Home > Internal Server > Internal Server Error The Target Principal Name Is Incorrect

Internal Server Error The Target Principal Name Is Incorrect

Manage Your Profile | Site Feedback Site Feedback x Tell us about your experience... Target principal name is incorrect I have only encountered this error with secure web publishing (reverse proxying) and ISA or TMG. The Problem and the Solution

The target principle error is do to a mismatch between the name in the request made by the Web client and the common name (CN) on Certificate issues If a problem arises when requesting a certificate, do the following: Ensure that you are requesting a certificate correctly: Use the Certificates Microsoft Management Console (MMC) snap-in to request click site

The Exchange 2k3 server is on the internal LAN.The OWA sites are on the Exchange server and they have different internal IP adresses. You want the request forwarded to the internal network Web server. Note that in this case the Host: entry says Exchange then uses the user name and password information to look up the full URL path to the user's mailbox in Active Directory, and then routes the user to the correct Homepage

For Firewall clients, specify the FQDN for direct access. Common issues This section summarizes common issues that you may encounter. The certificate must have the same common/subject name as the name on the Public Name tab. Did the page load quickly?

If you receive a message that it is the wrong type of certificate, check that the relevant usage of the certificate is correctly configured. http://www.experts-exchange.com/Security/Software_Firewalls/Q_22786492.html 0 LVL 34 Overall: Level 34 Exchange 25 MS Forefront-ISA 2 Message Expert Comment by:Shreedhar Ette2010-07-16 Hi, Refer this: http://trycatch.be/blogs/pdtit/archive/2008/07/23/500-internal-server-error-the-target-principal-name-is-incorrect-2146893022-by-isa-server-when-using-owa.aspx Hope this helps, Shree 0 LVL 5 Overall: We cannot figure out how to publish OWA or any other SSL encrypted site hosted on the SBS machine. Please read our Privacy Policy and Terms & Conditions.

For the certificate on the published Web server, the name must match the name that appears on the To tab of the rule. This error can be caused either by Kerberos authentication errors, or a name mismatch between what is listed in the CN or SAN attributes of a certificate and what is being The No.1 Forefront TMG / UAG and ISA Server resource site By subscribing to our newsletters you agree to the terms of our privacy policy ISAserver.org Sections Articles & Tutorials Blogs To enable HTTP to HTTPS redirection In ISA Server Management, click the Firewall Policy node.

Default deny rule, which is at the bottom of the list. Check the ISA/TMG logs to see if you find: “A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider. 0x800b0112 (-2146762478)” in the Check that the user is specifying credentials with the syntax \. In the Configuration Groups list, select the Active Directory group.

  1. Solved Error Code: 500 Internal Server Error.
  2. Solution: This error message occurs when the name in the SSL client request from ISA Server does not match the common name on the Web site certificate.
  3. Summary In this article we went over several scenarios demonstrating how ISA Server bridges SSL requests.
  4. The actual name on the Public Name tab on the Web Publishing rules is "webmail.mydomain.se"3.
  5. The ISA Server Best Practices Analyzer can run on ISA Server 2006 or ISA Server 2004.
  6. Do not add the port number.

The solution to this problem is to configure the Web Publishing Rule to use the FQDN of the internal Web site and then configure a split DNS or a HOSTS file For more information, see Microsoft article 935767. To do this, click Start, point to All Programs, point to Microsoft ISA Server, point to ISA Tools, and then click ISA Server Best Practices Analyzer. On the Trusted Root Certification Authorities tab, check that a certificate for the CA appears.

Certificate error messages If you receive the error message: "500 Internal Server Error – The target principal name is incorrect", check the following: The name of the server certificate used by get redirected here I got the dreaded 500 Internal Server Error – The target principal name is incorrect error that you saw in the very first figure in this article. If so, you should uncheck this box as the internal site name is different than the external one. Privacy Policy Site Map Support Terms of Use MenuExperts Exchange Browse BackBrowse Topics Open Questions Open Projects Solutions Members Articles Videos Courses Contribute Products BackProducts Gigs Live Careers Vendor Services Groups

Single network adapter issues ISA Server provides support for publishing Outlook Web Access with a single network adapter. The target principal name is incorrect Page: [1] Jump to: Select a ForumAll Forums---------------------- [Threat Management Gateway (TMG) 2010] - - General - - Installation [Forefront Unified Access Gateway 2010] - What's up with that? navigate to this website {{offlineMessage}} Store Store home Devices Microsoft Surface PCs & tablets Xbox Virtual reality Accessories Windows phone Software Office Windows Additional software Apps All apps Windows apps Windows phone apps Games Xbox

Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.domain.com You can verify the changes you have done by running Get-OutlookProvider If you have the name mismatch  the Exchange Server Remote Connectivity Analyzer tool www.testexchangeconnectivity.com  returns the RSS feed for comments on this post.. Join Now For immediate help use Live now!

The certificate was then imported into the ISA Server machine’s Personal Certificate store and then bound to the Incoming Web Requests listener.

So, if the users are going to http://www.msfirewall.org, then the common/subject name on the Web site certificate bound to the Web listener must be www.msfirewall.org3. It looks like something is happening with ISA Server 2004 "Standard" version.Here is a microsoft kb about this:http://support.microsoft.com/default.aspx?scid=kb;en-us;841664HTH,Marcelo (still looking forward Secure OWA to work) (in reply to rodent) Post #: If you can access the mailbox using the full URL, but cannot access the mailbox by logging on with the shorter URL, the access problem may be related to authentication. The Basic Setup Figure 2 below shows the basic setup: Figure 2 All computers are running Windows 2000 Advanced Server SP2 and the ISA Server is updated to SP1.

This provides end to end security from the Web client to the destination sever on the internal network. If all sites are published using the same domain name, you can use a wildcard certificate, and then use a single IP address and a single listener to publish multiple sites. Connection issues For connection issues, check the following: To check whether the connection issue is associated with a specific client computer, try to connect to the Outlook Web Access site from my review here You can see the Web Proxy service log entries for this transaction right above the Network Monitor trace in figure 6.

TrackBack URL. Figure 8 Test #3 – SSL to SSL Bridging Sending With and Without Sending the Original Host Header Now let’s change the type of bridging performed by the Web Publishing Rule. Installation files are copied to the %SystemDrive%\Program Files\IsaBPA folder. http://technet.microsoft.com/en-us/library/bb794722.aspx 0 Message Accepted Solution by:Kworum2010-07-22 We created two new certificates on the Exchange Server, one witht he internal name and another with the external name then exported to TMG's

Covered by US Patent. If you do not use a split DNS or a HOSTS file to resolve the name correctly, the ISA Server will forward the request to the public IP address that resolves Rules that deny access to all users.