• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Error Code: 500 Internal Server Error. The target principal name is incorrect

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Error Code: 500 Internal Server Error. The target principal name is incorrect Page: [1]
Login
Message << Older Topic   Newer Topic >>
Error Code: 500 Internal Server Error. The target princ... - 23.Jun.2005 7:58:00 AM   
rodent

 

Posts: 11
Joined: 29.Nov.2002
From: Stockholm
Status: offline
Hi,
I have the following problem:
"Error Code 500 Internal Server Error.
The target principal name is incorrect.
(-2146893022)."
This error is described in KB: 841664 at: http://support.microsoft.com/default.aspx?scid=kb;en-us;841664
and also numerous times on this discussion board. However after i tried all recommendations and possible solutions, i still have the problem.

1 ISA 2K4 std with 4 NIC. The external NIC has about 40 public IP adresses. The Exchange 2k3 server is on the internal LAN.The OWA sites are on the Exchange server and they have different internal IP adresses. They have different certs obtained from the internal Cert authority.
I exported the certs and imported them on the ISA as described in an article published by Thomas Shinder.
Any ideas? All three OWA sites behave in the same way although they have different certs. The ISA2k4 is a member of the domain. I also tried to edit the hosts file on the ISA. e.g.:
172.26.113.84 webmail.internal.net. the web listener on the ISA uses these certs.
Post #: 1
RE: Error Code: 500 Internal Server Error. The target p... - 23.Jun.2005 2:47:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rodent,

What is the actual name on the To tab on the Web Publishing rule?

What is the actual name on the Public Name tab on the Web Publishing rules?

What is the actual common/subject name on the certificates?

Thanks!
Tom

(in reply to rodent)
Post #: 2
RE: Error Code: 500 Internal Server Error. The target p... - 23.Jun.2005 3:27:00 PM   
techuser

 

Posts: 70
Joined: 11.Jan.2005
Status: offline
Hi Rodent and Tom,

I had exactly the same error. It looks like something is happening with ISA Server 2004 "Standard" version.

Here is a microsoft kb about this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;841664

HTH,

Marcelo (still looking forward Secure OWA to work)

(in reply to rodent)
Post #: 3
RE: Error Code: 500 Internal Server Error. The target p... - 25.Jun.2005 7:34:00 AM   
rodent

 

Posts: 11
Joined: 29.Nov.2002
From: Stockholm
Status: offline
Hi Thomas,
Thank you for replying so promptly.
1. The "To" Tab shows "webmail.myinternalnet.int"
2. The actual name on the Public Name tab on the Web Publishing rules is "webmail.mydomain.se"
3. The "friendly name" of the certificate is "webmail.mydomain.se".
The other 2 certificates and publishing rules are built in the same manner. Please observe that we did not make any changes to the certs or the publishing rules that should generate these problems. The only changes i can recall were some new security patches from Microsoft for the OS. The server with Exch2k3 is an Win2k SP4 and the ISA machine is an W2K3 SP1. There are entries in the internal DNS for each and everyone of the internal names, eg. webmail.myinternalnet.int=172.26.113.84.
I am not very good at certificates i probably made some error when i created those certs.
Here is some more info:
CN = webmail.mydomain.se
OU = IT
O = XXXXXX
L = Stockholm
S = Stockholm
C = SE

Oh! I forgot to mention that i use "OWA forms based authentication" on the ISA machine.
Thank u in advance

[ June 27, 2005, 03:34 AM: Message edited by: inspector Rodent ]

(in reply to rodent)
Post #: 4
RE: Error Code: 500 Internal Server Error. The target p... - 27.Jun.2005 1:04:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

Just some basic requirements:

1. The request must be for the exact name included on the Public Name tab. For example, if the users wants to go to www.msfirewall.org, the name on the Public Name tab must be www.msfirewall.org

2. The certificate must have the same common/subject name as the name on the Public Name tab. So, if the users are going to http://www.msfirewall.org, then the common/subject name on the Web site certificate bound to the Web listener must be www.msfirewall.org

3. The name used in the To tab must match the name on the Web site certificate bound to the actual Web site on the Internal network. So, if the name on the certificate is www.msfirewall.org, then I must enter www.msfirewall.org on the To tab.

4. The ISA firewall must be able to resolve the name on the To tab to the actual IP address of the site on the Internal network. So, if I had www.msfirewall.org on the To tab, then the ISA firewall must be able to resolve www.msfirewall.org to the actual IP address of the site on the Internal network (you can use DNS or HOSTS file entries for this)

5. Make sure you forward the original host header if you're not using the same name from end to end (like you can with a properly configured split DNS)

HTH,
Tom

(in reply to rodent)
Post #: 5
RE: Error Code: 500 Internal Server Error. The target p... - 30.Jun.2005 2:22:00 AM   
rodent

 

Posts: 11
Joined: 29.Nov.2002
From: Stockholm
Status: offline
Hi Thomas,
I solved the problem ! The CN of the certificate was the same as the name used in the "To" tab.
However, due to some inexplicable coincidence, the SSL port in IIS5 (443)just dissapeared.
I wrote 443 again and restarted IIS, Puff ! gone again... Anyway I finally got it working.
"Bill Gates works in mysterious ways" :-)

btw I bought your book!

(in reply to rodent)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Error Code: 500 Internal Server Error. The target principal name is incorrect Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts