Posts Tagged ‘FQDN’

Joining domain fails when domain suffix isn’t supplied

So I’ve got my own Active Directory server at home w/ multiple network segments. On one of these network segments, I’ve got a Win2008R2 server w/ a static IP address that needs to join the domain but isn’t on the same network segment as the AD server. When I attempt to join the domain I get the following error message.

Once I get the error message and do a reboot I’ve joined the domain w/ no perceivable errors except the one shown above. I can log into the server w/o any issues using domain user accounts and everything appears fine. Obviously not satisfied w/ this conclusion I start doing some searches and remove the server from the domain to see if I can repeat the above error message.

Finally after searching for an hour I stumble upon a similar domain joining error on Lumbgaps blog and add a domain suffix to my server via the advanced settings on my network card. Once joined, I remove the domain suffix w/o any issues. Seems the server was having a domain searching issue and wasn’t appending the right FQDN on the end of whatever it was doing. This fixed it.

Link to Lumbgaps blog:
http://lumbgaps.blogspot.com/2010/03/changing-primary-domain-dns-name-of.html

Adding multiple SSL sites to IIS 6.0

 

So, for some time now I’ve worked w/ HTTPS and SSL and have had no real issues. Today however, I finally got a chance to put multiple SSL sites on one IIS 6.0 server which wasn’t very intuitive. HTTPS is funny in that the host header data that a web server needs to have access to is encrypted and can’t be used until it’s decrypted. Course for it to decrypt the packet, it must know which certificate to use and very quickly we’ve got a circular issue. Long story short, web servers CAN host multiple SSL websites so long as the sites are variations of  <something>.example.com and you use an apporpriate wild card certificate that will cover all the different sites on your HTTPS web server (such as an SSL certificate issued to *.example.com to cover all of the variations of <something>.example.com.) Ya, I know, confusing.

So while I was applying my craft to a Windows Server 2003 R2 box running IIS 6.0 I quickly encountered an error when I tried to put another website on port 443. Error was, “Cannot register the URL prefix https://*:443/ for site ‘<your site identifier here>’. The necessary network binding may already be in use. The site has been deactivated.” I believe it was event ID 1007 in the event viewer system logs. God I love logs 🙂

Quick search on Google reveals you’ve got to go command-line for this one by executing cscript.exe like so:

cd C:\Inetpub\AdminScripts
cscript.exe adsutil.vbs set /w3svc/Identifier/SecureBindings ":443:host header"

.
.
.
.

You can find your site identifier inside of IIS for the site you’re trying to attach on port 443 and just use your site’s FQDN for the host header field.

See this link for a more thorough walk thru:
http://www.digicert.com/ssl-support/configure-iis-host-headers.htm

Return top
 
Icons made by Freepik from www.flaticon.com is licensed by CC BY 3.0