We recently had an interesting problem with an Expired Sites certificate in Small Business server 2008.
We had a call from a customer who owned an SBS 2008 server that had been setup by a previous IT firm. The users had started to get certificate prompts from Outlook. On checking we found that the remote.company.co.uk certificate had expired, we duly recreated the remote.company.co.uk certificate but found that some users were still getting prompts:
So, it looks like Outlook was requesting a “sites” certificate that is setup when SBS is installed (but not normally used once the relevant network setup wizards are run). So it looks like some parts of exchange on the SBS had been setup manually.
Looking at the certificates snapin showed that the sites certificate had expired and proved difficult to renew.
We then started to look at why this certificate was being referred by using some exchange management shell commands:
Get-ClientAccessServer | Select Name, *Internal* | fl
Get-WebServicesVirtualDirectory | Select name, *url* | fl
The resulting outputs showed that some of the exchange services were pointing to “sites”
Get-ClientAccessServer | Select Name, *Internal* | fl
AutoDiscoverServiceInternalUri : https://sites/Autodiscover/Autodiscover.xml
Get-WebServicesVirtualDirectory | Select name, *url* | fl
InternalNLBBypassUrl : https://server.company.local/EWS/Exchange.asmx
InternalUrl : https://sites/EWS/Exchange.asmx
ExternalUrl : https://sites/EWS/Exchange.asmx
This is why the clients were getting the popup in Outlook as it tried to connect to the exchange web services via Https://sites/. A few more lines of PowerShell reset these URLs to the correct locations
Set-ClientAccessServer –Identity server -AutoDiscoverServiceInternalUri:https://remote.company.co.uk/Autodiscover/Autodiscover.xml
Set-WebServicesVirtualDirectory –Identity “server\EWS(SBS Web Applications)” –InternalUrl: https://company.co.uk/EWS/Exchange.asmx
Set-WebServicesVirtualDirectory –Identity “server\EWS(SBS Web Applications)” –ExternalUrl: https://remote.company.co.uk/EWS/Exchange.asmx
And the popups stopped. So, the moral of this is “Always use the SBS wizards to configure a Small Business Server!”