UTP Network cables connected to an Fast-Giga ethernet ports. Internet Service Provider equipment. Data Network Hardware Concept. NOTE: there are no visible copyrights on image, only visible text is the name of the optical cards and marks of giga ethernet ports and that's not copyrighted
a110ur30rk November 19, 2015 No Comments

Small Business Server 2008 Sites Certificate

We recently had an interesting problem with an Expired Sites certificate in Small Business server 2008.

We had a call from a customer who owned an SBS 2008 server that had been setup by a previous IT firm. The users had started to get certificate prompts from Outlook. On checking we found that the remote.company.co.uk certificate had expired, we duly recreated the remote.company.co.uk certificate but found that some users were still getting prompts:

small-business-server

So, it looks like Outlook was requesting a “sites” certificate that is setup when SBS is installed (but not normally used once the relevant network setup wizards are run). So it looks like some parts of exchange on the SBS had been setup manually.

Looking at the certificates snapin showed that the sites certificate had expired and proved difficult to renew.

expired-certificate

We then started to look at why this certificate was being referred by using some exchange management shell commands:

Get-ClientAccessServer | Select Name, *Internal* | fl

Get-WebServicesVirtualDirectory | Select name, *url* | fl

The resulting outputs showed that some of the exchange services were pointing to “sites”

 

Get-ClientAccessServer | Select Name, *Internal* | fl

AutoDiscoverServiceInternalUri : https://sites/Autodiscover/Autodiscover.xml

 

Get-WebServicesVirtualDirectory | Select name, *url* | fl

InternalNLBBypassUrl : https://server.company.local/EWS/Exchange.asmx

InternalUrl          : https://sites/EWS/Exchange.asmx

ExternalUrl          : https://sites/EWS/Exchange.asmx

 

This is why the clients were getting the popup in Outlook as it tried to connect to the exchange web services via Https://sites/. A few more lines of PowerShell reset these URLs to the correct locations

Set-ClientAccessServer –Identity server -AutoDiscoverServiceInternalUri:https://remote.company.co.uk/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory –Identity “server\EWS(SBS Web Applications)” –InternalUrl: https://company.co.uk/EWS/Exchange.asmx

Set-WebServicesVirtualDirectory –Identity “server\EWS(SBS Web Applications)” –ExternalUrl: https://remote.company.co.uk/EWS/Exchange.asmx

 

And the popups stopped. So, the moral of this is “Always use the SBS wizards to configure a Small Business Server!”