therefore I went back to IIS checked the default website and tried to find it. Its not Listed the when using the Service Certificate/Replace option. Using the MMC plug in I looked at the Certificate Store, and reimported the Trusted Root & Intermediate Certificates. I the deleted and reimported my (newish) Shiny SSL certificate into Personal (Computer Account). In the MMC console It all looked fine, rebooted etc...., I can now see the Certificate in the Server/Cert-Replace dialogue (which I did not complete I just used it to see what was 'available')
 
However I still cannot see the InstantSSL certificate from ISA.
 
I have tried 'cheating' two ways:
1) Set up a new dummy website and generate a New Request
2) Creating a new request on the default Site
 
Then using my previously generated certificate as the 'new import' This doesn't work either.
...
 
I had a lot of problems getting this to work before the first time around November 2007, I recall making to requests as I was then in the 30day Rekey period. Its also possible I may have missed writing down a step somewhere. The general consensus seems to be: SBS is anecdotally very picky about SSL certs, and unless you do it the 'proper' way using the supplied wizards it wont work.
 
I have a feeling that what I need to do is completely start again generate an entirely new request and pay for a New SSL certificate.
 
Any thoughts or ideas would be greatly appreciated.
 
Thanks
Paul
Paul Smith User is Offline
Tadley UK
Member since
4/20/2005

Registered Users
Posts: 297
7/21/2008 01:31 PM  
I have a solution to my problem now (from the ISA 2004 forum). I have had to create a new CSR request for a refreshed SSL certficate.

Unless you export your newly installed SSL certificate (with Private Key!!!!!) and save it somewhere you will not be able to re-import the SSL certificate on SBS 2003. The Private key will never match. As a secondary safe guard also export and save the Request Key from the MMC Certificate Plugin too.

I did not save either keys in the correct manner, hence I got stuck. However my CA have been very helpful and are re-issuing my Certificate.
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > Remote Access > Problem with SSL Certificate following a reinstall of ISA 2004


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.2812518 seconds.   :   Terms Of Use   :   Privacy Statement