Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)

Posted on 2009-05-12
3
Medium Priority
?
2,891 Views
Last Modified: 2012-05-06
We have an SBS 2003 Standard R2 environment with ISA Server 2006 Standard on a separate Windows Server 2003 machine (Dual NICs). We cannot figure out how to publish OWA or any other SSL encrypted site hosted on the SBS machine. I have been through everything I can think of and all I get is the error in the question title. Currently the web listener has the 3rd party SSL certificate from Thawte and the web server has a self-signed certificate created using the CEICW. The ISA server is a Domain Member. What am I missing?
0
Comment
Question by:dsasc
3 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 750 total points
ID: 24362879
So, fist at all, you have two certificated, one between the client and the ISA, and a second between the ISA and your web server. The certificates must fit to the accessed domain to be valid. So the certificate for the client must be issued for your external domain name, whcih is used to connect to OWA, and the internal certificate must fit to the server name, which is used in ISA to connect to the Web-Server. Or you may decide to leave the internal communication unencrypted.

Read this:
http://www.isaserver.org/tutorials/error505.html 
0
 
LVL 8

Assisted Solution

by:kain21
kain21 earned 750 total points
ID: 24364335
Just to add a little more this, I'm guessing you likely have the "Forward original host header instead of the site name" check box enabled on the To tab of the rule publishing OWA.  If so, you should uncheck this box as the internal site name is different than the external one.  Something else you will need to verify is that the ISA server computer does not receive any certificate errors when it browses via SSL to the internal site name of OWA.  Since you have a self-signed cert, you may need to import the certificate you created with the CEICW into the Trusted Root Certification Authorities on your ISA Server to get rid of any certificate warnings.

Mike
0
 

Author Closing Comment

by:dsasc
ID: 31580457
I resolved this problem with a call to Microsoft support. Both suggestions were used in the resolution for this issue.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question