I've installed a new GoDaddy SSL turbo cert on a domain - as my
undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
R2 Premium environment with ISA installed, with the self-generated cert
(which, BTW, has been working fine so far - but not for Outlook HTTP
over RPC).

So I've made put the cert on the server, transferred it to the default
website, deleted the old temp site I used to generate the CSR and bring
the cert in etc.

All good, but now little is working....

The domain and cert is generated for adrock.com - so ...

http://adrock.com/exchange
http://adrock.com/OMA

etc - don't work anymore.

I believe this is because of ISA. But I have no real idea of how to
procede to fix this. The ICEIW won't run through the cert bit, as there
is no-where to select the GoDaddy cert (I don't hav a .cer made at this
point, as I can't seem to get to a site to make one).

The error I'm getting at the above site (well you'll see for yourself),
is:

The page cannot be displayed

Technical Information (for support personnel)

Error Code: 500 Internal Server Error. The target principal name is
incorrect. (-2146893022)

As said, I *suspect* this is due to a change in ISA firewall rules that
need to be made (they seem (currently) to point to publishing.byte.local
(publishing.<internal domain name)).

Help appreciated.

--
Duncan.

This sounds like it might apply:

http://support.microsoft.com/kb/328917



"Duncan McCormack" <no-spam@newsgroup> wrote in message
news:MPG.25d63c4161df0ba2989b52@newsgroup

> I've installed a new GoDaddy SSL turbo cert on a domain - as my
> undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
> R2 Premium environment with ISA installed, with the self-generated cert
> (which, BTW, has been working fine so far - but not for Outlook HTTP
> over RPC).
>
> So I've made put the cert on the server, transferred it to the default
> website, deleted the old temp site I used to generate the CSR and bring
> the cert in etc.
>
> All good, but now little is working....
>
> The domain and cert is generated for adrock.com - so ...
>
> http://adrock.com/exchange
> http://adrock.com/OMA
>
> etc - don't work anymore.
>
> I believe this is because of ISA. But I have no real idea of how to
> procede to fix this. The ICEIW won't run through the cert bit, as there
> is no-where to select the GoDaddy cert (I don't hav a .cer made at this
> point, as I can't seem to get to a site to make one).
>
> The error I'm getting at the above site (well you'll see for yourself),
> is:
>
> The page cannot be displayed
>
> Technical Information (for support personnel)
>
> Error Code: 500 Internal Server Error. The target principal name is
> incorrect. (-2146893022)
>
> As said, I *suspect* this is due to a change in ISA firewall rules that
> need to be made (they seem (currently) to point to publishing.byte.local
> (publishing.<internal domain name)).
>
> Help appreciated.
>
> --
> Duncan.

Or maybe this one:

http://forums.isaserver.org/m_2002001509/printable.htm

"Duncan McCormack" <no-spam@newsgroup> wrote in message
news:MPG.25d63c4161df0ba2989b52@newsgroup

> I've installed a new GoDaddy SSL turbo cert on a domain - as my
> undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
> R2 Premium environment with ISA installed, with the self-generated cert
> (which, BTW, has been working fine so far - but not for Outlook HTTP
> over RPC).
>
> So I've made put the cert on the server, transferred it to the default
> website, deleted the old temp site I used to generate the CSR and bring
> the cert in etc.
>
> All good, but now little is working....
>
> The domain and cert is generated for adrock.com - so ...
>
> http://adrock.com/exchange
> http://adrock.com/OMA
>
> etc - don't work anymore.
>
> I believe this is because of ISA. But I have no real idea of how to
> procede to fix this. The ICEIW won't run through the cert bit, as there
> is no-where to select the GoDaddy cert (I don't hav a .cer made at this
> point, as I can't seem to get to a site to make one).
>
> The error I'm getting at the above site (well you'll see for yourself),
> is:
>
> The page cannot be displayed
>
> Technical Information (for support personnel)
>
> Error Code: 500 Internal Server Error. The target principal name is
> incorrect. (-2146893022)
>
> As said, I *suspect* this is due to a change in ISA firewall rules that
> need to be made (they seem (currently) to point to publishing.byte.local
> (publishing.<internal domain name)).
>
> Help appreciated.
>
> --
> Duncan.

In article <MPG.25d63c4161df0ba2989b52@newsgroup>, no-
spam@newsgroup says...

>
> I've installed a new GoDaddy SSL turbo cert on a domain - as my
> undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
> R2 Premium environment with ISA installed, with the self-generated cert
> (which, BTW, has been working fine so far - but not for Outlook HTTP
> over RPC).
>
> So I've made put the cert on the server, transferred it to the default
> website, deleted the old temp site I used to generate the CSR and bring
> the cert in etc.
>
> All good, but now little is working....
>
> The domain and cert is generated for adrock.com - so ...
>
> http://adrock.com/exchange
> http://adrock.com/OMA
>
> etc - don't work anymore.
>
> I believe this is because of ISA. But I have no real idea of how to
> procede to fix this. The ICEIW won't run through the cert bit, as there
> is no-where to select the GoDaddy cert (I don't hav a .cer made at this
> point, as I can't seem to get to a site to make one).
>
> The error I'm getting at the above site (well you'll see for yourself),
> is:
>
> The page cannot be displayed
>
> Technical Information (for support personnel)
>
> Error Code: 500 Internal Server Error. The target principal name is
> incorrect. (-2146893022)
>
> As said, I *suspect* this is due to a change in ISA firewall rules that
> need to be made (they seem (currently) to point to publishing.byte.local
> (publishing.<internal domain name)).
>
> Help appreciated.

restarted the Server - Event logs on it...

Source: Microsoft ISA We
Category: None
Event ID: 23403

ISA Server could not establish an SSL connection with the published
server publishing.byte.local because the name on the SSL server
certificate used by the published server does not match the name of the
server adrock.com, specified in the publishing rule. Verify that the
internal name specified in the publishing rule is correct. If the
problem persists contact the Web server administrator.

This, I think/hope - is the key to it - I just don't know how to proceed
to fix it.


--
Duncan.

Describe how you installed it as it is not working with the new
certificate. It has been a while since I have done a cert. in SBS
2003.

On Fri, 5 Feb 2010 14:32:40 +1300, Duncan McCormack <no-spam@newsgroup>
wrote:

>I've installed a new GoDaddy SSL turbo cert on a domain - as my
>undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
>R2 Premium environment with ISA installed, with the self-generated cert
>(which, BTW, has been working fine so far - but not for Outlook HTTP
>over RPC).
>
>So I've made put the cert on the server, transferred it to the default
>website, deleted the old temp site I used to generate the CSR and bring
>the cert in etc.
>
>All good, but now little is working....
>
>The domain and cert is generated for adrock.com - so ...
>
>http://adrock.com/exchange
>http://adrock.com/OMA
>
>etc - don't work anymore.
>
>I believe this is because of ISA. But I have no real idea of how to
>procede to fix this. The ICEIW won't run through the cert bit, as there
>is no-where to select the GoDaddy cert (I don't hav a .cer made at this
>point, as I can't seem to get to a site to make one).
>
>The error I'm getting at the above site (well you'll see for yourself),
>is:
>
>The page cannot be displayed
>
>Technical Information (for support personnel)
>
>Error Code: 500 Internal Server Error. The target principal name is
>incorrect. (-2146893022)
>
>As said, I *suspect* this is due to a change in ISA firewall rules that
>need to be made (they seem (currently) to point to publishing.byte.local
>(publishing.<internal domain name)).
>
>Help appreciated.

See what SBS support is working on
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive...A/default.aspx

Cheers Jim,

I installed it *precisely* per:

http://blogs.technet.com/sbs/archive...tall-a-public-
3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx


--
Duncan.

In article <kj0nm5164oi495vc3k8u1fkasede3vmmfm@newsgroup>,
jimbehning@newsgroup says...

>
> Describe how you installed it as it is not working with the new
> certificate. It has been a while since I have done a cert. in SBS
> 2003.
>
> On Fri, 5 Feb 2010 14:32:40 +1300, Duncan McCormack <no-spam@newsgroup>
> wrote:
>

> >I've installed a new GoDaddy SSL turbo cert on a domain - as my
> >undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
> >R2 Premium environment with ISA installed, with the self-generated cert
> >(which, BTW, has been working fine so far - but not for Outlook HTTP
> >over RPC).
> >
> >So I've made put the cert on the server, transferred it to the default
> >website, deleted the old temp site I used to generate the CSR and bring
> >the cert in etc.
> >
> >All good, but now little is working....
> >
> >The domain and cert is generated for adrock.com - so ...
> >
> >http://adrock.com/exchange
> >http://adrock.com/OMA
> >
> >etc - don't work anymore.
> >
> >I believe this is because of ISA. But I have no real idea of how to
> >procede to fix this. The ICEIW won't run through the cert bit, as there
> >is no-where to select the GoDaddy cert (I don't hav a .cer made at this
> >point, as I can't seem to get to a site to make one).
> >
> >The error I'm getting at the above site (well you'll see for yourself),
> >is:
> >
> >The page cannot be displayed
> >
> >Technical Information (for support personnel)
> >
> >Error Code: 500 Internal Server Error. The target principal name is
> >incorrect. (-2146893022)
> >
> >As said, I *suspect* this is due to a change in ISA firewall rules that
> >need to be made (they seem (currently) to point to publishing.byte.local
> >(publishing.<internal domain name)).
> >
> >Help appreciated.

> See what SBS support is working on
> http://blogs.technet.com/sbs/default.aspx
> Check your SBS with the SBS Best Practices Analyzer
> http://blogs.technet.com/sbs/archive...A/default.aspx

Many thanks Chuck - I'll try it out - I think I can do that in ISA 2004


Will report back later.

Thanks also for your other post - I didn't follow it (the article you
referred to) too well, so I've emailed the guy that got it working and
asked for his help.

Meantime, I've used the CEICW and gone back to the server signed cert
(but Outlook will not work in HTTP over RPC mode).

--
Duncan.

In article <OfNSvogpKHA.1556@newsgroup>, ceo@newsgroup says...

>
> This sounds like it might apply:
>
> http://support.microsoft.com/kb/328917
>
>
>
> "Duncan McCormack" <no-spam@newsgroup> wrote in message
> news:MPG.25d63c4161df0ba2989b52@newsgroup

> > I've installed a new GoDaddy SSL turbo cert on a domain - as my
> > undertanding is that Outlook HTTP over RPC will not work in an SBS 2003
> > R2 Premium environment with ISA installed, with the self-generated cert
> > (which, BTW, has been working fine so far - but not for Outlook HTTP
> > over RPC).
> >
> > So I've made put the cert on the server, transferred it to the default
> > website, deleted the old temp site I used to generate the CSR and bring
> > the cert in etc.
> >
> > All good, but now little is working....
> >
> > The domain and cert is generated for adrock.com - so ...
> >
> > http://adrock.com/exchange
> > http://adrock.com/OMA
> >
> > etc - don't work anymore.
> >
> > I believe this is because of ISA. But I have no real idea of how to
> > procede to fix this. The ICEIW won't run through the cert bit, as there
> > is no-where to select the GoDaddy cert (I don't hav a .cer made at this
> > point, as I can't seem to get to a site to make one).
> >
> > The error I'm getting at the above site (well you'll see for yourself),
> > is:
> >
> > The page cannot be displayed
> >
> > Technical Information (for support personnel)
> >
> > Error Code: 500 Internal Server Error. The target principal name is
> > incorrect. (-2146893022)
> >
> > As said, I *suspect* this is due to a change in ISA firewall rules that
> > need to be made (they seem (currently) to point to publishing.byte.local
> > (publishing.<internal domain name)).
> >
> > Help appreciated.
> >
> > --
> > Duncan.

Duncan McCormack wrote:

> Cheers Jim,
>
> I installed it *precisely* per:
>
> http://blogs.technet.com/sbs/archive...tall-a-public-
> 3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx
>
>
>

And that's "precisely" not the right info for ISA. (and they say so at
the bottom)

When you have ISA, put the publishing cert back the way it was on the
IIS web site. You don't put the cert there.

You go into ISA, into the publishing rule as I recall and you edit the
cert there in ISA, not on the IIS web site.

The instructions you have in the blog are for a two nic NO ISA where the
SSL cert goes on the IIS web site.

With ISA, the publishing cert stays where it is on the IIS web site and
then in the publishing rule inside of ISA your Godaddy cert goes there.

In article <u0hmSmhpKHA.1556@newsgroup>, sbradcpa@newsgroup
says...

>
> Duncan McCormack wrote:

> > Cheers Jim,
> >
> > I installed it *precisely* per:
> >
> > http://blogs.technet.com/sbs/archive...tall-a-public-
> > 3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx
> >
> >
> >

> And that's "precisely" not the right info for ISA. (and they say so at
> the bottom)
>
> When you have ISA, put the publishing cert back the way it was on the
> IIS web site. You don't put the cert there.
>
> You go into ISA, into the publishing rule as I recall and you edit the
> cert there in ISA, not on the IIS web site.
>
> The instructions you have in the blog are for a two nic NO ISA where the
> SSL cert goes on the IIS web site.
>
> With ISA, the publishing cert stays where it is on the IIS web site and
> then in the publishing rule inside of ISA your Godaddy cert goes there.

Thanks Susan, that all sounds fairly logical. I'll see if I can find
some info on getting the cert into ISA (as, of course, all I have from
GoDaddy at present is: specifically: gd_iis_intermediates.p7b and
adrock.com.crt files). And I'm in a good position to do this now, as
the publishing bit is all back in place (server generated self-signed
cert is back, from the CEICW wizard).

Might see what I can find at isaserver.org.

--
Duncan.