• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion on Solving the Dreaded "500 Internal Server Error" article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> Discussion on Solving the Dreaded "500 Internal Server Error" article Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Discussion on Solving the Dreaded "500 Internal Se... - 24.Dec.2002 11:04:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for dicussion of the http://www.isaserver.org/tutorials/error505.html article entitled "Solving the Dreaded "500 Internal Server Error The target principal name is incorrect" Error"

Thanks!
Tom

[ December 30, 2002, 08:54 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion on Solving the Dreaded "500 Interna... - 26.Dec.2002 9:47:00 PM   
zolih

 

Posts: 8
Joined: 9.May2002
From: Budapest
Status: offline
Hello Tom,

This is a very important and great article, but you missed a very important component.

If you use an internal certificate the AIA and CDP points to the internal resources. Unfortunately this is unsecure because the default CDP contains the full AD LDAP path and it is golden information. [Eek!]
Best Regards,
Zoltan Harmath

(in reply to tshinder)
Post #: 2
RE: Discussion on Solving the Dreaded "500 Interna... - 26.Dec.2002 9:54:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Zoltan,

Interesting observation! Although not related to the "target principle is incorrect" issue, it is interesting. In the ISA Server and Beyond book I descirbe the advantages and disadvantages of using enterprise root and stand alone certificate servers, and you bring up another advantage of using the standalone certificate server. Of course, you can also change these values, which I also describe in the ISA Server and Beyond book, so you don't even have to worry about it [Big Grin] (within the bounds of your specific implementation, of course).

Thanks!
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion on Solving the Dreaded "500 Interna... - 26.Dec.2002 10:06:00 PM   
zolih

 

Posts: 8
Joined: 9.May2002
From: Budapest
Status: offline
OK, thank you for your answer.

Unfortunately I don't read your book, but I would like...

Please send me a private e-mail if it is possible, because I have got a private question's.

Best Regards,
Zoltan

(in reply to tshinder)
Post #: 4
RE: Discussion on Solving the Dreaded "500 Interna... - 30.Dec.2002 5:47:00 PM   
Znatok

 

Posts: 1
Joined: 25.Dec.2002
From: Russia
Status: offline
Hi, All ! Happy NY !
I have 2 problems with CA server :
First - my standalone root CA show me after reboot "The Certificate Service terminated with service-specific error 2148081668". This message occur second once. I don't maked backup CA. In first once I reinstall my CA server and now its damaged again. I don't find answer on this promlem on the Internet though I'm not first who asked it.
Second - while my CA server was worked, I created IP xxx.xxx.xxx.xxx certificate name becouse this is the name too [Smile] and it worked but it worked strange i.e. my ISA server required of "https" when I requested ssl resource by http://xxx.xxx.xxx.xxx but about 1 day ISA server don't ask me it if I don't request him during this time (i.e. I login on my Web page without https). If I restart Web proxy service ssl work again.

What you think about it ?

(in reply to tshinder)
Post #: 5
RE: Discussion on Solving the Dreaded "500 Interna... - 30.Dec.2002 8:55:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Zoltan Harmath:
OK, thank you for your answer.

Unfortunately I don't read your book, but I would like...

Please send me a private e-mail if it is possible, because I have got a private question's.

Best Regards,
Zoltan

Hi Zoltan,

Great! What is your email address?

Thanks!
Tom

(in reply to tshinder)
Post #: 6
RE: Discussion on Solving the Dreaded "500 Interna... - 8.Jan.2003 9:57:00 PM   
IStewart

 

Posts: 22
Joined: 7.Oct.2002
Status: offline
Hi Tom,

I just wanted to thank you for your artice. However much time it took to compile that information, it was worth it. You've explained a part of ISA that has eluded me for sometime.

-Ian

(in reply to tshinder)
Post #: 7
RE: Discussion on Solving the Dreaded "500 Interna... - 8.Jan.2003 10:57:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ian,

Thanks! Glad it helped. I have to admit, it drove me crazy for some time too [Smile]

Thanks!
Tom

(in reply to tshinder)
Post #: 8
RE: Discussion on Solving the Dreaded "500 Interna... - 13.May2003 1:30:00 AM   
PeterD

 

Posts: 3
Joined: 13.May2003
Status: offline
Hello, Tom. Just got your new book, was very helpful concerning publication of OWA. This article helped explain why it wasn't working (domain name mismatch). I'm trying to implement things in an incremental fashion, so I'm first trying to get things working without bridging SSL. Reason for this is my client must be convinced to use the same domain name as on their certificate (doesn't want to use private CA, wants to use Public CA) instead of using multiple domains for OWA mail [Smile]

I am having a brain cramp at this point. I removed the bridging entry, but now, after authentication, I get a warning saying both secure and non-secure content, and then I get 403s in both OWA frames. I have the Exchange virtual directory set up to not require SSL currently. If I do not require SSL in the web publishing rule, I get a second login prompt, and then I can enter the mailbox. This problem appeared afeter the previous problem went away, which was the fact that I was unable to authenticate at all.

Any idea why this may be happening? I'm sure I'm doing something stupid. Any help would be greatly appreciated.

(in reply to tshinder)
Post #: 9
RE: Discussion on Solving the Dreaded "500 Interna... - 13.May2003 3:58:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Peter,

That's a tricky one, esp since I've never removed the SSL settings once they've been set. It's possible that you're dealing with reverse caching issues. When you bridge SSL as HTTP, the HTTP objects obtained from the site are cached before being forwarded back to the requesting client as SSL protected messages.

HTH,
Tom

(in reply to tshinder)
Post #: 10
RE: Discussion on Solving the Dreaded "500 Interna... - 2.Jun.2003 3:31:00 PM   
bjo

 

Posts: 6
Joined: 14.Feb.2003
From: San Francisco
Status: offline
The article seems to address Web Publishing rules and not Server publishing. I have a system where I'm trying to publish a SSL connection to a server behind ISA. I'm publishing the server using Server publishing rules for a HTTPS server and receive the following when trying to connect with Internet Explorer 6:

500 Internal Server Error - The network logon failed. (1790)

I assume I need to set "Incoming Web Requests" to use a SSL port other than 443 (similar to HTTP Server publishing in Chapter 5 of ISA and Beyond...is this correct? (seems to solve the problem)

(in reply to tshinder)
Post #: 11
RE: Discussion on Solving the Dreaded "500 Interna... - 3.Dec.2003 5:42:00 AM   
fphan

 

Posts: 22
Joined: 9.Mar.2002
From: Atlanta
Status: offline
Hi Tom
This is great article but I still had one comfusing. What if the client only type in the
web browser http instead https is ther the way isa server can redirect them to https and not return the error if they just type in http.
I have to used redirect.asp to make this work
but i think there must be better way isa can do this.
Thanks a lot
you so great with all artile
Frank

(in reply to tshinder)
Post #: 12
RE: Discussion on Solving the Dreaded "500 Interna... - 3.Dec.2003 1:39:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Frank,

I use the redirect asp or a meta tag on the site. Always seems to work well for us.

HTH,
Tom

(in reply to tshinder)
Post #: 13
RE: Discussion on Solving the Dreaded "500 Interna... - 8.Feb.2004 3:34:00 AM   
slserra1

 

Posts: 1
Joined: 8.Feb.2004
Status: offline
I was excited to find your article as I have been searching for a solution for some time now. However, after following your steps I'm still getting the dreaded error.

The only difference I see is that my certificate is a wildcard certificate for my entire domain instead of a single address. Could this be it? Any other suggestions?

Steve

(in reply to tshinder)
Post #: 14
RE: Discussion on Solving the Dreaded "500 Interna... - 26.Jul.2004 1:02:00 AM   
Guest
The article seems to confirm the settings I have in place however I am still receiving the error.

Details:
Single domain environment with simple network (no internal routers). Running ISA 2000. Attempting to set up external HTTPS access to a W2K3/IIS6 web site. Many webs running on this server with external access.

I am using an Enterprise CA.
The cert was gen'ed for the specific site and loaded into the site.
The cert was exported, including the root, and imported into the ISA server (which was already a domain member).
Am using a Server Publishing Rule with a dedicated Destination specifying the site URL (www.foo.com).
The Publishing rule action redirects to the specific site URL (www.foo.com).
Original host header is being sent.
Action tab specifies connecting to 443 when bridging.
Bridging tab specifies bridge SSL as HTTP (tried it bridging SSL as SSL as well with no change in error).
Bridging tab specifies that "require SSL" is not checked.
ISA server hosts file has entry for the web server IP address associated with the specific web site (www.foo.com).
No client certs are involved or specified as required in the config.
Incoming Web Requests specifies "Enable SSL Listeners".
The sole Listener specifies the specific web cert (www.foo.com) as "use server certificate to authenticate".
Listener specifies authentication as Integrated only.

Additional info: clients on the internal LAN can successfully establish an HTTPS connection to the web, it is only the external clients coming through ISA which receive the error...naturally.
Tried monitoring an external request using Network Monitor however no intelligible data was collected on the internal LAN NIC (on ISA side) even when bridging as HTTP?

I have gotten something wrong somewhere but cannot seem to identify the failure point. Please advise.

Thanks much.

(in reply to tshinder)
  Post #: 15
RE: Discussion on Solving the Dreaded "500 Interna... - 27.Jul.2004 4:25:00 AM   
Guest
Follow-up on my preceeding message.

I was able to resolve the issue by requesting a computer certificate for the ISA server. I don't recall this being a specified requirement but one of the other articles documents the acquisition of one during a setup for SSL so I gave it a shot and now external clients can access the SSL enabled web behind ISA (SSL to ISA then HTTP to the web).

Much thanks for all the documentation on this site. I do not know where I would have gotten the info to resolve this otherwise, keep it up.

(in reply to tshinder)
  Post #: 16
RE: Discussion on Solving the Dreaded "500 Interna... - 27.Jul.2004 5:57:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Rasha,

You don't need a computer certificate in order to make it work. However, you do need to bind the Web site certificate to the Web listener, which means important the Web site certificate into the ISA firewall's machine certificate store.

You may not have imported the CA certificate into the Trusted Root Certification Authorities store. If you requested a computer certificate using the MMC, then that certificate was automatically added for you.

Thanks!
Tom

(in reply to tshinder)
Post #: 17
RE: Discussion on Solving the Dreaded "500 Interna... - 16.Dec.2004 5:00:00 AM   
amusson

 

Posts: 2
Joined: 13.May2004
Status: offline
I am getting the following error on two exchange sites. 500 Internal Server Error - The network logon failed. (1790)
I have searched till I'm blue in the face and can not seem to find any answers to this issue. I have had several other co-workers who are familiar with ISA2000 look into this and we are stumped. It appears to be something with OWA, ISA2000 and Exchange 2003. We have recreated the certificate several times and still does not work. Any ideas anyone?

Thanks,

Andrew Musson. [Frown]

(in reply to tshinder)
Post #: 18
RE: Discussion on Solving the Dreaded "500 Interna... - 5.Feb.2005 9:46:00 PM   
djtag

 

Posts: 49
Joined: 5.Feb.2005
From: Edmonton, Alberta
Status: offline
I'm getting this error too [Frown]

(in reply to tshinder)
Post #: 19
RE: Discussion on Solving the Dreaded "500 Interna... - 3.Jul.2006 10:19:30 AM   
censor

 

Posts: 52
Joined: 1.Apr.2002
Status: offline
http://www.microsoft.com/downloads/details.aspx?FamilyID=2AA53EE6-527C-4398-AB7C-FCF8E8DDE8CE&displaylang=en

Download this fix and it will work

(in reply to tshinder)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> Discussion on Solving the Dreaded "500 Internal Server Error" article Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts