I visited a client's server today to do regular maintenance and only two users asked me about a security prompt when opening outlook. It was a certificate expiration error but I forgot to get a screenshot of it. On the server I noticed this error (started on 6/30/2010, near the same day that their motherboard failed):
"Active Directory Certificate Services denied request 109 because The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613). The request was for CN=server.domain.local. Additional information: Error Constructing or Publishing Certificate"
I ran the SBS BPA and saw a certificate has expired but it says: "The SSL certificate for 'SBS Web Applications' expired on 7/10/2010. Users might not be able to connect to the server."
When I visit the CA snap-in in server manager, the first section (name escapes me right now) has a red X next to the self-signed cert saying that it was unable to contact or download the CRL. I tried a few things found using google but the errors in the eventvwr still shows but the clients don't get the error anymore or at least not anymore today. In the CA trusted root the certificate is not listed as expired.
If I visit the certsrv website it shows a 404 that the page cannot be found. It has the physical path as c:\inetpub\wwwroot\certsrv (IIRC) on the web page but in explorer there is no folder but I'd need to create a virtual machine to verify the correct path.
HP ML350 G5
SBS 2008 Premium
Quad core Xeon
Plenty of free space
New windows updates have not been applied; I was hoping to see if I could resolve this issue before moving on or finding out what this error means.
Do you have a 3rd party certificate or a Self signed certificate?
I suggest you run the Install a Trusted Certificate wizard again and re-import the correct certificate.
Also make sure you have the latest Exchange Rollups installed.
Regards, Boon Tee - PowerBiz Solutions, Australia
I don't have a 3rd part cert, just the default self-signed cert from installation. I did rerun the install a trusted cert wizard but it didn't seem to help that I can tell. Granted, the users didn't get the same error in outlook as they previously did but I haven't had a chance to rerun the SBS BPA today to see if the same cert is expired still.
Did you rerun the SBS BPA?
As Boon wrote, the cost of a 3rd part cert is fairly inexpensive, and is often required to work with some of the newer cell phones.
Here is a link for step-by-step instructions on how to install a 3rd party certificate ($25 from GoDaddy) onto an SBS 2008 server:
-Kevin Weilbacher (SBS MVP)
"The days pass by so quickly now, the nights are seldom long"
KW Support MVP Blog
MVP's do NOT work for Microsoft. We give our time freely to support the SBS community!