jackee99
asked on
Error Code: 500 Internal Server Error. The target principal name is incorrect
After moving (i.e., an actual physical move to a brand new building) the Windows SBS server from one location to another, accessing OWA or Remote no longer work. Now this used to work (for several months). When I moved the SBS server, the only two things I changed were the WAN IP address and the Gateway address in the SonicWall (which is the external firewall we are also using with ISA 2004) because we rec’d new addresses. (BACKGROUND information on setup: using a Netopia router which the Sonicwall is connected to and have an SBS server (with the Blackberry server installed on it - but that is not causing this problem because it was working prior).
As mentioned, this used to work for several months so what would cause this “now” to not work? Creating the certificates and creating the publishing rules were actually done by someone else so I do not know how he did a lot of things. However, I have tried several things. In another forum someone suggested I re-run CEICW and I did but it still does not work. Could the certificate be looking for the old ip addresses? Can a certificate be modified? How do I delete the old certificate(s)? Do I have re-create it and if so, how?? I have checked the publishing rules in ISA and all show that certificate that he created and I do not see where it is looking for the old "static" IP address (I changed the static IP address in the Sonicwall for the WAN IP address). There is also a hosts file on C:\ and in that file, it shows the server internal IP address which that did not change.
Also for the CEICW, it states “create a web server certificate named “ISAcert.cer” in \sbcert folder and to also create an additional web server certificate named “sbscert.cer” and install this certificate in IIS. How is all of this done?
Since I am not even close to being an expert here, there’s a lot I do not know how to do but can definitely follow detailed instructions. So if anyone can just tell me what I need to look for, how to create certificates (or use the snap-in?) and anything else, I would truly appreciate it! I have been working on this for over 2 months now and if I was not confused at the beginning, I am definitely confused now! I have read and printed out so much information off of the internet about the “500 error message”, “publishing rules”, etc., that I do not know where to start anymore. PLEASE help!!!!!
As mentioned, this used to work for several months so what would cause this “now” to not work? Creating the certificates and creating the publishing rules were actually done by someone else so I do not know how he did a lot of things. However, I have tried several things. In another forum someone suggested I re-run CEICW and I did but it still does not work. Could the certificate be looking for the old ip addresses? Can a certificate be modified? How do I delete the old certificate(s)? Do I have re-create it and if so, how?? I have checked the publishing rules in ISA and all show that certificate that he created and I do not see where it is looking for the old "static" IP address (I changed the static IP address in the Sonicwall for the WAN IP address). There is also a hosts file on C:\ and in that file, it shows the server internal IP address which that did not change.
Also for the CEICW, it states “create a web server certificate named “ISAcert.cer” in \sbcert folder and to also create an additional web server certificate named “sbscert.cer” and install this certificate in IIS. How is all of this done?
Since I am not even close to being an expert here, there’s a lot I do not know how to do but can definitely follow detailed instructions. So if anyone can just tell me what I need to look for, how to create certificates (or use the snap-in?) and anything else, I would truly appreciate it! I have been working on this for over 2 months now and if I was not confused at the beginning, I am definitely confused now! I have read and printed out so much information off of the internet about the “500 error message”, “publishing rules”, etc., that I do not know where to start anymore. PLEASE help!!!!!
ASKER
Hi,
For #2: for "www.dnsreport.com": everything passed except there was a FAIL for "Reverse DNS entries for MX records" and it shows "The problem MX records are: 7.149.178.205.in-addr.arpa ". What is this? I have never seen that address before.
I also ran "www.dnsstuff.com" and it shows the domain name, type of record and the ip address of my external firewall (Sonicwall). So this is good - right?
For #3: When I go the customer's site this weekend, I will try and connect internally to OWA. I think the last time I tried it, it worked. I also tried the "http://ipaddress/exchange" and that did not work.
I guess if I knew what changed or how something changed, then this probably would not be so difficult to figure out but I am clueless! If the only two things that changed was the IP address for the WAN for the Sonicwall and the Gateway for the Sonicwall, then why would this not work anymore? Now when we also moved, I got a new Netopia router from the ISP and I did have to go into it and put in the static ip address (which is the one in the Sonicwall). Could this be affecting it?
For #2: for "www.dnsreport.com": everything passed except there was a FAIL for "Reverse DNS entries for MX records" and it shows "The problem MX records are: 7.149.178.205.in-addr.arpa
I also ran "www.dnsstuff.com" and it shows the domain name, type of record and the ip address of my external firewall (Sonicwall). So this is good - right?
For #3: When I go the customer's site this weekend, I will try and connect internally to OWA. I think the last time I tried it, it worked. I also tried the "http://ipaddress/exchange" and that did not work.
I guess if I knew what changed or how something changed, then this probably would not be so difficult to figure out but I am clueless! If the only two things that changed was the IP address for the WAN for the Sonicwall and the Gateway for the Sonicwall, then why would this not work anymore? Now when we also moved, I got a new Netopia router from the ISP and I did have to go into it and put in the static ip address (which is the one in the Sonicwall). Could this be affecting it?
Things I can think of that may be it:
1. The WAN IP address was changed and the NATing rules / firewall rules weren't updated correctly.
2. The sonicwall cannot see the OWA server (can you test from the Sonicwall?)
3. Reverse DNS is handled by the ISP that owns 205.178.x.x, they should have a reverse entry for that "hostname" (usually dynamic).
4. In ISA check the "external web listener" address.
Are you double NATing?
In other words is the setup:
Internet IP >>> Sonicwall >>> DMZ addresses >>> External IP of ISA (like a 192 address)>>>> Internal network
or is it a single NAT:
Internet IP >>> Sonicwall >>> External IP of ISA (same subnet as your Internet IP) >>>> internal network
1. The WAN IP address was changed and the NATing rules / firewall rules weren't updated correctly.
2. The sonicwall cannot see the OWA server (can you test from the Sonicwall?)
3. Reverse DNS is handled by the ISP that owns 205.178.x.x, they should have a reverse entry for that "hostname" (usually dynamic).
4. In ISA check the "external web listener" address.
Are you double NATing?
In other words is the setup:
Internet IP >>> Sonicwall >>> DMZ addresses >>> External IP of ISA (like a 192 address)>>>> Internal network
or is it a single NAT:
Internet IP >>> Sonicwall >>> External IP of ISA (same subnet as your Internet IP) >>>> internal network
ASKER
Hi,
1. For #1 (the WAN IP address was changed and the NATing rules / firewall rules weren't updated correctly): then how do I fix it?
2. For #2 (The sonicwall cannot see the OWA server (can you test from the Sonicwall?) - How would I test from the Sonicwall?
3. For #3 (Reverse DNS is handled by the ISP that owns 205.178.x.x, they should have a reverse entry for that "hostname" (usually dynamic) - So I have to contact SBC?
4. For #4 (In ISA check the "external web listener" address) - will check again but do not know what I am looking for.
5. (Are you double NATing?) - what is this? Would the router (which is a Netopia router from the ISP - SBC) be affecting this? Maybe there's something in there that is set up which is causing this problem now whereas before when they had a different router (even though it was a Netopia provided by SBC, SBC set that one up so I do not know what he may have set in that one and maybe this one is set wrong?)
Even though I may know some things (I am more of a software/trainer type person than a true and blue network person) so I have no idea what to look for here? I know I have read about NAT but would have to go and check to see how it was set up.
I may have set up the SBS 2003 system but I did not do the certificate or the publishing rules. Those were done by someone else so I have no clue how he did this. I do not even know how the certificate got created or imported. I know you may not have a lot of time and are extremely busy, but can you give me the exact steps to create a certificate and then import? it into ISA?
Sorry to be so dense here and I really appreciate all of your help! I am going out to the customer site again tomorrow so hopefully I can resolve it but unfortunately I do not have faith in my ability for this! :(
Thx.
1. For #1 (the WAN IP address was changed and the NATing rules / firewall rules weren't updated correctly): then how do I fix it?
2. For #2 (The sonicwall cannot see the OWA server (can you test from the Sonicwall?) - How would I test from the Sonicwall?
3. For #3 (Reverse DNS is handled by the ISP that owns 205.178.x.x, they should have a reverse entry for that "hostname" (usually dynamic) - So I have to contact SBC?
4. For #4 (In ISA check the "external web listener" address) - will check again but do not know what I am looking for.
5. (Are you double NATing?) - what is this? Would the router (which is a Netopia router from the ISP - SBC) be affecting this? Maybe there's something in there that is set up which is causing this problem now whereas before when they had a different router (even though it was a Netopia provided by SBC, SBC set that one up so I do not know what he may have set in that one and maybe this one is set wrong?)
Even though I may know some things (I am more of a software/trainer type person than a true and blue network person) so I have no idea what to look for here? I know I have read about NAT but would have to go and check to see how it was set up.
I may have set up the SBS 2003 system but I did not do the certificate or the publishing rules. Those were done by someone else so I have no clue how he did this. I do not even know how the certificate got created or imported. I know you may not have a lot of time and are extremely busy, but can you give me the exact steps to create a certificate and then import? it into ISA?
Sorry to be so dense here and I really appreciate all of your help! I am going out to the customer site again tomorrow so hopefully I can resolve it but unfortunately I do not have faith in my ability for this! :(
Thx.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
2. Did someone update the external DNS records to point to the new WAN IP addresses you were assigned by the ISP? Go to www.dnsreport.com and run a report on your domain name. Also go to www.dnsstuff.com and do DNS lookups (right side of the page) on the external name of your OWA.
3. Can you connect internally to OWA? Use the outside http address, and also try http://IPaddress/exchange (or whatever is your internal IP of the OWA server plus whatever the /exchange is...for instance you may be using https://owa.domain.com)