The target principal name is incorrect RRS feed

  • Question

  • Anyone know how to solve this error?

    I am using ISA 2006 as a reverse proxy for OCS SE and have this error when trying to access the website. I have change the cert common name to be the same as the publish name, but still have this error.


    Friday, June 22, 2007 7:47 AM


All replies

  • Same problem here...

    Do you have found a solution?




    Wednesday, July 11, 2007 7:26 AM
  • I was able to solve the problem in my deployment:

    It's (surprise) a certificate related problem. The commonname of the server has also to be the first DNS-entry in the SAN. You can finde a instruction here: http://forums.microsoft.com/technet/showpost.aspx?postid=1350662&siteid=17

    Friday, July 13, 2007 12:53 PM
  • Thomas,

    We have the same challenges.. we have applied a certificate on the listener using the public addres with the domain name suffix. The certifcate has been imported successfuly and is Valid.

    Did you also select a certificate in the Bridging tab of the firewall proxy rule? Should this be the certificate with the name of the internal OCS machine? (so to make SSL bridging possible you need to apply the certificate with the FQLN on the firewall and a certificate with the internal OCS name in the Bridging configuration).

    We still get the error:

    Technical Information (for support personnel)

    • Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)
    Any hints?

    Monday, August 6, 2007 10:31 AM
  • I think my answer should be here...


    Tuesday, August 7, 2007 5:54 AM
  • I'm stuck with configuring a listener on ISA and a created a new post.


    Tuesday, August 7, 2007 7:08 AM
  • The url in my previous post is not working...

    Tuesday, August 7, 2007 7:10 AM

    I got it running.....


    There was nothing wrong with the certificates created but you should import it on the local computer (certificate MMC) on the ISA machine. Right click on the MMC certificate tree, follow the import wizard steps and it will be installed under the personal folder (this is the default and right location). Now the pivate key error doesn't occur anymore.


    Regarding ISA 2006 we have discovered that our current installation was malfunctioning. It couldn't be configured anymore with a reverse proxy. It simply couldn't redirect traffic to the internal OCS machine anymore....


    We have re-installed another virtual instance with ISA2006 and configured it exactly the same. This time the reverse proxy works as designed! We still don't know why our previous ISA installation couldn't be configured ... maybe the software version is from another build and has some bugs.


    So my advice is to follow the step in the Edge Server Deployment guide regarding the reverse proxy. And for creating certificates the certificate wizard in OCS is the best tool. You can easily create certificates for all your servers that should be accessible with an internal and external fully qualified name. 


    That's it for now.



    Saturday, August 11, 2007 5:21 AM