+ Post New Thread
Results 1 to 10 of 10
Enterprise Software Thread, exchange owa and certificate renewal in Technical; This has been giving me a headache for a few days now. Our Exchange server had it's security certificates expire ...
  1. #1
    atamakosi's Avatar
    Join Date
    Jun 2011
    Posts
    110
    Thank Post
    7
    Thanked 11 Times in 9 Posts
    Rep Power
    14

    exchange owa and certificate renewal

    This has been giving me a headache for a few days now. Our Exchange server had it's security certificates expire last week preventing access to OWA from external traffic. I thought it would be an easy renew/replace with our CA server. Well, that wasn't so hard but after that was finished I could only access the site from internally. I thought it might have been an issue with the expired certs still being on the active local cert list so I removed them. Begin the headache.

    I keep receiving an error 64 when accessing the https URL both internally and externally. At first I received a warning that the certificate was issued for another site, corrected that in ISA, and now get past the cert check and to the login page but receive error 64 after putting in my credentials. I've tried changing a few settings here and there to no benefit.

    As near as I can tell it's an issue with the IIS on the Exchange server not feeding the site properly as the same error occurs from the servers themselves (without routing through ISA, using the local address). I still get the 403 denied when going to the unsecured URL but always 64 when visiting the SSL site. But I could be way off base on that.

    I've tried even bringing in the company that set up the system but they are very slow to respond sadly. Any help is very appreciated (especially before our school term starts next week!)

  2. #2

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    889
    Thank Post
    282
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    Not sure whats going on with your system, but I had to renew our Exchange 2007 Certificate last week and it didn't prove to cause any problems whatsoever. I used the following page (https://www.digicert.com/easy-csr/exchange2007.htm) to create the request and used the guides on there to help get it installed with no bother whatsoever. We get our certs from Welcome to ipsCA Worldwide and it goes through quite smoothly and are free for education use, although it does take a little longer than it would normally as they manually check to ensure you are a legitimate education establishment.

    Hope it helps, best of luck.

    Pete

  3. #3

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Are you using a 3rd party cert on your own internal CA?
    2. Can you access OWA internally?
    3. Can you see and post the exact error from the site and from IIS logs?

  4. #4
    atamakosi's Avatar
    Join Date
    Jun 2011
    Posts
    110
    Thank Post
    7
    Thanked 11 Times in 9 Posts
    Rep Power
    14
    Thanks for the replies.

    1 Don't believe so. I wasn't able to confirm but the CA states "Issued by: <school> for <school>" and we have always received the browser warning that the security cert was self issued when browsing to our OWA URL.
    2. Was able to very briefly after renewing the cert but before removing the expired certs. Trouble with that is it wasn't accessable externally so I continued to troubleshoot.
    3. In the IIS logs it only has entries for attempting to open the unsecured site on port 80. Those are 301 and 403 errors. Nothing noted regarding the error 64 that is given when attempting to access https://mail.school.nz/owa. the exact message on the site is:

    Technical Information (for support personnel)

    Error Code 64: Host not available
    Background: The connection to the Web server was lost.

  5. #5

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Which version of Exch?
    2. I assume the issue is with all users?
    3. So when connecting internally, in IE do you get the 64 error?
    4. Can you repro the issue and PM me the IIS logs?

  6. #6
    atamakosi's Avatar
    Join Date
    Jun 2011
    Posts
    110
    Thank Post
    7
    Thanked 11 Times in 9 Posts
    Rep Power
    14
    Well, strangely enough I have been able to get access to an unsecured version after recreating the virtual directory but it is now giving an SSL error. Works fine when i disable the SSL within IIS manager 7 though. Leads me to think that the certificates are a bit funny. i.e. I didn't renew them correctly. Does anyone know which certificates are required for OWA access? (the exchange server has two certs for web server and domain controller)

    1. exchange 2007
    2. yes, everyone.
    3. yes, I was getting error 64 from internally as well as externally but that seems to have been resolved by recreating the virtual directory.
    4. The only logs i see for IIS under inetpub/logs/ are in regards to the http request and nothing for an SSL request. unsure how helpful that would be knowing that it works fine unsecured.

  7. #7

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. Run Get-ExchangeCertificate | fl from the shell and check the output and see what is assigned to IIS?
    2. Run OWA Connectivity test and see what that reports - Test-OwaConnectivity: Exchange 2007 Help

  8. #8
    atamakosi's Avatar
    Join Date
    Jun 2011
    Posts
    110
    Thank Post
    7
    Thanked 11 Times in 9 Posts
    Rep Power
    14
    Quote Originally Posted by sukh View Post
    1. Run Get-ExchangeCertificate | fl from the shell and check the output and see what is assigned to IIS?
    2. Run OWA Connectivity test and see what that reports - Test-OwaConnectivity: Exchange 2007 Help
    1. Ran and couldn't see anything specifically related to IIS. Saw Mail server with specific services for POP, IMAP, and SMTP (not all one cert though). Can't say I'm very literate with Exchange command shell so please forgive me if I've missed it.

    2. It initially failed to run but changed OU and restarted system attendant and it came back with a failed at logon result.

    What Security Certs are required for OWA to perform properly?

  9. #9

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    1. If you didnt see IIS, then you need to assign the cert to IIS as well. Using the previous command, use the thumbprint and enable it for IIS - Enable-ExchangeCertificate: Exchange 2007 Help

  10. Thanks to sukh from:

    pcstru (14th January 2013)

  11. #10
    atamakosi's Avatar
    Join Date
    Jun 2011
    Posts
    110
    Thank Post
    7
    Thanked 11 Times in 9 Posts
    Rep Power
    14
    the problem has been solved. The company that set our exchange server up finally got back to me. From what their engineer said the bindings in IIS were lost and had to be redone. so we are now back up and running. I hope this will help someone else in the future if they run across error 64 in OWA. Thanks for all your help!

SHARE:
+ Post New Thread

Similar Threads

  1. Exchange, OWA and Domain Name
    By trivers1982 in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 5th September 2011, 07:15 PM
  2. in a muddle with exchange 2010 sp1 (owa and certificates)
    By sacrej in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 13th October 2010, 09:26 AM
  3. Exchange OWA and attachments
    By Jobos in forum Windows
    Replies: 2
    Last Post: 13th May 2009, 02:11 PM
  4. Exchange 2003 and OWA
    By uk101man in forum Wireless Networks
    Replies: 4
    Last Post: 9th October 2007, 05:43 PM
  5. Replies: 2
    Last Post: 28th February 2007, 11:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •