I need help understanding the web farm tab, in particular the internal site name textbox as what it relates to. Is it an internal DNS entry the points to the servers in the web farm? Or is it the IIS header?
Also, I’m having trouble with proxy requests option (“ requests appear to come the: “) , I would like to use “Original client who sent the request”, but if I do the firewall throws a “failed connection attempt”, my guess is I have a network rule which is wrong.
Does anyone have a link or doc in how to setup a web farm using ISA 2006 Enterprise? ( Edge Mode). When I start Using certs or SSL it starts behaving strangly. . How about this one “Error Code: 500 Internal Server Error. An internal error occurred. (1359)"
This is what I think I figured out. The "Internal Site Name" is used as a common name so the ISA server(s) can match to a common cert name coming from the backend web servers(s). In other words, the "Internal Site name" matches the name on my internal SSL cert used on my web site, if not you get the second error below.
Also what threw me for a while was, when applying rules to enterprise version of ISA 2006 with two servers in the array, it would take 1 to 4 minutes for the rules to go into affect. I was thinking things wern't working, when they were, just took a few minutes in some cases, not being patient and shooting myself in the foot.
These are the errors I got and what I did to resolve them.
1. Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019) a. The cert used for the internal web server wasn’t imported into the ISA server(s) as a trusted root cert. Remember to import into all ISA Enterprise servers that are part of the same array. 2. Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022) a. Cert name doesn’t match the “Internal Site Name” defined in the web farm tab. change the site name to match the name on the cert or recreate a new interal cert using selfcert.
I'm sure this is already stated somewhere else, but I couldn't find.
From: The Netherlands
About the synchronisation problem it is known. When you configure an array, after you click apply go to monitoring an got to the tab "configuration". In that tab you can see if your config is "out-of-sync", "synchonizing" or "synced".
Sometimes you have to wait longer than the other. But now you dont have to test three times. Just wait for the config to be synced and then test it.
Just a follow up to an old question I had, MS answer.
I found this relating to what "Internal Site Name" means when publishing to a web farm.
But, the last bullet has me worried about what happens if the computer I pick for the site name is off line? I quess I will have to find out.
Specify an internal site name. When publishing a single Web server, the internal site name is used by ISA Server to locate the published server.
When you publish a Web server farm, the internal name is not used by ISA Server in this way. Instead, it is used as follows:
The internal name may be used for link translation. Web pages returned by a published Web server may include links to internal computer names and sites that cannot be resolved by external clients. To avoid broken links, the ISA Server Link Translation filter uses mapping to translate these internal links to publicly resolvable names. For each Web publishing rule, ISA Server automatically maps the internal name specified in the rule to the public name specified in the rule. For the internal name in the Web farm rule, you should specify the name that internal users will use to access the farm, and the internal name with which the Web farm might be referenced on Web pages and e-mail messages that external users may receive. If an application uses absolute links to itself, the internal site name should be the host name in those links.
When a browser application generates a request, it includes a host header that identifies the host specified by the user in the URL. By default, when ISA Server receives the request, it changes this host header to the internal name, and will use the internal site name you specified as the host header when connecting to Web servers in the farm. If you choose to use the original client host header instead of the ISA Server default setting, the internal name is not used.
When you configure a Web farm in an HTTPS-to-HTTPS bridging scenario, you can deploy a unique certificate on each server farm member, or use a single certificate for the Web farm object. If you use a single certificate, you must use the internal name specified in the publishing rule as the common name when creating the certificate.
Even if you do not need to make a Web farm available internally or account for link translation, the ISA Server rules engine needs to resolve the internal site name. In this case, we recommend that you set the internal name to the Domain Name System (DNS) name of one of the servers in the farm.