Microsoft KB Archive/922724

From BetaArchive Wiki
Knowledge Base


The IISSync command does not run successfully when you use SSL and server certificates in an IIS 5.0 cluster

Article ID: 922724

Article Last Modified on 3/12/2007


APPLIES TO

  • Microsoft Internet Information Services 5.0



SYMPTOMS

When you use the IISSync command to synchronize two nodes (for example, node A and node B) in an Internet Information Services (IIS) 5.0 cluster, you receive one of the following error messages:

An attempt was made to reference a token that does not exist. At least one target computer was not replicated successfully.

The path specified cannot be used at this time. At least one target computer was not replicated successfully.

This problem occurs if the following conditions are true:

  • You have installed a Web server certificate on node A.
  • You use Secure Sockets Layer (SSL) on node A.


CAUSE

This issue may occur if the certificate that you use does not have an exportable private key. The IISSync command cannot replicate the private key if the private key is not exportable. Therefore, the IISSync command is not successful.

WORKAROUND

To work around this issue, make sure that the certificate that you are using has an exportable private key. If the certificate that you are using does not have an exportable private key, try to use a certificate that has an exportable private key.

If you still experience the issue after you use a certificate that has an exportable private key, follow these steps:

  1. On node A, disable SSL in IIS 5.0.
    For more information about how to disable SSL in IIS, click the following article number to view the article in the Microsoft Knowledge Base:

    187498 How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

  2. On node A, open a command prompt.
  3. At the command prompt, type IISSync node B, and then press ENTER to synchronize Web sites on both nodes.
  4. Close the command prompt.
  5. Install a root certification authority certificate on both node A and node B.
  6. Export the certificate that you want to use from node A to node B. For more information about how to export a certificate, click the following article number to view the article in the Microsoft Knowledge Base:

    232136 How to back up a server certificate in Internet Information Services 5.0

    Note Make sure that the certificate that you export has a private key that is exportable.
  7. On node B, import the certificate that you exported from node A.
  8. In Internet Services Manager, bind the certificate that you imported to the Web site that you want to enable SSL for. For more information about how to import and bind a certificate to a Web site, click the following article number to view the article in the Microsoft Knowledge Base:

    232137 How to Import a Server Certificate for Use in Internet Information Services 5.0

  9. On node A, enable SSL.
  10. On node A, run the IISSync command again.


MORE INFORMATION

For more information about other related issues and information, click the following article number to view the article in the Microsoft Knowledge Base:

288207 PRB: IISSYNC may fail if SSL is enabled on IIS 5.0/Windows 2000 cluster


280400 How to Configure the SMTP Resource on a Windows 2000-Based Server Cluster


249603 Using IISSync to synchronize clustered Web sites on Windows 2000 Advanced Server


Keywords: kbexpertiseadvanced kbtshoot KB922724



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/922724&oldid=222781
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki