Microsoft Tech Support (Don't Panic)

I’m trying not to. I know not to. I’ve been here before.

Warning: High Geekery Ahead

Problem: My Exchange Server is in fits because I tried to give the local MySQL install (which I just completed) access through the local firewall. To do this, according to Microsoft Small Business Server 2003, was to run the “Connect to the Internet Wizard” which allowed me to specify firewall access (none, it’s an internal machine), did I want to configure my router (no), and did I want to install a root certificate.

The “root certificate” is the crux of this problem. For those who aren’t 100% sure what they are (and sometimes even I wonder), I know as much about them as necessary:

– Root Certificates allow SSL to work. This means secure web transactions (such as credit card transactions), hinge on these certificates.

– Root Certificates are sort of “pedigrees” for websites to ensure they are who they say they are.

– They’re used mainly for online transactions, where that sort of behavior is expected, but also internally for secure internal network transactions.

For some reason, this root certificate installation caused my Mac clients to stop being able to connect to the server. It said that “192.x.x.x wasn’t trusted”, where 192.x.x.x was the Exchange server name.

So I did what any sensible admin would do: I trusted the certificate and installed it on the machine. If I had to install the *.cer file on each macintosh, I could live with that. I just wanted the damn thing to work. Suddenly it dawned on me that if this machine wasn’t working, then every mac in the place can’t connect. Ugh.

Aha! Let’s do this: Let’s just delete the certificate from the server. Logical, right? Certificate is the problem, delete it. No harm, no foul.

So in I went into the Local Computer Certificates snap-in, deleted the certificate(s) in question (it creates copies in multiple folders) and tried again.

Now I got a whole new error when trying to create an exchange account on Microsoft Entourage: “End of file has been reached (-39)”. This is, basically, really really bad. This means something may be corrupted. Or the the Entourage client is expecting a response that “doesn’t finish”, hence the end of file note.

This is the part where Evan called Microsoft Support so he doesn’t dig a hole deeper than the one he’s already in. 

Currently I’m on hold, listening to “A Groovy Kind of Love” by Phil Collins.

Later…

The guy on the other end, Raj (wonder what country he’s from, eh?), asked me a bunch of questions.

Of course the first thing he suggests is that I had corrupted my entire Exchange database. Nice try, Mr. Tech Support! My XP/2000 clients were working fine.

Then tells me he’s going to send me to Entourage support.

At this point I get angry. I’m not having an Entourage problem, I’m having an Exchange Server problem. Granted, only Entourage users are having the problem.

“They can address both issues, sir,” Raj tells me in a thick accent.

“Okay,” I mutter, and get off the phone.

Later…

The Entourage guys called at some point, but I missed the call and in the meantime I figured out the problem: The SSL on the box is now screwed. I can’t figure out how to “unscrew it”.

What I can do, however, is remove the SSL requirements from the Exchange Virtual Directories of the websites (toldja we’re in Deep Geek here) and they worked fine.

If some poor admin ever finds this in Google, this is how I fixed the problem, at least how I ‘hacked’ it into working:

– Do the Right-Click-Properties thing on the Exchange Virtual Directory (there are multiple: exadmin, Exchange, Public, exchange-oma, ExchWeb, etc)

– Go to the Security Tab

– Click on the Edit button under Secure Communications

– UNCHECK the option “Require secure channel (SSL)”

I found this fix by accident when I suddenly couldn’t browse Public Folders in my Exchange System Manager.

When you do this enough (ie, you find and change all of the appropriate directories), then Microsoft Small Business Server 2003 makes nice with those pesky Entourage clients and everything is lovely again.

At least until I can figure out how to uninstall those damn certificates. An email has been sent to the person assigned to my trouble ticket at Microsoft. Fingers crossed.

I could rant about how the India-based help desk was woefully underwhelming, but I’ll spare you those words.

And since there's no one else around, we let our hair grow long
and forget all we used to know.