Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You receive a "The target principal name is incorrect" error message when you connect to a Web site that was published by using ISA Server 2000 Web publishing


View products that this article applies to.

This article was previously published under Q328917

↑ Back to the top


Symptoms

When an external client connects to a Web site, the client may receive the following error message:
500 Internal Server Error - The target principal name is incorrect. (-2146893022)
This symptom occurs if the Web site was published by using Web Publishing on a Microsoft Internet Security and Acceleration (ISA) Server 2000-based computer. Additionally, one of the following events may appear in the ISA Server 2000-based computer event log:

07.09.2002 16:15:08 Microsoft Web Proxy Error None 14200 N/A iis-secure ISA Server failed to establish an SSL connection with iis-secure.domain.com. The target principal name is incorrect.

07.09.2002 16:15:08 Microsoft Web Proxy Error None 14200 N/A 10.10.10.10 ISA Server failed to establish an SSL connection with iis-secure.domain.com. The target principal name is incorrect.

This symptom occurs if the internal connection from the ISA Server 2000-based computer to the published Web site is a Secure Sockets Layer (SSL) connection. Additionally, this symptom may occur when an external client connects to the published site on an ISA Server 2000-based computer by using HTTP or HTTPS.

↑ Back to the top


Cause

This problem occurs if an item does not match the common name of the Web server certificate that is mapped to the Web site. The item can be any one of the following items that ISA Server 2000 uses to connect to the internal Web server that is running Microsoft Internet Information Services (IIS):
  • The fully qualified domain name (FQDN)
  • The NetBIOS name
  • The IP address

↑ Back to the top


Resolution

To resolve this problem, check the common name of the Web server certificate and change the Web Publishing Rule on ISA Server 2000 to match this name. To do this, follow these steps:
  1. Click Start, point to Programs, point to Microsoft ISA Server, click ISA Server Management, and then click Web Publishing.
  2. Right-click the Web publishing rule that you want, click Properties, and then click the Action tab.
  3. Make sure that the Send original host header to the published server instead of the original one check box is not selected.

    Note If the Send original host header to the published server instead of the original one check box is selected, you must make sure that the host header that the external client uses to connect to the published Web site matches the common name of the Web server certificate.
  4. Under Redirect the request to this internal Web server, type the correct common name of the Web server certificate.

    Note Make sure that the internal network can correctly resolve the common name of the Web server certificate.

↑ Back to the top


Keywords: KB328917, kbprb

↑ Back to the top

Article Info
Article ID : 328917
Revision : 2
Created on : 10/26/2004
Published on : 10/26/2004
Exists online : False
Views : 425