Guest Aaron Posted July 10, 2007 Posted July 10, 2007 Hello, I have setup a Web Publishing Rule in ISA Server 2004 and seem to be experiencing a problem when attempting to connect from outside the network. The exact error, "Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)." The rule has a path that accesses a virtual directory for IIS and uses SSL. Within the network everything seems to be working properly. Based on some troubleshooting, I believe the problem may have to do with the certificates. When I go to the Bridging tab under the Properties for the Rule there is a check box that indicates, "Use a certificate to authenticate to the SSL Web server." When I click Select to find the appropriate certificate I receive the error, "There are no certificates configured on this server." It seems that while the certificate is installed locally as a personal certificate it is not setup in the system store which would be why ISA Server is unable to see the certificate. I've done some research but have not found the method of installing the certificate so that ISA can recognize it. Does anyone how to do this properly? I am assuming that this is the root cause of my problem but if I have gone astray I would appreciate any advice. Thank you, Aaron
Guest Graham Posted July 10, 2007 Posted July 10, 2007 RE: ISA Server 2004 - Web Publishing Problem I had a similar problem with a publishing rule. In order to get the certificate into the "system" store rather than the personal one I had to open up a blank MMC, (start> run >mmc) add the certificates MSC file and then "import" the certificate. I seem to remember backing up the original cert to a PFX file somewhere along the line as well - possibly before the import. "Aaron" wrote: > Hello, > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be > experiencing a problem when attempting to connect from outside the > network. The exact error, "Error Code: 500 Internal Server Error. The > target principal name is incorrect. (-2146893022)." The rule has a > path that accesses a virtual directory for IIS and uses SSL. Within > the network everything seems to be working properly. > > Based on some troubleshooting, I believe the problem may have to do > with the certificates. When I go to the Bridging tab under the > Properties for the Rule there is a check box that indicates, "Use a > certificate to authenticate to the SSL Web server." When I click > Select to find the appropriate certificate I receive the error, "There > are no certificates configured on this server." > > It seems that while the certificate is installed locally as a personal > certificate it is not setup in the system store which would be why ISA > Server is unable to see the certificate. I've done some research but > have not found the method of installing the certificate so that ISA > can recognize it. Does anyone how to do this properly? I am assuming > that this is the root cause of my problem but if I have gone astray I > would appreciate any advice. > > Thank you, > Aaron > >
Guest Aaron Posted July 10, 2007 Posted July 10, 2007 Re: ISA Server 2004 - Web Publishing Problem On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote: > I had a similar problem with a publishing rule. > In order to get the certificate into the "system" store rather than the > personal one I had to open up a blank MMC, (start> run >mmc) add the > certificates MSC file and then "import" the certificate. > I seem to remember backing up the original cert to a PFX file somewhere > along the line as well - possibly before the import. > > > > "Aaron" wrote: > > Hello, > > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be > > experiencing a problem when attempting to connect from outside the > > network. The exact error, "Error Code: 500 Internal Server Error. The > > target principal name is incorrect. (-2146893022)." The rule has a > > path that accesses a virtual directory for IIS and uses SSL. Within > > the network everything seems to be working properly. > > > Based on some troubleshooting, I believe the problem may have to do > > with the certificates. When I go to the Bridging tab under the > > Properties for the Rule there is a check box that indicates, "Use a > > certificate to authenticate to the SSL Web server." When I click > > Select to find the appropriate certificate I receive the error, "There > > are no certificates configured on this server." > > > It seems that while the certificate is installed locally as a personal > > certificate it is not setup in the system store which would be why ISA > > Server is unable to see the certificate. I've done some research but > > have not found the method of installing the certificate so that ISA > > can recognize it. Does anyone how to do this properly? I am assuming > > that this is the root cause of my problem but if I have gone astray I > > would appreciate any advice. > > > Thank you, > > Aaron- Hide quoted text - > > - Show quoted text - When adding the snap-in for Certificates I chose the Computer Account? However, which area should I import the certificate into? Under certificates, I see "Personal, Trusted Root Certification, Enterprise Trust, etc." The certificate I need is in the Personal directory, but I need to know where this should go in order to be part of the "system" store. Thanks, Aaron
Guest Graham Posted July 10, 2007 Posted July 10, 2007 Re: ISA Server 2004 - Web Publishing Problem I've just had a look, on My ISA2004 server I have it in the Personal certificates and the trusted root certification authorites as well. "Aaron" wrote: > On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote: > > I had a similar problem with a publishing rule. > > In order to get the certificate into the "system" store rather than the > > personal one I had to open up a blank MMC, (start> run >mmc) add the > > certificates MSC file and then "import" the certificate. > > I seem to remember backing up the original cert to a PFX file somewhere > > along the line as well - possibly before the import. > > > > > > > > "Aaron" wrote: > > > Hello, > > > > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be > > > experiencing a problem when attempting to connect from outside the > > > network. The exact error, "Error Code: 500 Internal Server Error. The > > > target principal name is incorrect. (-2146893022)." The rule has a > > > path that accesses a virtual directory for IIS and uses SSL. Within > > > the network everything seems to be working properly. > > > > > Based on some troubleshooting, I believe the problem may have to do > > > with the certificates. When I go to the Bridging tab under the > > > Properties for the Rule there is a check box that indicates, "Use a > > > certificate to authenticate to the SSL Web server." When I click > > > Select to find the appropriate certificate I receive the error, "There > > > are no certificates configured on this server." > > > > > It seems that while the certificate is installed locally as a personal > > > certificate it is not setup in the system store which would be why ISA > > > Server is unable to see the certificate. I've done some research but > > > have not found the method of installing the certificate so that ISA > > > can recognize it. Does anyone how to do this properly? I am assuming > > > that this is the root cause of my problem but if I have gone astray I > > > would appreciate any advice. > > > > > Thank you, > > > Aaron- Hide quoted text - > > > > - Show quoted text - > > > When adding the snap-in for Certificates I chose the Computer Account? > However, which area should I import the certificate into? Under > certificates, I see "Personal, Trusted Root Certification, Enterprise > Trust, etc." The certificate I need is in the Personal directory, but > I need to know where this should go in order to be part of the > "system" store. > > Thanks, > Aaron > >
Guest Aaron Posted July 10, 2007 Posted July 10, 2007 Re: ISA Server 2004 - Web Publishing Problem On Jul 10, 8:34 am, Graham <Gra...@discussions.microsoft.com> wrote: > I've just had a look, on My ISA2004 server I have it in the Personal > certificates and the trusted root certification authorites as well. > > > > "Aaron" wrote: > > On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote: > > > I had a similar problem with a publishing rule. > > > In order to get the certificate into the "system" store rather than the > > > personal one I had to open up a blank MMC, (start> run >mmc) add the > > > certificates MSC file and then "import" the certificate. > > > I seem to remember backing up the original cert to a PFX file somewhere > > > along the line as well - possibly before the import. > > > > "Aaron" wrote: > > > > Hello, > > > > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be > > > > experiencing a problem when attempting to connect from outside the > > > > network. The exact error, "Error Code: 500 Internal Server Error. The > > > > target principal name is incorrect. (-2146893022)." The rule has a > > > > path that accesses a virtual directory for IIS and uses SSL. Within > > > > the network everything seems to be working properly. > > > > > Based on some troubleshooting, I believe the problem may have to do > > > > with the certificates. When I go to the Bridging tab under the > > > > Properties for the Rule there is a check box that indicates, "Use a > > > > certificate to authenticate to the SSL Web server." When I click > > > > Select to find the appropriate certificate I receive the error, "There > > > > are no certificates configured on this server." > > > > > It seems that while the certificate is installed locally as a personal > > > > certificate it is not setup in the system store which would be why ISA > > > > Server is unable to see the certificate. I've done some research but > > > > have not found the method of installing the certificate so that ISA > > > > can recognize it. Does anyone how to do this properly? I am assuming > > > > that this is the root cause of my problem but if I have gone astray I > > > > would appreciate any advice. > > > > > Thank you, > > > > Aaron- Hide quoted text - > > > > - Show quoted text - > > > When adding the snap-in for Certificates I chose the Computer Account? > > However, which area should I import the certificate into? Under > > certificates, I see "Personal, Trusted Root Certification, Enterprise > > Trust, etc." The certificate I need is in the Personal directory, but > > I need to know where this should go in order to be part of the > > "system" store. > > > Thanks, > > Aaron- Hide quoted text - > > - Show quoted text - When I select Computer Account then Local Computer, there is nothing listed under Certificates with regard to ISA Server. Does anyone know where I need to go in order to install the certificate so that ISA can have access to it? Thanks, Aaron
Recommended Posts