I have a strange sittuation: After a swing migration of SBS2003R2 to a new hardware, and after applying Windows 2003 SP2, my internal clients can't get access to Exchange by using Outlook. The only way of using email which is functional, is through http at the following address: https://servername/exchange/ By using only http the server is innaccesibile. Also http://companyweb is accesible only through https (with some certificate errors).
After a couple of days of reading logs and checking configurations, I've discovered with th ISA BPA the error from the subject: The Upstream chaining credentials error alert was signaled 1 times. ISA Server failed to establish an SSL connection with publishing.domain.local. No connection could be made because the target machine actively refused it.
Found no clue until now with Google :-(
1/ by analysing acces to http://companyweb from a test machine, I've discovered that there is a problem with the publishing.domain.local certificate. I've tried to renew the certificate (from IIS Certificate Wizard), but I've got errors (Failed to install the Certificate - The parameter is incorrect)
2/ when running ICW, everything goes well except email configuration which failed (even if the server is working fine - emails came and go with no problem) Error 0x80070003 returned from call to CEMailCommit::Commit()
The error you referenced would have nothing to do with your Outlook clients losing access. Outlook is a MAPI client and the error is referring to an HTTP/HTTPS issue so you now have two problems which are probably related to what is real cause of your problem The key clue to your problem you mentioned; after applying Windows 2003 SP2 so that is where I would look first. There is a known problem with applying Windows Server 2003 service pack 2 on a server also running ISA server. The issue is with Receive Side Scaling (RSS) and TCP offloading being enabled on the ISA NICs. There is a patch available for download to correct the issue and you need to disable RSS and offloading in the Windows registry. Updating and reloading the NIC drivers is also need to get things working properly again.
These symptoms may include one or more of the following: When you try to connect to the server by using a VPN connection, you receive the following error message: Error 800: Unable to establish connection. You cannot create a Remote Desktop Protocol (RDP) connection to the server. You cannot connect to shares on the server from a computer on the local area network. You cannot join a client computer to the domain. You cannot connect to Microsoft Exchange Server from a computer that is running Microsoft Outlook. You can only connect to Web sites that are hosted on the server or on the Internet by using a secure sockets layer (SSL) connection. In this scenario, you cannot connect to a Web site that does not use SSL encryption. You experience slow network performance. You cannot create an outgoing FTP connection from the server. The DHCP Server service crashes. Clients experience slow domain logons. Network Address Translation (NAT) clients that are located behind Windows SBS 2003 experience intermittent connection failures. You experience intermittent RPC communications failures. Clients that are configured as SecureNat clients may be unable to connect to the Internet. Some Outlook clients may be unable to connect to Exchange. You cannot run the Configure E-mail and Internet Connection Wizard successfully. Microsoft Internet Security and Acceleration (ISA) Server blocks RPC communications. Clients cannot visit the http://companyweb Web site. You cannot browse Internet Information Services (IIS) Virtual Directories.
CAUSE This problem occurs because of a problem that exists in NAT in Windows SBS 2003. This problem is exposed when you enable one of the following features on a network adapter that meets the NDIS 5.2 specification or a later version of this specification: Receive Side Scaling (RSS) TCP/IP offloading Windows Server 2003 SP2 and the Windows Server 2003 Scalable Networking Pack include features to implement stateful and stateless offloading. The offloading feature accelerates the Windows networking stack. The networking update that is included in Windows Server 2003 SP2 and in the Windows Server 2003 Scalable Networking Pack includes the following features: TCP Chimney Offload Receive Side Scaling Network Direct Memory Access (NetDMA) A problem exists that affects NAT when you have Receive Side Scaling enabled. Therefore, after you install Windows Server 2003 SP2 or the Windows Server 2003 Scalable Networking Pack on a computer that is running Windows SBS 2003, you experience the symptoms that are mentioned in the "Symptoms" section.