New certificate broke OWA 2007
We are running an up-to-date version of Exchange. We have two front-end servers and two back-end. Everything was working ok, then our certificate expired so we got a new one and installed it. Now everything is working except for OWA.
When you go to https://<myserver>/owa you get the logon screen and enter the username and password. The problem is that after clicking on submit, the next screen you get is a 404 error.
I once saw a 500 error but since only 404.
Im guessing that since this started with the new certificate it's related to that. Do you need the IIS service on the front-end for the certificate, currently we only have SMTP? Or is there another place we need to install the certificate that
we've left out?
November 3rd, 2011 12:37pm
You're running Exchange 2007, correct? There's no "front end" or "back end" in Exchange 2007, there are now roles, CAS and Mailbox. Is that what you mean?
Yes, your problem could certainly be certificate-related but it's hard to say without any information.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
November 3rd, 2011 5:21pm
Hi Ghostta,
Any updates?
Exchange 2003 or Exchange 2007? 3rd party certificate or interna CA one?
Please post the error message here when you open OWA.
Please check whether there is any error events in the Event Viewer.
For Exchange 2007:
Securing an Exchange 2007 Client Access Server using a 3rd party SAN Certificate
http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html
Frank Wang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.
November 4th, 2011 5:09am
Hi Ghostta,
Any updates?
Frank Wang
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2011 8:50pm
That is correct, CAS and Mailbox. There are no events created in the event log to show any sort of error making it hard to figure out. What more information would you like. We are running IIS 7. I am going to try re-creating the virtual
directories, as the certificate authority verified the certificate is ok.
November 7th, 2011 11:52am
It is a third party certificate that has IIS enabled.
Here is the URL message:
https://email.mross.com/owa?url=https%3a%2f%2femail.mross.com%2fowa%2f&reason=0
Here is the webpage we get after typing in the correct information:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:
Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted.
Click the Back button to try another link.
HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)
Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a title search for the words
HTTP and 404. Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled
Web Site Setup, Common Administrative Tasks, and
About Custom Error Messages.
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2011 11:56am
This may also help. I ran the command "Test-Owaconnectivity -URL:xxxx -MailboxCredentials:xxxx and it gives these warnings:
WARNING: The server neither challenged for authentication nor returned the forms-based authentication page.
WARNING: The test received an unexpected response to an Outlook Web Access request.
WARNING: The test for URL 'https://email.mross.com/owa/' failed.
November 7th, 2011 12:20pm
Hi Ghostta,
About the OWA error message "HTTP Error 404 - File or directory not found", please see this Technet document:
Outlook Web Access Returns an Unexpected Response
http://technet.microsoft.com/en-us/library/cc179584%28EXCHG.80%29.aspx
Similar post, please see:
http error 404 while trying to access OWA
http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/83c3c24a-82c5-4afc-bf8b-9bd09ea9fedf/
Frank Wang
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2011 1:49am
Thank you. I went through both those links with the exception of removing the CAS role and adding it again. Unfortunately all the settings are correct on our end. I tried removing settings and added them again and it unfortunately has not
made a difference. I am talking with the team about next steps.
November 8th, 2011 12:48pm
Do you need the IIS service on the front-end for the certificate, currently we only have SMTP? Or is there another place we need to install the certificate that we've left out?
Hi Ghostta,
Yes, you should enable the IIS on the certificate.
Please run the cmdlet Get-ExchangeCertifcate | fl to check whether the Services are enabled.
Did you get the certificate from Entrust? If yes, did you follow the below link to install the certificate?
How to install an Entrust Unified Communications Certificate (UCC) in Microsoft Exchange Server 2007
http://www.entrust.net/knowledge-base/technote.cfm?tn=7031
Since you have two CAS servers, please install the certificate on both servers(Suggest you remove the expired one).
Resource:
Exchange 2007 lessons learned - generating a certificate with a 3rd party CA
http://blogs.technet.com/b/exchange/archive/2007/02/19/3400537.aspx
Frank Wang
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2011 10:14pm
It was an issue between the extra layer of Entrust security and OWA. No the certificate was from DigiCert and was installed correctly in OWA with all the appropriate services. There were some extra steps needed for the Entrust grid card system
to work properly with OWA and the new certificate. I wasn't the one who fixed it however so I am unable to post what was done to complete support call.
Thank you for all your help.
Daniel
November 14th, 2011 4:55pm