Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Secure WSS 3.0 Publishing: 500 internal server error

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Secure WSS 3.0 Publishing: 500 internal server error Page: [1]
Login
Message << Older Topic   Newer Topic >>
Secure WSS 3.0 Publishing: 500 internal server error - 22.May2008 6:53:30 AM   
TadejV

 

Posts: 4
Joined: 5.Oct.2005
Status: offline 		I'm trying to securely publish WSS 3.0 site on SBS 2003 R2 Premium with ISA 2004. I managed to create HTTPS to HTTP bridging with ISA 2004 but I'm having problems with HTTPS to HTTPS bridging (which is required for secure SharePoint publishing according to documentation).

With HTTPS to HTTPS bridging I get the following error:
Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019).

I followed this article for WSS publishing:
Publishing Windows SharePoint Services with Microsoft Internet Security and Acceleration (ISA) Server 2004: Web Publishing with Host-Header Forwarding over a Secure Connection
http://www.microsoft.com/technet/isa/2004/plan/isawss.mspx

I created self signed certificates named *.domainname.com and external.domainname.local (created with SelfSSL from IIS 6.0 ResKit)

All certificates are stored in appropriate certificate stores so there are no trust issues.

WSS uses new IIS virtual directory with host header external, external.domainname.local and external.domainname.com on port 80 for http and 4431 for https with certificate external.domainname.local, listening on all IP addresses.

I also changed default SBS Web Listener certificate from CEICW created self signed certificate remote.domainname.com to *.domainname.com

RWW is accesible from internet and from LAN through https://remote.domainname.com/remote with no certificate warnings using certificate *.domainname.com

SBS Server configuration:
Internal IP range: 192.168.1.0/24
External IP Range: 10.10.10.0/24

Internal SBS IP: 192.168.1.2
External SBS IP: 10.10.10.1

Internal DNS is configured for two zones: domainname.local and domainname.com
DNS records:

external.domainname.local A 192.168.1.2
external.domainname.com A 10.10.10.1
remote.domainname.com A 10.10.10.1

ISA WSS Web Publishing rule:
From Anywhere To external.domainname.local, Forward original host header, Requests appear to come from ISA
Listener: SBS Web Listener with changed certificate *.domainname.com
Bridging: Redirect requests to SSL port 4431
Public name: external.domainname.com
Traffic: Notify to use HTTPS

From SBS server I can access following addresses:
http://external - OK
http://external.domainname.local - OK
http://external.domainname.com - 403 forbidden
https://external.domainname.local:4431 - OK
https://external.domainname.com - Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

From internet I can access following addresses:
http://external.domainname.com - 403 forbidden
https://external.domainname.com - Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

Am I doing something wrong (I basically followed the documentation and RWW publishing settings on SBS)? Any help is appreciated

Regards, Tadej

< Message edited by TadejV -- 22.May2008 6:56:46 AM >
Post #: 1
RE: Secure WSS 3.0 Publishing: 500 internal server error - 22.May2008 7:01:02 PM   
TadejV

 

Posts: 4
Joined: 5.Oct.2005
Status: offline 		Figured it out:

SBS server is single server install with ISA 2004 installed on top of all
other services, so I presumed (wrong) that it would be enough to store
certificate external.domainname.com in User certificate store under trusted
root authorities. In fact it should also be placed in computer certificate
store under Trusted root Authorities, which enables ISA service to trust this
certificate.

After this reconfiguration the error dissapeared, and some minor tweaking of
Web publishing rule enabled me to succesfully publish WSS 3.0 in HTTPS to
HTTPS bridging mode.

Additional configuration of Web publishing rule is as follows:
From Anywhere To external.domainname.local, Do not Forward original host
header, Requests appear to come from original Client
Listener: SBS Web Listener with changed certificate *.domainname.com
Bridging: Redirect requests to SSL port 4431 only (no http redirection)
Public name: external.domainname.com
Traffic: Notify to use HTTPS

When accesing WSS from internet you should use URL https://external.domainname.com/default.aspx

Tadej

(in reply to TadejV)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Secure WSS 3.0 Publishing: 500 internal server error Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts