Microsoft KB Archive/328917

= You receive a &quot;The target principal name is incorrect&quot; error message when you connect to a Web site that was published by using ISA Server 2000 Web publishing =

Article ID: 328917

Article Last Modified on 10/26/2004

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1

-



This article was previously published under Q328917



SYMPTOMS
When an external client connects to a Web site, the client may receive the following error message:

500 Internal Server Error - The target principal name is incorrect. (-2146893022)

This symptom occurs if the Web site was published by using Web Publishing on a Microsoft Internet Security and Acceleration (ISA) Server 2000-based computer. Additionally, one of the following events may appear in the ISA Server 2000-based computer event log: 07.09.2002 16:15:08 Microsoft Web Proxy Error None 14200 N/A iis-secure ISA Server failed to establish an SSL connection with iis-secure.domain.com. The target principal name is incorrect.

07.09.2002 16:15:08 Microsoft Web Proxy Error None 14200 N/A 10.10.10.10 ISA Server failed to establish an SSL connection with iis-secure.domain.com. The target principal name is incorrect.

This symptom occurs if the internal connection from the ISA Server 2000-based computer to the published Web site is a Secure Sockets Layer (SSL) connection. Additionally, this symptom may occur when an external client connects to the published site on an ISA Server 2000-based computer by using HTTP or HTTPS.



CAUSE
This problem occurs if an item does not match the common name of the Web server certificate that is mapped to the Web site. The item can be any one of the following items that ISA Server 2000 uses to connect to the internal Web server that is running Microsoft Internet Information Services (IIS):
 * The fully qualified domain name (FQDN)
 * The NetBIOS name
 * The IP address



RESOLUTION
To resolve this problem, check the common name of the Web server certificate and change the Web Publishing Rule on ISA Server 2000 to match this name. To do this, follow these steps:
 * 1) Click Start, point to Programs, point to Microsoft ISA Server, click ISA Server Management, and then click Web Publishing.
 * 2) Right-click the Web publishing rule that you want, click Properties, and then click the Action tab.
 * 3) Make sure that the Send original host header to the published server instead of the original one check box is not selected.

Note If the Send original host header to the published server instead of the original one check box is selected, you must make sure that the host header that the external client uses to connect to the published Web site matches the common name of the Web server certificate.
 * 1) Under Redirect the request to this internal Web server, type the correct common name of the Web server certificate.

Note Make sure that the internal network can correctly resolve the common name of the Web server certificate.

Additional query words: publish

Keywords: kbprb KB328917

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.