1

I have recently updated my security certificate. I have imported the root and the intermediate certificates via mmc and then I imported the entity certificate via MS Exchange Power Shell. I have enabled the IMAP, SMTP and IIS along with that entity certificate. I have pointed the OWA IIS to the proper certificate but all I get when I head to my OWA site (either internally or externally) is this:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error

Any help at pointing me to the right direction to solve this would be appreciated.

After trying http://webmail.domain.com:443/owa/ I get the following:

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data

I'll get this "binding error" becuase the site binds to https, which technically listens on port 443, but the browser doesn't send the necessary HTTP headers for SLL unless you speicfy to use HTTPS.

By having http:// in the url and not https:// the browser is sending HTTP headers, not HTTPS headers.The site is set to only respond on HTTPS, as I assume it should be.

At the end it turns out that I still had one old certificate lingering around and after removing it and restarting IIS it works....

Darius
  • 111
  • 1
  • 4

1 Answers1

1

Try http://owa.domain.com:443 - that error smells like it's trying to answer with plain HTTP on the HTTPS port, so see if it'll answer you in plaintext.

If that's the case, triple-check the binding config and certificate assignment in IIS on the OWA site.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • That would be unusual but I will grant that its a possibility. I would start with the command: netstat -anb | find "LISTENING" – djangofan Dec 07 '11 at 17:34
  • How would I do that if I have my OWA access in this manner webmail.domain.com/owa ? – Darius Dec 07 '11 at 17:35
  • @djangofan A protocol error means that it accepted the connection (so it's clearly listening) but couldn't start SSL. – Shane Madden Dec 07 '11 at 17:36
  • @Darius Just `http://webmail.domain.com:443/owa`. It'll probably not load the login page, trying to redirect you instead.. but it'll give us more information. – Shane Madden Dec 07 '11 at 17:37
  • I have updated my question with the output of http://webmail.domain.com:443/owa – Darius Dec 07 '11 at 17:42
  • @Darius Definitely a binding issue, then. What does the binding configuration for the OWA site in the IIS admin panel look like? In these cases, I've sometimes had luck with just deleting the port 443 binding then re-adding it. – Shane Madden Dec 07 '11 at 17:44
  • @Shane IP Address: (All Unassigned) TCP:80 SSL:443 – Darius Dec 07 '11 at 17:50
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/1933/discussion-between-darius-and-shane-madden) – Darius Dec 07 '11 at 17:51