Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Some problems with SSL Bridging
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Some problems with SSL Bridging - 9.Feb.2004 9:12:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
LAB
- Windows 2k3 Domain Controller with certificates services and IIS 6.0 (ASP enabled) - Provides certificates through Web Enrollment.
- ISA 2K4 Beta 2 run in a W2k3 Standard.
Internal: 192.168.5.0/24
External: 192.168.0.6
ISA Server member of contoso.com domain.
I followed all the instructions in publishing a secure site using a certificate (I have only one server to publish).
I can access the https://server/certsrv page from the internal network but when I try form outside I get the following error:
500 Internal Server Error - The target principal name is incorrect. (-2146893022)
Internet Security and Acceleration Server
Can somebody helpme !
Best regards,
Javier
|
|
|
|
|
RE: Some problems with SSL Bridging - 10.Feb.2004 5:32:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
Check out my article on the dreaded 500 error over at www.isaserver.org/shinder
Make sure your redirect is using the same name as the certificate's common name on the internal network.
HTH,
Tom
|
|
|
|
|
RE: Some problems with SSL Bridging - 10.Feb.2004 11:59:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom, thanks a lot for your advice. I saw your article and I can configure properly the certificate's name. Now I have a problem with authentication. If I connect to IIS from internal LAN (with the certificate's name) no problem.
If I connect to IIS from external:
- Without Ask unauthenticated user for identification (Web Listener->Properties->Preferences-> Authentication) I get the following error: HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)
- With the checkbox enabled: I can't authenticate. I get the authentication box from ISA, but any user or password combination is refused. The default domain is contoso.com and the ISA server is a member server of that.
In both cases, the authentication is set to Basic.
Best wishes,
Javier
|
|
|
|
|
RE: Some problems with SSL Bridging - 15.Feb.2004 7:23:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
Does the ISA firewall belong to the same domain as the IIS site? Or, are you using RADIUS to authenticate external users?
Thanks!
Tom
|
|
|
|
|
RE: Some problems with SSL Bridging - 16.Feb.2004 7:39:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom,
The ISA an IIS belongs to contoso.com domain.
I have a situation concerning authentication. First, if I enable Ask unauthenticated Users for Identification on the firewall (domain: contoso.com; authentication set to Basic, authentication in IIS set to Basic..same domain/realm) the configuration doesn't work. If I uncheck Ask.... and then the IIS requests for authentication, all works fine.
Second, I enable IAS on the same certificate's DC....and try Radius Authentication....Nothing.
Why I cann't set the authentication at the firewall level?
Javier
|
|
|
|
|
RE: Some problems with SSL Bridging - 17.Feb.2004 12:44:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
Confiugre the Web Publishing Rule to forward basic authentication credentials. That way, the user can authenticate to the firewall and then connect to the Web site. This is the delegation of basic authentication feature.
HTH,
Tom
|
|
|
|
|
RE: Some problems with SSL Bridging - 17.Feb.2004 10:53:00 PM
|
|
|
jpierini
Posts: 23
Joined: 28.Jan.2004
From: Argentina
Status: offline
|
Hi Tom,
I've configured Forward the User Identity to the Published....from the user's tab, but if I enable Ask for unauthenticated....the Autenthication Box it doesn't references to contoso.com domain/realm even I setted in the properties of the web listenner. I cann't validate the account, and after 3 shots access is denied. So, I've Forward The User identity to the Published...enabled but Ask for unauthenticated Users....disabled....and works. It doesn't work for Radius authentication too.
Another issue is that I cann't get a computer certificate for external (non-domain) computers to enable L2TP/IPSec access, but that is another question.
Thanks in advance,
Javier
|
|
|
|
|
RE: Some problems with SSL Bridging - 18.Feb.2004 4:49:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Javier,
I'll test the RADIUS authentication problem and see if I get the same problems.
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
