ISA Server 2004 - Web Publishing Problem

[Guest Aaron]

Hello,

 

I have setup a Web Publishing Rule in ISA Server 2004 and seem to be

experiencing a problem when attempting to connect from outside the

network. The exact error, "Error Code: 500 Internal Server Error. The

target principal name is incorrect. (-2146893022)." The rule has a

path that accesses a virtual directory for IIS and uses SSL. Within

the network everything seems to be working properly.

 

Based on some troubleshooting, I believe the problem may have to do

with the certificates. When I go to the Bridging tab under the

Properties for the Rule there is a check box that indicates, "Use a

certificate to authenticate to the SSL Web server." When I click

Select to find the appropriate certificate I receive the error, "There

are no certificates configured on this server."

 

It seems that while the certificate is installed locally as a personal

certificate it is not setup in the system store which would be why ISA

Server is unable to see the certificate. I've done some research but

have not found the method of installing the certificate so that ISA

can recognize it. Does anyone how to do this properly? I am assuming

that this is the root cause of my problem but if I have gone astray I

would appreciate any advice.

 

Thank you,

Aaron

[Guest Graham]

RE: ISA Server 2004 - Web Publishing Problem

 

I had a similar problem with a publishing rule.

In order to get the certificate into the "system" store rather than the

personal one I had to open up a blank MMC, (start> run >mmc) add the

certificates MSC file and then "import" the certificate.

I seem to remember backing up the original cert to a PFX file somewhere

along the line as well - possibly before the import.

 

 

 

"Aaron" wrote:

> Hello,

>

> I have setup a Web Publishing Rule in ISA Server 2004 and seem to be

> experiencing a problem when attempting to connect from outside the

> network. The exact error, "Error Code: 500 Internal Server Error. The

> target principal name is incorrect. (-2146893022)." The rule has a

> path that accesses a virtual directory for IIS and uses SSL. Within

> the network everything seems to be working properly.

>

> Based on some troubleshooting, I believe the problem may have to do

> with the certificates. When I go to the Bridging tab under the

> Properties for the Rule there is a check box that indicates, "Use a

> certificate to authenticate to the SSL Web server." When I click

> Select to find the appropriate certificate I receive the error, "There

> are no certificates configured on this server."

>

> It seems that while the certificate is installed locally as a personal

> certificate it is not setup in the system store which would be why ISA

> Server is unable to see the certificate. I've done some research but

> have not found the method of installing the certificate so that ISA

> can recognize it. Does anyone how to do this properly? I am assuming

> that this is the root cause of my problem but if I have gone astray I

> would appreciate any advice.

>

> Thank you,

> Aaron

>

>

[Guest Aaron]

Re: ISA Server 2004 - Web Publishing Problem

 

On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote:

> I had a similar problem with a publishing rule.

> In order to get the certificate into the "system" store rather than the

> personal one I had to open up a blank MMC, (start> run >mmc) add the

> certificates MSC file and then "import" the certificate.

> I seem to remember backing up the original cert to a PFX file somewhere

> along the line as well - possibly before the import.

>

>

>

> "Aaron" wrote:

> > Hello,

>

> > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be

> > experiencing a problem when attempting to connect from outside the

> > network. The exact error, "Error Code: 500 Internal Server Error. The

> > target principal name is incorrect. (-2146893022)." The rule has a

> > path that accesses a virtual directory for IIS and uses SSL. Within

> > the network everything seems to be working properly.

>

> > Based on some troubleshooting, I believe the problem may have to do

> > with the certificates. When I go to the Bridging tab under the

> > Properties for the Rule there is a check box that indicates, "Use a

> > certificate to authenticate to the SSL Web server." When I click

> > Select to find the appropriate certificate I receive the error, "There

> > are no certificates configured on this server."

>

> > It seems that while the certificate is installed locally as a personal

> > certificate it is not setup in the system store which would be why ISA

> > Server is unable to see the certificate. I've done some research but

> > have not found the method of installing the certificate so that ISA

> > can recognize it. Does anyone how to do this properly? I am assuming

> > that this is the root cause of my problem but if I have gone astray I

> > would appreciate any advice.

>

> > Thank you,

> > Aaron- Hide quoted text -

>

> - Show quoted text -

 

 

When adding the snap-in for Certificates I chose the Computer Account?

However, which area should I import the certificate into? Under

certificates, I see "Personal, Trusted Root Certification, Enterprise

Trust, etc." The certificate I need is in the Personal directory, but

I need to know where this should go in order to be part of the

"system" store.

 

Thanks,

Aaron

[Guest Graham]

Re: ISA Server 2004 - Web Publishing Problem

 

I've just had a look, on My ISA2004 server I have it in the Personal

certificates and the trusted root certification authorites as well.

 

"Aaron" wrote:

> On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote:

> > I had a similar problem with a publishing rule.

> > In order to get the certificate into the "system" store rather than the

> > personal one I had to open up a blank MMC, (start> run >mmc) add the

> > certificates MSC file and then "import" the certificate.

> > I seem to remember backing up the original cert to a PFX file somewhere

> > along the line as well - possibly before the import.

> >

> >

> >

> > "Aaron" wrote:

> > > Hello,

> >

> > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be

> > > experiencing a problem when attempting to connect from outside the

> > > network. The exact error, "Error Code: 500 Internal Server Error. The

> > > target principal name is incorrect. (-2146893022)." The rule has a

> > > path that accesses a virtual directory for IIS and uses SSL. Within

> > > the network everything seems to be working properly.

> >

> > > Based on some troubleshooting, I believe the problem may have to do

> > > with the certificates. When I go to the Bridging tab under the

> > > Properties for the Rule there is a check box that indicates, "Use a

> > > certificate to authenticate to the SSL Web server." When I click

> > > Select to find the appropriate certificate I receive the error, "There

> > > are no certificates configured on this server."

> >

> > > It seems that while the certificate is installed locally as a personal

> > > certificate it is not setup in the system store which would be why ISA

> > > Server is unable to see the certificate. I've done some research but

> > > have not found the method of installing the certificate so that ISA

> > > can recognize it. Does anyone how to do this properly? I am assuming

> > > that this is the root cause of my problem but if I have gone astray I

> > > would appreciate any advice.

> >

> > > Thank you,

> > > Aaron- Hide quoted text -

> >

> > - Show quoted text -

>

>

> When adding the snap-in for Certificates I chose the Computer Account?

> However, which area should I import the certificate into? Under

> certificates, I see "Personal, Trusted Root Certification, Enterprise

> Trust, etc." The certificate I need is in the Personal directory, but

> I need to know where this should go in order to be part of the

> "system" store.

>

> Thanks,

> Aaron

>

>

[Guest Aaron]

Re: ISA Server 2004 - Web Publishing Problem

 

On Jul 10, 8:34 am, Graham <Gra...@discussions.microsoft.com> wrote:

> I've just had a look, on My ISA2004 server I have it in the Personal

> certificates and the trusted root certification authorites as well.

>

>

>

> "Aaron" wrote:

> > On Jul 10, 7:20 am, Graham <Gra...@discussions.microsoft.com> wrote:

> > > I had a similar problem with a publishing rule.

> > > In order to get the certificate into the "system" store rather than the

> > > personal one I had to open up a blank MMC, (start> run >mmc) add the

> > > certificates MSC file and then "import" the certificate.

> > > I seem to remember backing up the original cert to a PFX file somewhere

> > > along the line as well - possibly before the import.

>

> > > "Aaron" wrote:

> > > > Hello,

>

> > > > I have setup a Web Publishing Rule in ISA Server 2004 and seem to be

> > > > experiencing a problem when attempting to connect from outside the

> > > > network. The exact error, "Error Code: 500 Internal Server Error. The

> > > > target principal name is incorrect. (-2146893022)." The rule has a

> > > > path that accesses a virtual directory for IIS and uses SSL. Within

> > > > the network everything seems to be working properly.

>

> > > > Based on some troubleshooting, I believe the problem may have to do

> > > > with the certificates. When I go to the Bridging tab under the

> > > > Properties for the Rule there is a check box that indicates, "Use a

> > > > certificate to authenticate to the SSL Web server." When I click

> > > > Select to find the appropriate certificate I receive the error, "There

> > > > are no certificates configured on this server."

>

> > > > It seems that while the certificate is installed locally as a personal

> > > > certificate it is not setup in the system store which would be why ISA

> > > > Server is unable to see the certificate. I've done some research but

> > > > have not found the method of installing the certificate so that ISA

> > > > can recognize it. Does anyone how to do this properly? I am assuming

> > > > that this is the root cause of my problem but if I have gone astray I

> > > > would appreciate any advice.

>

> > > > Thank you,

> > > > Aaron- Hide quoted text -

>

> > > - Show quoted text -

>

> > When adding the snap-in for Certificates I chose the Computer Account?

> > However, which area should I import the certificate into? Under

> > certificates, I see "Personal, Trusted Root Certification, Enterprise

> > Trust, etc." The certificate I need is in the Personal directory, but

> > I need to know where this should go in order to be part of the

> > "system" store.

>

> > Thanks,

> > Aaron- Hide quoted text -

>

> - Show quoted text -

 

 

When I select Computer Account then Local Computer, there is nothing

listed under Certificates with regard to ISA Server. Does anyone know

where I need to go in order to install the certificate so that ISA can

have access to it?

 

Thanks,

Aaron