Question : Error Code: 500 Internal Server Error. The target principal name is incorrect

After moving (i.e., an actual physical move to a brand new building) the Windows SBS server from one location to another, accessing OWA or Remote no longer work. Now this used to work (for several months). When I moved the SBS server, the only two things I changed were the WAN IP address and the Gateway address in the SonicWall (which is the external firewall we are also using with ISA 2004) because we recd new addresses. (BACKGROUND information on setup: using a Netopia router which the Sonicwall is connected to and have an SBS server (with the Blackberry server installed on it - but that is not causing this problem because it was working prior).

As mentioned, this used to work for several months so what would cause this now to not work? Creating the certificates and creating the publishing rules were actually done by someone else so I do not know how he did a lot of things. However, I have tried several things. In another forum someone suggested I re-run CEICW and I did but it still does not work. Could the certificate be looking for the old ip addresses? Can a certificate be modified? How do I delete the old certificate(s)? Do I have re-create it and if so, how?? I have checked the publishing rules in ISA and all show that certificate that he created and I do not see where it is looking for the old "static" IP address (I changed the static IP address in the Sonicwall for the WAN IP address). There is also a hosts file on C:\ and in that file, it shows the server internal IP address which that did not change.

Also for the CEICW, it states create a web server certificate named ISAcert.cer in \sbcert folder and to also create an additional web server certificate named sbscert.cer and install this certificate in IIS. How is all of this done?

Since I am not even close to being an expert here, theres a lot I do not know how to do but can definitely follow detailed instructions. So if anyone can just tell me what I need to look for, how to create certificates (or use the snap-in?) and anything else, I would truly appreciate it! I have been working on this for over 2 months now and if I was not confused at the beginning, I am definitely confused now! I have read and printed out so much information off of the internet about the 500 error message, publishing rules, etc., that I do not know where to start anymore. PLEASE help!!!!!

Answer : Error Code: 500 Internal Server Error. The target principal name is incorrect

Jackee99,

If you aren't quite sure then I'd bring in an expert personally, no sense in beating your head against the wall for days, and having users upset.

To go back over the #s you posted:

1. You'll need to check your ISA setup. Again you'll probably need someone onsite that knows ISA

2. That I don't know. I've had a Sonicwall in the past, but I'm not familiar with them now. There may be some diagnostics tabs or logging that you could use to help troubleshoot if the traffic is getting past the Sonicwall or not.

3. No, I'm simply stating that Reverse DNS zones are typically controlled by the companies that own that IP block. You can contact whoever gave you that IP range and ask them about the reverse lookups and if there are entries for that IP or not.

4. Again, probably need an expert. But a quick way is to first check the TCP/IP properties on the external NIC of the ISA server and see what IPs are assigned to it. Then inside ISA, look on the right for "Web Listeners". This is very generic what I'm telling you, but a walkthrough is pretty long and detailed.

5. Basically double natting is when the NAT address changes twice. For instance if your internal ISA IP is 10.10.100.2 then that's your internal IP range. The external IP on ISA could be 192.168.100.2, that's your "DMZ range". Then the internal IP of the Sonicwall is 192.168.100.1, and it's external is some IP that SBC gave you. That would be "double natting" you are essentially changing your 10.10.100.2 twice, first into a 192.168 address, and then again by the Sonicwall into an external SBC address. Things start to get sticky then. It could be even worse if you are again Natting from the Sonicwall to the Netopia and then out to SBC. That would be pretty wild!

Again, it's not that I don't mind helping, but troubleshooting on EE isn't easy, and we could go in circles for days since I can't actually see the setup. Hiring an ISA consultant to swing in and work it out may be your best option.

I would also suggest going to isaserver.org and getting the ISA 2004 book, it's a great resource if you are going to be using ISA.

Random Solutions

ALCATEL ADSL MODEM Configuration

vpn-client with security-tokens and BM3.8 with or withhout rsa-e server?

DHCP Problem on a Cisco 837

lotus note create attachment function not showing proper application icon

How do I bypass my school network so that I can have full access?

How to use wpad.dat and DHCP option 252/DNS

Jboss start time

VPN Aggressive MOde

nslookup by name only doesnt show result.

NetWare 5.1 sp7 eDir 85.27 upgrade to NetWare 6.5 sp3