Solved

Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)

Posted on 2009-05-12
3
2,745 Views
Last Modified: 2012-05-06
We have an SBS 2003 Standard R2 environment with ISA Server 2006 Standard on a separate Windows Server 2003 machine (Dual NICs). We cannot figure out how to publish OWA or any other SSL encrypted site hosted on the SBS machine. I have been through everything I can think of and all I get is the error in the question title. Currently the web listener has the 3rd party SSL certificate from Thawte and the web server has a self-signed certificate created using the CEICW. The ISA server is a Domain Member. What am I missing?
0
Comment
Question by:dsasc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 250 total points
ID: 24362879
So, fist at all, you have two certificated, one between the client and the ISA, and a second between the ISA and your web server. The certificates must fit to the accessed domain to be valid. So the certificate for the client must be issued for your external domain name, whcih is used to connect to OWA, and the internal certificate must fit to the server name, which is used in ISA to connect to the Web-Server. Or you may decide to leave the internal communication unencrypted.

Read this:
http://www.isaserver.org/tutorials/error505.html 
0
 
LVL 8

Assisted Solution

by:kain21
kain21 earned 250 total points
ID: 24364335
Just to add a little more this, I'm guessing you likely have the "Forward original host header instead of the site name" check box enabled on the To tab of the rule publishing OWA.  If so, you should uncheck this box as the internal site name is different than the external one.  Something else you will need to verify is that the ISA server computer does not receive any certificate errors when it browses via SSL to the internal site name of OWA.  Since you have a self-signed cert, you may need to import the certificate you created with the CEICW into the Trusted Root Certification Authorities on your ISA Server to get rid of any certificate warnings.

Mike
0
 

Author Closing Comment

by:dsasc
ID: 31580457
I resolved this problem with a call to Microsoft support. Both suggestions were used in the resolution for this issue.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question