[isapros] Re: RPC over Http

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Mon, 7 May 2007 09:44:27 -0700

Tom's right; never use the IE mechanism - it always uses the current
user store and often buggers the process.

Want another hint?
*always*, but *FREAKIN' ALWAYS* place the trust certs in the local
machine personal store.
Why, you ask?
Go ahead - ask.
Seriously; I won't bit (hard) unless you want me to...
Really...
Ok, ok...

When CAPI goes a-hunting for trust certs, it will use the following
search logic:
1. "Current User" (user account, network_service, localsystem, etc.)
store associated with the thread making the request.
2. "Local Machine" store

If you always place them in the local system store, you only have one
place to seek them out.

..just a thought...

JimmyJoeBobAlooba


-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Monday, May 07, 2007 9:42 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: RPC over Http

Use the MMC and put the certificates in the right places. In this case,
put it in the machine store and in the Trusted Root Cert authorities.

HTH,
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
> Sent: Monday, May 07, 2007 11:34 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC over Http
> 
> IT's a self-signed certificate generated by SBS. In IE7 you 
> have to jump
> through some hoops to install one. Click on the Certificate Error next
> to the address bar. View cert. Click install. Click yes, I want to
> install it anyway. Normally the cert is then installed 
> correctly. In the
> case of these laptops, you still see the cert error near the address
> bar. If you select more information, it pops up a box that 
> says there is
> an address mismatch. I would believe it except I have this same cert,
> following the same procedure installed on my laptop. 
> 
> Just had a thought. Could this be a admin rights issue? Hmmm
> 
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Monday, May 07, 2007 11:39 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC over Http
> 
> What he said, plus can you elaborate on "..address mismatch error when
> they attempt to install the certificate.."?
> This sounds more like a connection, not an installation error?
> 
> 
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Monday, May 07, 2007 7:58 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: RPC over Http
> 
> Hi Amy,
>  
> Are you installing the certificates via the MMC and into the machine
> certificate store?
>  
> Also, make sure the CA certificate is installed in the Trusted Root
> Certification Authorities.
>  
> Tom
>  
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/> 
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
> MVP -- Microsoft Firewalls (ISA)
> 
>  
> 
> 
> ________________________________
> 
>       From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
>       Sent: Monday, May 07, 2007 9:26 AM
>       To: isapros@xxxxxxxxxxxxx
>       Subject: [isapros] RPC over Http
>       
>       
> 
>       I'm having an issue with a client's laptops. We're setting up
> RPC over HTTP so I need to install the certificate on the laptops. The
> cert installs fine onto my Vista IE7 laptop but does not install on
> their XP IE7 laptops. They are getting an address mismatch error when
> they attempt to install the certificate. Since they same certificate
> installed without error for me, I'm not sure where to look for the
> problem. It seems like it has to be something on the laptop 
> rather than
> an issue with the cert. I have looked for old certificates on the
> laptops. Didn't see any. Any other ideas on where or what I 
> should look
> for?
> 
>        
> 
>       Thanks,
> 
>        
> 
>       Amy
> 
> 
>       ExchangeDefender Message Security: Check Authenticity
> <http://www.exchangedefender.com/verify.asp?id=l47EIfqU012225&;
> from=amy@h
> arborcomputerservices.net>  
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> 
> --
> ExchangeDefender Message Security: Click below to verify authenticity
> http://www.exchangedefender.com/verify.asp?id=l47GQHsb014426&f
rom=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> 
> 
> 
> 


All mail to and from this domain is GFI-scanned.

• Follow-Ups:
  • [isapros] Re: RPC over Http
    • From: Amy Babinchak

• References:
  • [isapros] Re: RPC over Http
    • From: Thomas W Shinder

Other related posts:

• » [isapros] RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http
• » [isapros] Re: RPC over Http

1. Home
2. isapros
3. Archive
4. 05-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---