You have recently
just completed a new Certificate Request in Exchange 2013, the
certificate seems to have bound correctly to the Client Access Server (CAS) in
which you raised the request, although some users cannot connect to Outlook Web
App (OWA) or Outlook. There are two Client Access Servers (CAS) in the
environment, load balanced using Network Load Balancing (NLB). On investigating
the certificates on the second CAS (not the server that the request was raised
on), the Event Logs are filled with the following error "An error
occurred while using SSL configuration for endpoint 0.0.0.0:443. The error
status code is contained within the returned data" to get users
working and to take the pressure of me to fix the issue I used nlbmgr.exe to
Stop the problematic host, thus passing all Client Access traffic
through only a single CAS.
The error "An
error occurred while using SSL configuration for endpoint 0.0.0.0:443. The
error status code is contained within the returned data" is caused by
a conflicting binding in IIS. Therefore I opened an MMC to view the
Certificates, it appeared the newly installed public certificate had not been
installed correctly on the secondary CAS, the private key associated to the
certificate was not found. I removed this certificate and used the MMC on
the working CAS server to Export the working Certificate.
The wizard is
self-explanatory but ensure the Yes, Export the Private Key radio button
is selected, click Next.
I then used the MMC
on the problematic server to import the Certificate with it's Private Key,
you can do this by right clicking on the Personal/Certificates store and
selecting Import.
Now that both of the
Client Access Servers have the correct certificate with corresponding private
key, it should be viewable by it's Friendly Name from the ECP.
You will notice the IIS service is currently assigned to this
certificate, and it was working correctly on the original CAS server.
The next stage was
to manually reconfigure the Bindings in IIS on the problematic
server, from the IIS Manager GUI click on Default Web Site and
click Bindings... from the right hand menu. On the working CAS the
bindings were are follows, please note 10.10.7.34 is the VIP of
the NLB cluster. I therefore reconfigured the problematic server to
match this configuration.
HTTP to 10.10.7.34 on
Port 80 with No Hostname.
HTTPS binding to IP
Address 10.10.7.34 on Port 443, with the Hostname mail.domain.com
and the SSL Certificate bound should match the Friendly Name of
your Certificate request viewable from the ECP.
HTTPS with No IP on
Port 443, again using the same Friendly Named SSL Certificate.
Once this was
completed I restarted the IIS Service, and the "An error
occurred while using SSL configuration for endpoint 0.0.0.0:443. The error
status code is contained within the returned data". was no longer
filling the Event Logs. I also went back into NLB Manager and
started the problematic CAS again, to test thoroughly I open Internet Explorer
and browsed to OWA and checked the Certificates status.
