Improve company productivity with a Business Account.Sign Up

x
?
Solved

500 Internal Server Error - The certificate chain was issued by an authority that is not trusted

Posted on 2006-11-21
13
Medium Priority
?
8,947 Views
Last Modified: 2008-07-04
Here's the problem,

We have a SBS server with ISA 2000, exchange 2003 and IIS all running on the same server.  We recently changed company names and I started messing with the certs, like a stupid person.  Now, when a user tries to access OWA, they get:  500 Internal Server Error - The certificate chain was issued by an authority that is not trusted. (-2146893019)
Internet Security and Acceleration Server.  I am at a loss as to what to do.  I have the orginal cert installed and back, howerver I keep getting this each time.  Please help!!
0
Comment
Question by:mb2answers
  • 7
  • 5
13 Comments
 

Author Comment

by:mb2answers
ID: 17987783
I know its a problem with ISA, but just not sure what to do to resolve it.  I do not have much experience with ISA.
0
 
LVL 1

Expert Comment

by:netstable
ID: 17988154
Hi mb2

Not sure if the following site will help:

http://forums.isaserver.org/m_230004400/tm.htm

The issue seems to have been touched on there and could point you in the right direction!
0
 

Author Comment

by:mb2answers
ID: 17988248
I have already been through that article with no sucess.  Any other ideas?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:mb2answers
ID: 17988265
This may help as well.  Before I messed with it, when you went to the site, it would prompt you to install the certificae, no it does not.
0
 
LVL 9

Expert Comment

by:PeterMac
ID: 17988888
Problem is with Master certificate on server, whether or not you are using a commercial certificate, from Verisign etc, or one generated localy, the certificate contains the server name (Domain Name strictly), and this is why you are now getting errors. Only solution is to generate new certificate with correct name
0
 
LVL 9

Expert Comment

by:PeterMac
ID: 17989011
Sorry finger trouble, had not finished posting.

To check problem go to Internet Services Manager - Select webmail site - Properties - Directory Security - At bottom under Secure Communications - View Certificate Details - will show both "Issued to" must match full Website Name, and "Issued by" must match Domain (For Internal Cert), or Trusted Supplier (e.g Verisign) (For External Cert).

If you have changed either Site Name, or Domain Name, Certificate is no longer valid (Trusted).
0
 

Author Comment

by:mb2answers
ID: 17989174
both issued to and issued by are the correct domain name.  This is a self generated cert.  Is there something that ISA needs to use the cert?  Where does the cert need to be installed?  I tried to put everything back the way it was.  But still haveing the same issue.
0
 
LVL 9

Expert Comment

by:PeterMac
ID: 17989292
Yes there is something needed, too long since I did this, to explain myself, and don't want to upset my server by checking details here, but following should help you through process.

http://hellomate.typepad.com/exchange/2004/07/this_security_c.html
0
 

Author Comment

by:mb2answers
ID: 17989517
Reistalled the cert, still nothing.
0
 
LVL 9

Accepted Solution

by:
PeterMac earned 1500 total points
ID: 17994302
Sorry, had not read all the way through Post, it looked as though it was going to exolain everything, but on checking only mentions client side of problem. You also need certificate installed as trusted root certificate on server. Will need to go into IE on server, Internet options, Content, Certificates, Trusted Root Certificates, Needs to have copy of your Locally produced Root Certificate (Should have been produced at same time as client certificate) imported to here.

Check below - additional point 1) after end of main install.

http://eal.us/blog/_archives/2003/6/2/25109.html
0
 

Author Comment

by:mb2answers
ID: 17995151
You are correct.  It was a problem with the cert.  Unfortunatly on a SBS Server there is an easy was to fix it but didn't know it.  After messing with the certs I had another error and found an article that resolved the issue:  http://support.microsoft.com/kb/842612  this wizard fixed the whole thing.
0
 
LVL 9

Expert Comment

by:PeterMac
ID: 17995681
Nice, last contact I had with SBS was NT 4.5, did not have any nice features like that then.
0
 

Author Comment

by:mb2answers
ID: 17995845
Yeah, what would be even nicer would be if microsoft had an easier way to find support.  Digging through their stuff is a nightmare.
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question