|
|
You're in the
iis smtp nntp
group:SSL and OWA
iis smtp nntp:
I have decided to secure my OWA site using SSL. I have followd the
instructions for installing certificate services, creating a server certificate and used the external domain name as the common name for the server. Having applied the certificate I can now no longer access OWA internally (can't check it externally). I used to be able to do this but only by using the server name and not the FQDN. I am assuming this is something to do with having told the certificate server that the common name is the FQDN. Any suggestions as to why I can't access the server. If I use HTTP and the internal server name I get Error 403 forbidden. If I use HTTPS I get the page
Ok - managed to get a little bit further. Having added the FQDN to my hosts
file I can now access it using the full name. However, I still get the same errors. 403 forbidden without HTTPS and cannot find server or DNS error with HTTPS. Take out the cert and it all works fine, put in the cert and it all stops etc etc etc [quoted text, click to view] "Raven" wrote:
> I have decided to secure my OWA site using SSL. I have followd the > instructions for installing certificate services, creating a server > certificate and used the external domain name as the common name for the > server. > > Having applied the certificate I can now no longer access OWA internally > (can't check it externally). I used to be able to do this but only by using > the server name and not the FQDN. I am assuming this is something to do with > having told the certificate server that the common name is the FQDN. > > Any suggestions as to why I can't access the server. If I use HTTP and the > internal server name I get Error 403 forbidden. If I use HTTPS I get the page
Well I looked in the IIS log file but there was nothing that seemed even to
relate to SSL in there. I did a simulated handshake using SSL diagnostics and got the following (is there no way to attach files to these messages?) System time: Thu, 20 Jan 2005 13:42:33 GMT Connecting to 127.0.0.1:443 Connected Handshake: 108 bytes sent Handshake: 1415 bytes received Handshake: 182 bytes sent Handshake: 43 bytes received Handshake succeeded Verifying server certificate, it might take a while... Server certificate name: mail.macleandata.co.uk Server certificate subject: C=GB, S=Midlands, L=Leicestershire, O=Maclean Data, OU=IT, CN=mail.macleandata.co.uk Server certificate issuer: C=US, CN=mail.macleandata.co.uk Server certificate validity: From 1/19/2005 8:52:59 AM To 1/19/2007 8:52:59 AM HTTPS request: GET / HTTP/1.0 User-Agent: SSLDiag Accept:*/* HTTPS: 72 bytes of encrypted data sent HTTPS: 301 bytes of encrypted data received Status: HTTP/1.1 401 Access Denied HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.0 Date: Thu, 20 Jan 2005 13:42:33 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="127.0.0.1" Content-Length: 24 Content-Type: text/html HTTPS: server disconnected Error: Access is Denied. Final handshake: 23 bytes sent successfully - - - - - - - - END - - - - - - - - - [quoted text, click to view] "Ken Schaefer" wrote:
> Using the IIS Logfiles, verify that the requests are going to the correct > site. > Also, if you are using IIS6, you should be able to see the HTTP substatus > code in the logfile entry. Please post that so we can see why you are > getting an Access Denied. > > Lastly, you can use SSLDiag to troubleshoot the SSL issues: > http://www.microsoft.com/downloads/details.aspx?FamilyId=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en > > Cheers > Ken > > > "Raven" <Raven@discussions.microsoft.com> wrote in message > news:3BB267E8-A2B7-4169-A680-01A240E6064E@microsoft.com... > > Ok - managed to get a little bit further. Having added the FQDN to my > > hosts > > file I can now access it using the full name. However, I still get the > > same > > errors. 403 forbidden without HTTPS and cannot find server or DNS error > > with > > HTTPS. Take out the cert and it all works fine, put in the cert and it all > > stops etc etc etc > > > > "Raven" wrote: > > > >> I have decided to secure my OWA site using SSL. I have followd the > >> instructions for installing certificate services, creating a server > >> certificate and used the external domain name as the common name for the > >> server. > >> > >> Having applied the certificate I can now no longer access OWA internally > >> (can't check it externally). I used to be able to do this but only by > >> using > >> the server name and not the FQDN. I am assuming this is something to do > >> with > >> having told the certificate server that the common name is the FQDN. > >> > >> Any suggestions as to why I can't access the server. If I use HTTP and > >> the > >> internal server name I get Error 403 forbidden. If I use HTTPS I get the > >> page > >> you are looking for cannot be displayed. > >
The IIS log files only had the following reference
#Software: Microsoft Internet Information Services 5.0 #Version: 1.0 #Date: 2005-01-20 13:35:48 #Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent) 2005-01-20 13:35:48 192.168.16.2 - 192.168.16.2 80 GET /exchange - 403 Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0) 2005-01-20 13:42:33 127.0.0.1 - 127.0.0.1 443 GET / - 401 SSLDiag #Software: Microsoft Internet Information Services 5.0 #Version: 1.0 #Date: 2005-01-20 13:50:11 #Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent) 2005-01-20 13:50:11 192.168.16.13 - 192.168.16.2 80 GET /exchange - 403 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+1.0.3705) 2005-01-20 13:56:19 192.168.16.2 - 192.168.16.2 80 GET /CertEnroll/Maclean.crl - 404 CryptRetrieveObjectByUrl::InetSchemeProvider 2005-01-20 13:59:11 192.168.16.13 - 192.168.16.2 80 GET /exchange - 403 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+1.0.3705) I then ran the SSL diagnostics and went for a simulated handshake. This generated System time: Thu, 20 Jan 2005 13:42:33 GMT Connecting to 127.0.0.1:443 Connected Handshake: 108 bytes sent Handshake: 1415 bytes received Handshake: 182 bytes sent Handshake: 43 bytes received Handshake succeeded Verifying server certificate, it might take a while... Server certificate name: mail.macleandata.co.uk Server certificate subject: C=GB, S=Midlands, L=Leicestershire, O=Maclean Data, OU=IT, CN=mail.macleandata.co.uk Server certificate issuer: C=US, CN=mail.macleandata.co.uk Server certificate validity: From 1/19/2005 8:52:59 AM To 1/19/2007 8:52:59 AM HTTPS request: GET / HTTP/1.0 User-Agent: SSLDiag Accept:*/* HTTPS: 72 bytes of encrypted data sent HTTPS: 301 bytes of encrypted data received Status: HTTP/1.1 401 Access Denied HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.0 Date: Thu, 20 Jan 2005 13:42:33 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="127.0.0.1" Content-Length: 24 Content-Type: text/html HTTPS: server disconnected Error: Access is Denied. Final handshake: 23 bytes sent successfully Is this of any use because it means very little to me [quoted text, click to view] "Ken Schaefer" wrote:
> Using the IIS Logfiles, verify that the requests are going to the correct > site. > Also, if you are using IIS6, you should be able to see the HTTP substatus > code in the logfile entry. Please post that so we can see why you are > getting an Access Denied. > > Lastly, you can use SSLDiag to troubleshoot the SSL issues: > http://www.microsoft.com/downloads/details.aspx?FamilyId=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en > > Cheers > Ken > > > "Raven" <Raven@discussions.microsoft.com> wrote in message > news:3BB267E8-A2B7-4169-A680-01A240E6064E@microsoft.com... > > Ok - managed to get a little bit further. Having added the FQDN to my > > hosts > > file I can now access it using the full name. However, I still get the > > same > > errors. 403 forbidden without HTTPS and cannot find server or DNS error > > with > > HTTPS. Take out the cert and it all works fine, put in the cert and it all > > stops etc etc etc > > > > "Raven" wrote: > > > >> I have decided to secure my OWA site using SSL. I have followd the > >> instructions for installing certificate services, creating a server > >> certificate and used the external domain name as the common name for the > >> server. > >> > >> Having applied the certificate I can now no longer access OWA internally > >> (can't check it externally). I used to be able to do this but only by > >> using > >> the server name and not the FQDN. I am assuming this is something to do > >> with > >> having told the certificate server that the common name is the FQDN. > >> > >> Any suggestions as to why I can't access the server. If I use HTTP and > >> the > >> internal server name I get Error 403 forbidden. If I use HTTPS I get the > >> page > >> you are looking for cannot be displayed. > >
Using the IIS Logfiles, verify that the requests are going to the correct
site. Also, if you are using IIS6, you should be able to see the HTTP substatus code in the logfile entry. Please post that so we can see why you are getting an Access Denied. Lastly, you can use SSLDiag to troubleshoot the SSL issues: http://www.microsoft.com/downloads/details.aspx?FamilyId=CABEA1D0-5A10-41BC-83D4-06C814265282&displaylang=en Cheers Ken [quoted text, click to view] "Raven" <Raven@discussions.microsoft.com> wrote in message news:3BB267E8-A2B7-4169-A680-01A240E6064E@microsoft.com... > Ok - managed to get a little bit further. Having added the FQDN to my > hosts > file I can now access it using the full name. However, I still get the > same > errors. 403 forbidden without HTTPS and cannot find server or DNS error > with > HTTPS. Take out the cert and it all works fine, put in the cert and it all > stops etc etc etc > > "Raven" wrote: > >> I have decided to secure my OWA site using SSL. I have followd the >> instructions for installing certificate services, creating a server >> certificate and used the external domain name as the common name for the >> server. >> >> Having applied the certificate I can now no longer access OWA internally >> (can't check it externally). I used to be able to do this but only by >> using >> the server name and not the FQDN. I am assuming this is something to do >> with >> having told the certificate server that the common name is the FQDN. >> >> Any suggestions as to why I can't access the server. If I use HTTP and >> the >> internal server name I get Error 403 forbidden. If I use HTTPS I get the >> page >> you are looking for cannot be displayed.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |