ISA Server 2004 - Web Publishing Problem

  • Thread starter Thread starter Aaron
  • Start date Start date
A

Aaron

Hello,

I have setup a Web Publishing Rule in ISA Server 2004 and seem to be
experiencing a problem when attempting to connect from outside the
network. The exact error, "Error Code: 500 Internal Server Error. The
target principal name is incorrect. (-2146893022)." The rule has a
path that accesses a virtual directory for IIS and uses SSL. Within
the network everything seems to be working properly.

Based on some troubleshooting, I believe the problem may have to do
with the certificates. When I go to the Bridging tab under the
Properties for the Rule there is a check box that indicates, "Use a
certificate to authenticate to the SSL Web server." When I click
Select to find the appropriate certificate I receive the error, "There
are no certificates configured on this server."

It seems that while the certificate is installed locally as a personal
certificate it is not setup in the system store which would be why ISA
Server is unable to see the certificate. I've done some research but
have not found the method of installing the certificate so that ISA
can recognize it. Does anyone how to do this properly? I am assuming
that this is the root cause of my problem but if I have gone astray I
would appreciate any advice.

Thank you,
Aaron
 
I had a similar problem with a publishing rule.
In order to get the certificate into the "system" store rather than the
personal one I had to open up a blank MMC, (start> run >mmc) add the
certificates MSC file and then "import" the certificate.
I seem to remember backing up the original cert to a PFX file somewhere
along the line as well - possibly before the import.



"Aaron" wrote:

> Hello,
>
> I have setup a Web Publishing Rule in ISA Server 2004 and seem to be
> experiencing a problem when attempting to connect from outside the
> network. The exact error, "Error Code: 500 Internal Server Error. The
> target principal name is incorrect. (-2146893022)." The rule has a
> path that accesses a virtual directory for IIS and uses SSL. Within
> the network everything seems to be working properly.
>
> Based on some troubleshooting, I believe the problem may have to do
> with the certificates. When I go to the Bridging tab under the
> Properties for the Rule there is a check box that indicates, "Use a
> certificate to authenticate to the SSL Web server." When I click
> Select to find the appropriate certificate I receive the error, "There
> are no certificates configured on this server."
>
> It seems that while the certificate is installed locally as a personal
> certificate it is not setup in the system store which would be why ISA
> Server is unable to see the certificate. I've done some research but
> have not found the method of installing the certificate so that ISA
> can recognize it. Does anyone how to do this properly? I am assuming
> that this is the root cause of my problem but if I have gone astray I
> would appreciate any advice.
>
> Thank you,
> Aaron
>
>
 
On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote:
> I had a similar problem with a publishing rule.
> In order to get the certificate into the "system" store rather than the
> personal one I had to open up a blank MMC, (start> run >mmc) add the
> certificates MSC file and then "import" the certificate.
> I seem to remember backing up the original cert to a PFX file somewhere
> along the line as well - possibly before the import.
>
>
>
> "Aaron" wrote:
> > Hello,
>
> > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be
> > experiencing a problem when attempting to connect from outside the
> > network. The exact error, "Error Code: 500 Internal Server Error. The
> > target principal name is incorrect. (-2146893022)." The rule has a
> > path that accesses a virtual directory for IIS and uses SSL. Within
> > the network everything seems to be working properly.
>
> > Based on some troubleshooting, I believe the problem may have to do
> > with the certificates. When I go to the Bridging tab under the
> > Properties for the Rule there is a check box that indicates, "Use a
> > certificate to authenticate to the SSL Web server." When I click
> > Select to find the appropriate certificate I receive the error, "There
> > are no certificates configured on this server."
>
> > It seems that while the certificate is installed locally as a personal
> > certificate it is not setup in the system store which would be why ISA
> > Server is unable to see the certificate. I've done some research but
> > have not found the method of installing the certificate so that ISA
> > can recognize it. Does anyone how to do this properly? I am assuming
> > that this is the root cause of my problem but if I have gone astray I
> > would appreciate any advice.
>
> > Thank you,
> > Aaron- Hide quoted text -
>
> - Show quoted text -


When adding the snap-in for Certificates I chose the Computer Account?
However, which area should I import the certificate into? Under
certificates, I see "Personal, Trusted Root Certification, Enterprise
Trust, etc." The certificate I need is in the Personal directory, but
I need to know where this should go in order to be part of the
"system" store.

Thanks,
Aaron
 
I've just had a look, on My ISA2004 server I have it in the Personal
certificates and the trusted root certification authorites as well.

"Aaron" wrote:

> On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote:
> > I had a similar problem with a publishing rule.
> > In order to get the certificate into the "system" store rather than the
> > personal one I had to open up a blank MMC, (start> run >mmc) add the
> > certificates MSC file and then "import" the certificate.
> > I seem to remember backing up the original cert to a PFX file somewhere
> > along the line as well - possibly before the import.
> >
> >
> >
> > "Aaron" wrote:
> > > Hello,
> >
> > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be
> > > experiencing a problem when attempting to connect from outside the
> > > network. The exact error, "Error Code: 500 Internal Server Error. The
> > > target principal name is incorrect. (-2146893022)." The rule has a
> > > path that accesses a virtual directory for IIS and uses SSL. Within
> > > the network everything seems to be working properly.
> >
> > > Based on some troubleshooting, I believe the problem may have to do
> > > with the certificates. When I go to the Bridging tab under the
> > > Properties for the Rule there is a check box that indicates, "Use a
> > > certificate to authenticate to the SSL Web server." When I click
> > > Select to find the appropriate certificate I receive the error, "There
> > > are no certificates configured on this server."
> >
> > > It seems that while the certificate is installed locally as a personal
> > > certificate it is not setup in the system store which would be why ISA
> > > Server is unable to see the certificate. I've done some research but
> > > have not found the method of installing the certificate so that ISA
> > > can recognize it. Does anyone how to do this properly? I am assuming
> > > that this is the root cause of my problem but if I have gone astray I
> > > would appreciate any advice.
> >
> > > Thank you,
> > > Aaron- Hide quoted text -
> >
> > - Show quoted text -
>
>
> When adding the snap-in for Certificates I chose the Computer Account?
> However, which area should I import the certificate into? Under
> certificates, I see "Personal, Trusted Root Certification, Enterprise
> Trust, etc." The certificate I need is in the Personal directory, but
> I need to know where this should go in order to be part of the
> "system" store.
>
> Thanks,
> Aaron
>
>
 
On Jul 10, 8:34 am, Graham <Gra...@discussions.microsoft.com> wrote:
> I've just had a look, on My ISA2004 server I have it in the Personal
> certificates and the trusted root certification authorites as well.
>
>
>
> "Aaron" wrote:
> > On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote:
> > > I had a similar problem with a publishing rule.
> > > In order to get the certificate into the "system" store rather than the
> > > personal one I had to open up a blank MMC, (start> run >mmc) add the
> > > certificates MSC file and then "import" the certificate.
> > > I seem to remember backing up the original cert to a PFX file somewhere
> > > along the line as well - possibly before the import.
>
> > > "Aaron" wrote:
> > > > Hello,
>
> > > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be
> > > > experiencing a problem when attempting to connect from outside the
> > > > network. The exact error, "Error Code: 500 Internal Server Error. The
> > > > target principal name is incorrect. (-2146893022)." The rule has a
> > > > path that accesses a virtual directory for IIS and uses SSL. Within
> > > > the network everything seems to be working properly.
>
> > > > Based on some troubleshooting, I believe the problem may have to do
> > > > with the certificates. When I go to the Bridging tab under the
> > > > Properties for the Rule there is a check box that indicates, "Use a
> > > > certificate to authenticate to the SSL Web server." When I click
> > > > Select to find the appropriate certificate I receive the error, "There
> > > > are no certificates configured on this server."
>
> > > > It seems that while the certificate is installed locally as a personal
> > > > certificate it is not setup in the system store which would be why ISA
> > > > Server is unable to see the certificate. I've done some research but
> > > > have not found the method of installing the certificate so that ISA
> > > > can recognize it. Does anyone how to do this properly? I am assuming
> > > > that this is the root cause of my problem but if I have gone astray I
> > > > would appreciate any advice.
>
> > > > Thank you,
> > > > Aaron- Hide quoted text -
>
> > > - Show quoted text -
>
> > When adding the snap-in for Certificates I chose the Computer Account?
> > However, which area should I import the certificate into? Under
> > certificates, I see "Personal, Trusted Root Certification, Enterprise
> > Trust, etc." The certificate I need is in the Personal directory, but
> > I need to know where this should go in order to be part of the
> > "system" store.
>
> > Thanks,
> > Aaron- Hide quoted text -
>
> - Show quoted text -


When I select Computer Account then Local Computer, there is nothing
listed under Certificates with regard to ISA Server. Does anyone know
where I need to go in order to install the certificate so that ISA can
have access to it?

Thanks,
Aaron
 
Back
Top