RWW: version=1 msgtype=status status=-3 message=Password Incorrec

Discussion in 'Windows Small Business Server' started by Shawn O'Connor, Nov 20, 2006.

  1. Hi Shawn,

    I thought of that after I had submitted the reply ;-) But I think you are a
    man? Anyway, received your email and you should rerun CEICW and fill in the
    FQDN starting with ids for the webcertificate first. Let me know, and I will
    try again.

    --
    Regards,

    Marina Roos
    Microsoft SBS-MVP
    One of the Magical M&M's
    www.smallbizserver.net
    Take part in SBS forum:
    http://www.smallbizserver.net/Default.aspx?tabid=53

     
    Marina Roos [SBS-MVP], Nov 22, 2006
    #21
    1. Advertisements

  2. I've done that already a bajillion times as you suggested.

     
    Shawn O'Connor, Nov 22, 2006
    #22
    1. Advertisements

  3. Hi Shawn,

    You really need to get rid of that silly certificate first though. Is
    Certificate Services installed by any chance? I sure hope not, but it does
    look like it.

    --
    Regards,

    Marina Roos
    Microsoft SBS-MVP
    One of the Magical M&M's
    www.smallbizserver.net
    Take part in SBS forum:
    http://www.smallbizserver.net/Default.aspx?tabid=53

     
    Marina Roos [SBS-MVP], Nov 22, 2006
    #23
  4. Well, definitely the wrong cert is a bad thing. I checked the properties on
    "my computer" -- no greyed out buttons.

    I mentioned earlier that "publishing.domainname.com" is the certificate
    being used for the default web site, remote, and exchweb. I've looked at
    some of my other SBS installs since and they are using a certificate like,
    "office.domainname.com" which is the usual way I set things up. So I'm
    wondering where the publishing.domainname.com cert came from? I didn't use
    that when running CEICW. I'm going to manually remove that cert for those
    sites and try again.

    You mentioned getting rid of the bad cert can be tricky. If the above
    doesn't solve it, and I don't think it will because I'm pretty sure I did
    that already -- then how do I find this thing and get rid of it? I've done a
    search on my hard drive for all *.cer files -- nothing looks out of the
    ordinary. What else?



     
    Shawn O'Connor, Nov 22, 2006
    #24
  5. I thought I had it figured out. No matter how I run the wizard it always
    wants to put the publishing.domainname.com cert for the default website. So
    I went in and removed that cert and manually added the ids.dnsalias.com cert.
    Then started and stopped IIS. I STILL get the bad certificate.

    So maybe I have two problems. One with the wizard and the other with the
    bad cert.

    I did some further research and it is the companyweb website that is
    supposed to have the publishing.domainname.local cert. (I was wrong earlier
    in saying it was publishing.domainname.com).

    So -- do you have any ideas for hunting down and killing this bad cert?

    Thanks,

    --Shawn
     
    Shawn O'Connor, Nov 22, 2006
    #25
  6. Hi Shawn,

    The publishing cert is because of ISA and should not be deleted. By
    rerunning CEICW you can get that back to what it should be.

    With mmc and then adding the certificates add-in you can have a look at the
    several certificates that are installed.

    --
    Regards,

    Marina Roos
    Microsoft SBS-MVP
    One of the Magical M&M's
    www.smallbizserver.net
    Take part in SBS forum:
    http://www.smallbizserver.net/Default.aspx?tabid=53
     
    Marina Roos [SBS-MVP], Nov 22, 2006
    #26
  7. I know and I know. I did delete the publishing cert and then reran CEICW to
    restore the cert. It continues to want to put the
    publishing.domainname.local cert for the default website, RWW and Exchange.
    I manually added the correct cert in IIS for the default website, but that
    still did not resolve the bad certificate issue -- it still crops up like a
    bad habit.

    I wonder if everything is now correct, but ISA is caching something?

    I've already gone into the MMC certificate add-in to have a look -- the bad
    cert is not listed. But, admittedly, I'm not very strong in this area so I'm
    not certain what I should be adding to the add-in when looking.
     
    Shawn O'Connor, Nov 22, 2006
    #27
  8. Shawn O'Connor, Nov 22, 2006
    #28
  9. Hi Shawn,

    Can you double check your router and see if that is configured for remote
    access through port 443? If yes, turn off that remote access or change the
    port to something else. I think the certificate is from your router.
    Do not change anything manually in IIS regarding the certificate. It SHOULD
    show the publishing there.

    --
    Regards,

    Marina Roos
    Microsoft SBS-MVP
    One of the Magical M&M's
    www.smallbizserver.net
    Take part in SBS forum:
    http://www.smallbizserver.net/Default.aspx?tabid=53
     
    Marina Roos [SBS-MVP], Nov 22, 2006
    #29
  10. Hmmm...that is a good suggestion and I did think about that a while ago. I
    did recently change my router to the Linksys WRV54G, BUT I'm not doing any
    port forwarding, etc that I know of. Since I am running ISA 2004 on the
    Server with the 2 NIC cards I just have the Server on the router's DMZ. I
    just didn't see a way that the router could be pushing its own certificate
    out there.

    However, it doesn't hurt to change some things around and see if I can't
    force a situation where I'm certain the router is not involved at all -- just
    to eliminate that as a possibility. I'll have to think about how to do that
    and still be able to test over the internet. I don't have an extra router
    laying around.

    I guess I could just plug the DSL modem into the external NIC on the Server
    and use that interface directly. I used to do that, but it didn't seem to be
    very reliable. That was back with ISA 2000 -- and I haven't tried the same
    config with ISA 2004. I'll post back and let you know.

    --Shawn
     
    Shawn O'Connor, Nov 22, 2006
    #30
  11. Marina Roos [SBS-MVP], Nov 22, 2006
    #31
  12. Why not? Let the firewall do what it is supposed to do. As I mentioned
    before I was going to try and bypass the router entirely to test, but it
    looks like there are still issues with doing a PPPOE connection with a
    dynamic IP --> seems SBS won't let you publish an SSL certificate. I guess
    that's by design. A shame -- without ISA that configuration works like a
    champ. Oh well.

    In the SBS logs it shows it very clearly that it detects the dynamic IP
    configuration and states that it will NOT touch the SSL Settings. So, I'll
    try doing just the port forwarding thing. Maybe I can cough up another
    router later to be absolutely certain this isn't the issue.

    However, I tend to agree with you that this is not the router. As for the
    DSL modem -- I don't have much control. It is the same one I've been using
    for years. A speedstream 5260.
     
    Shawn O'Connor, Nov 23, 2006
    #32
  13. Marina Roos [SBS-MVP], Nov 23, 2006
    #33
  14. Wooo-Hoooo!! It was the freakin' LINKSYS after all. After I moved the
    Server out of the DMZ and enabled all the port forwarding for the standard
    SBS ports the bad certificate went away and so did the error message that
    started this whole thing. Wow!

    So the good news is its fixed and the Server isn't compromised after all.
    The bad news is I don't understand what the DMZ has to do with anything and
    why the router would serve up a certificate like that. After looking at the
    docs for this particular router though -- it looks like it can be configured
    for a wireless hostpsot using some wierd service called "BOINGO". Even
    though this service is not turned on I'll bet that is their certificate we
    were seeing and somehow is enabled via the DMZ --

    Silly little machines.

    Anyways -- thanks for hanging in there with me.

    Best Regards,

    --Shawn
     
    Shawn O'Connor, Nov 23, 2006
    #34
  15. Marina Roos [SBS-MVP], Nov 23, 2006
    #35
  16. Hello Shawn,

    Thanks for your efforts on taking time to let me know that this issue has
    been successfully resolved. I am very glad to hear that. Your cooperation
    and efforts on this issue are very much appreciated. And thanks Marina
    Roos's suggestion.

    Should you have any other technical questions in the future, please don't
    hesitate to let us know by posting in our newsgroups. It's always our
    pleasure to be of assistance.

    Have a great day.

    Best Regards,

    Steven Zhu
    MCSE/MCDBA
    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    For urgent issues, you may want to contact Microsoft CSS directly.
    Please check http://support.microsoft.com for regional support phone
    numbers.
    Any input or comments in this thread are highly appreciated.
    ======================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from this issue.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    ======================================================
     
    Steven Zhu [MSFT], Nov 23, 2006
    #36
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.