Enterprise Software Thread, exchange owa and certificate renewal in Technical; This has been giving me a headache for a few days now. Our Exchange server had it's security certificates expire ...
22nd January 2012, 05:07 AM #1
exchange owa and certificate renewal
This has been giving me a headache for a few days now. Our Exchange server had it's security certificates expire last week preventing access to OWA from external traffic. I thought it would be an easy renew/replace with our CA server. Well, that wasn't so hard but after that was finished I could only access the site from internally. I thought it might have been an issue with the expired certs still being on the active local cert list so I removed them. Begin the headache.
I keep receiving an error 64 when accessing the https URL both internally and externally. At first I received a warning that the certificate was issued for another site, corrected that in ISA, and now get past the cert check and to the login page but receive error 64 after putting in my credentials. I've tried changing a few settings here and there to no benefit.
As near as I can tell it's an issue with the IIS on the Exchange server not feeding the site properly as the same error occurs from the servers themselves (without routing through ISA, using the local address). I still get the 403 denied when going to the unsecured URL but always 64 when visiting the SSL site. But I could be way off base on that.
I've tried even bringing in the company that set up the system but they are very slow to respond sadly. Any help is very appreciated (especially before our school term starts next week!)
22nd January 2012, 11:18 AM #2
Not sure whats going on with your system, but I had to renew our Exchange 2007 Certificate last week and it didn't prove to cause any problems whatsoever. I used the following page (https://www.digicert.com/easy-csr/exchange2007.htm) to create the request and used the guides on there to help get it installed with no bother whatsoever. We get our certs from Welcome to ipsCA Worldwide and it goes through quite smoothly and are free for education use, although it does take a little longer than it would normally as they manually check to ensure you are a legitimate education establishment.
Hope it helps, best of luck.
22nd January 2012, 03:59 PM #3
1. Are you using a 3rd party cert on your own internal CA?
2. Can you access OWA internally?
3. Can you see and post the exact error from the site and from IIS logs?
22nd January 2012, 09:37 PM #4
Thanks for the replies.
1 Don't believe so. I wasn't able to confirm but the CA states "Issued by: <school> for <school>" and we have always received the browser warning that the security cert was self issued when browsing to our OWA URL.
2. Was able to very briefly after renewing the cert but before removing the expired certs. Trouble with that is it wasn't accessable externally so I continued to troubleshoot.
3. In the IIS logs it only has entries for attempting to open the unsecured site on port 80. Those are 301 and 403 errors. Nothing noted regarding the error 64 that is given when attempting to access https://mail.school.nz/owa. the exact message on the site is:
Technical Information (for support personnel)
Error Code 64: Host not available
Background: The connection to the Web server was lost.
22nd January 2012, 09:42 PM #5
1. Which version of Exch?
2. I assume the issue is with all users?
3. So when connecting internally, in IE do you get the 64 error?
4. Can you repro the issue and PM me the IIS logs?
23rd January 2012, 12:14 AM #6
Well, strangely enough I have been able to get access to an unsecured version after recreating the virtual directory but it is now giving an SSL error. Works fine when i disable the SSL within IIS manager 7 though. Leads me to think that the certificates are a bit funny. i.e. I didn't renew them correctly. Does anyone know which certificates are required for OWA access? (the exchange server has two certs for web server and domain controller)
1. exchange 2007
2. yes, everyone.
3. yes, I was getting error 64 from internally as well as externally but that seems to have been resolved by recreating the virtual directory.
4. The only logs i see for IIS under inetpub/logs/ are in regards to the http request and nothing for an SSL request. unsure how helpful that would be knowing that it works fine unsecured.
23rd January 2012, 12:18 AM #7
1. Run Get-ExchangeCertificate | fl from the shell and check the output and see what is assigned to IIS?
2. Run OWA Connectivity test and see what that reports - Test-OwaConnectivity: Exchange 2007 Help
23rd January 2012, 02:29 AM #8
1. Ran and couldn't see anything specifically related to IIS. Saw Mail server with specific services for POP, IMAP, and SMTP (not all one cert though). Can't say I'm very literate with Exchange command shell so please forgive me if I've missed it.
Originally Posted by sukh
2. It initially failed to run but changed OU and restarted system attendant and it came back with a failed at logon result.
What Security Certs are required for OWA to perform properly?
23rd January 2012, 12:08 PM #9
1. If you didnt see IIS, then you need to assign the cert to IIS as well. Using the previous command, use the thumbprint and enable it for IIS - Enable-ExchangeCertificate: Exchange 2007 Help
Thanks to sukh from:
pcstru (14th January 2013)
24th January 2012, 10:15 PM #10
the problem has been solved. The company that set our exchange server up finally got back to me. From what their engineer said the bindings in IIS were lost and had to be redone. so we are now back up and running. I hope this will help someone else in the future if they run across error 64 in OWA. Thanks for all your help!
By trivers1982 in forum Windows Server 2000/2003
Last Post: 5th September 2011, 08:15 PM
By sacrej in forum Windows Server 2008 R2
Last Post: 13th October 2010, 10:26 AM
By Jobos in forum Windows
Last Post: 13th May 2009, 03:11 PM
By uk101man in forum Wireless Networks
Last Post: 9th October 2007, 06:43 PM
Last Post: 1st March 2007, 12:43 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)