You want the request forwarded to the internal network Web server. I'm running Exchange 2007 and ISA 2006. The CN of the certificate was the same as the name used in the "To" tab.However, due to some inexplicable coincidence, the SSL port in IIS5 (443)just dissapeared.I wrote 443 again Reply Leave a Reply Cancel reply Your email address will not be published. check this link right here now
SBITS.Biz World Wide Professional, Remote and Local Small Business Computer Support Welcome About Me Support List Contact Me Client Login Blog Posts Menu Home About Me Support List Contact Me Client http://www.experts-exchange.com/Security/Software_Firewalls/Q_22786492.html 0 LVL 34 Overall: Level 34 Exchange 25 MS Forefront-ISA 2 Message Expert Comment by:Shreedhar Ette2010-07-16 Hi, Refer this: http://trycatch.be/blogs/pdtit/archive/2008/07/23/500-internal-server-error-the-target-principal-name-is-incorrect-2146893022-by-isa-server-when-using-owa.aspx Hope this helps, Shree 0 LVL 5 Overall: Exclaimer Exchange Outlook Email Software Email Servers Email Clients What makes a good email signature? I knew from this MS Technet article (http://technet.microsoft.com/en-us/library/cc302619.aspx#CommonIssues) the name on the To tab had to match the common name on the Web site certificate.
The target p... - 25.Jun.2005 7:34:00 AM rodent Posts: 11 Joined: 29.Nov.2002 From: Stockholm Status: offline Hi Thomas,Thank you for replying so promptly.1. However after i tried all recommendations and possible solutions, i still have the problem.1 ISA 2K4 std with 4 NIC. If you bridge SSL as SSL, you may end up with a "target principle name" error because of a name mismatch between the FQDN in the request and CN on the my company WindowsNetworking.com Windows Server 2008 / 2003 & Windows 7 networking resource site.
Figure 14 You have the choice as to whether or not you want to connect to the site when you access the Web site directly form the browser on the ISA If the problem persists contact the Web server administrator I've to try it in my clients site tommorow but that should nail it! The target p... - 23.Jun.2005 2:47:00 PM tshinder Posts: 50013 Joined: 10.Jan.2001 From: Texas Status: offline Hi Rodent,What is the actual name on the To tab on the Web CONTINUE READING Suggested Solutions Title # Comments Views Activity TMG 2010 asks for credentials twice in OWA 5 1,182 1038d lync 2013 connectivity issue 6 1,663 720d Microsoft Forefront Threat Management
The ISA Server decrypts the SSL packets and then forwards them to the internal network Web server in the clear via HTTP. http://www.sbits.biz/solving-the-dreaded-500-internal-server-error-the-target-principal-name-is-incorrect-error/ As we close out the year 2003, I want to take this opportunity to thank everyone for the very kind words you’ve had for the ISA Server and Beyond book. Note that while the original host header was sent to the internal network Web server, the GET request is denoted as http://10.0.0.2 in the Web Proxy service log entry. Get 1:1 Help Now Advertise Here Enjoyed your answer?
MSPAnswers.com Resource site for Managed Service Providers. this contact form I've rechecked the Root cert is added correctly on the ISA Server that it's imported Web Server cert and private key are located in the machine store fine. ISA Server 2006 also supports use of wildcard certificates on the published Web server. Mike 0 Message Author Closing Comment by:dsasc2009-08-11 I resolved this problem with a call to Microsoft support.
In order to allow the external network client to establish an SSL connection to the Incoming Web Requests listener, the external client was connected to the internal network and requested a Copyright © 2014 TechGenix Ltd. I then went into the publishing rule for our website and updated it with the new certificate. have a peek here In this test the external client establishes an SSL link with the Incoming Web Requests listener on the external interface of the ISA Server.
The target principal name is incorrect Page:  Jump to: Select a ForumAll Forums---------------------- [Threat Management Gateway (TMG) 2010] - - General - - Installation [Forefront Unified Access Gateway 2010] - So the certificate for the client must be issued for your external domain name, whcih is used to connect to OWA, and the internal certificate must fit to the server name, In spite of the fact that we configured the Web Publishing Rule to forward the request to 10.0.0.2, the Host: entry says www.internal.net.
Both should be same..... 0 LVL 2 Overall: Level 2 MS Forefront-ISA 2 Message Expert Comment by:aimcitp2010-07-19 http://technet.microsoft.com/en-us/library/bb794858.aspx 0 LVL 2 Overall: Level 2 MS Forefront-ISA 2 Message Expert WindowSecurity.com Network Security & Information Security resource for IT administrators. The server with Exch2k3 is an Win2k SP4 and the ISA machine is an W2K3 SP1. Failover Clustering 3.
If you have any questions on anything I discussed in this article, head on over to http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=5;t=001409 and post a message. The actual name on the Public Name tab on the Web Publishing rules is "webmail.mydomain.se"3. This works fine. Automatic Failover 2.
I forgot to mention that i use "OWA forms based authentication" on the ISA machine.Thank u in advance [ June 27, 2005, 03:34 AM: Message edited by: inspector Rodent ] (in All rights reserved. Unfortunately, we can’t see if the original host header was sent to the Web server or not, because the header is encrypted in the SSL datastream. Connect with top rated Experts 16 Experts available now in Live!
The certificates must fit to the accessed domain to be valid. Each of the Web Publishing rules required an SSL connection to the Incoming Web Requests listener. This provides end to end security from the Web client to the destination sever on the internal network. Products & Platforms Configuration - General Configuration - Security General General Guides and Articles Installation & Planning Miscellaneous Non-ISAserver.org Tutorials Product Reviews Publishing Authors Thomas Shinder Marc Grote Ricky M.
If you do not use a split DNS or a HOSTS file to resolve the name correctly, the ISA Server will forward the request to the public IP address that resolves ISA server software Monitoring & Admin Reporting Hardware ISA Appliances SSL Acceleration TMG Appliances UAG Appliances Reviews Free Tools Blogs Forums Contact Us Hardware ISA Appliances SSL Acceleration TMG Appliances UAG When a client sends a request ISA sends it to the name on the To tab therefore if ISA cannot resolve this it will produce that error. It looks like something is happening with ISA Server 2004 "Standard" version.Here is a microsoft kb about this:http://support.microsoft.com/default.aspx?scid=kb;en-us;841664HTH,Marcelo (still looking forward Secure OWA to work) (in reply to rodent) Post #: