Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Remote Web Workplace error

4 views
Skip to first unread message

Andrew M. Saucci, Jr.

unread,
Dec 5, 2003, 10:47:45 PM12/5/03
to
When I enter https://xxx.domain.com/Remote into my browser from outside the
LAN I get

500 Internal Server Error - The certificate chain was issued by an authority
that is not trusted. (-2146893019)
Internet Security and Acceleration Server.

I created and installed a certificate that matches the external FQDN. The
companyweb page works at https://xxx.domain.com:444. Any clues?

Ray Fong [MSFT]

unread,
Dec 6, 2003, 6:43:29 AM12/6/03
to
Did you manually create and install the cert? Or you let CEICW to do it?

At the server, can you https://servename/remote, and
https://servername:444? If there is any error, please write the exact error
down. (Note: You may receive an IE warning but it is OK.)

Check IIS, is the Default Website's cert name called
"Publishing.domain.local" and the ISA's Incoming Web Request's cert name
called "xxx.domain.com"?

Ray Fong
Microsoft SBS Product Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Andrew M. Saucci, Jr.

unread,
Dec 9, 2003, 8:48:05 PM12/9/03
to

"Ray Fong [MSFT]" <ray...@online.microsoft.com> wrote in message
news:uUufv4#uDHA...@cpmsftngxa07.phx.gbl...

> Did you manually create and install the cert? Or you let CEICW to do it?

I think I did it with CEICW, but I might have re-done it manually (either
the creation or the installation) when I found things not working.

>
> At the server, can you https://servename/remote, and
> https://servername:444? If there is any error, please write the exact
error
> down. (Note: You may receive an IE warning but it is OK.)

Both of these work fine-- no error messages.

>
> Check IIS, is the Default Website's cert name called
> "Publishing.domain.local" and the ISA's Incoming Web Request's cert name
> called "xxx.domain.com"?

The Default web site's cert name is xxx.dyndns.biz (this is a dynamic DNS
host name and what we'll be using to access the server remotely). ISA's
Incoming Web request cert name is also xxx.dyndns.biz.

This isn't a big deal right now; the two principals can be set to use VPN
from home, after which everything else will work really great. Sooner or
later, though, I fear we'll get the "Internet kiosk" question, so I want to
be prepared.

Ray Fong [MSFT]

unread,
Dec 9, 2003, 11:25:22 PM12/9/03
to
Default's website's cert should be "Publishing.domain.local" and the ISA's
Incoming Web Request's cert name should be called "xxx.dyndns.biz". CEICW
should take care this for you, unless you manually edit the the cert
settings.

Basically, all the SSL request will be descrpt by ISA's xxx.dnydns.bis
incoming web request, then ISA will reencrypt the traffic and send to
"Publishing.domain.local". That's why the publishing rules created by SBS
in ISA is redirected to "Publishing.domain.local" located in your IIS.

Ray Fong
Microsoft SBS Product Support

This posting is provided "AS IS" with no warranties, and confers no rights.

-

0 new messages