jueves, 5 de mayo de 2011

Connection broken between ISA FW and ISA Storage conf.

The only case that I see this issue is when the cert on ADAM instance was expire, but I have the same issue with a intermediate Verising cert for an application.

Verising has two new cert for SLL apps, so take care with those because there is one that has problem with ISA server:

1.

2.

Those certs has a different serial number version, on one of those there is something wrong because when we paste it on the server, isa server stop to work:

VeriSign Class 3 Public Primary Certification Authority - G5 (serial number)

1b 09 3b 78 60 96 da 37 bb a4 51 94 46 c8 96 78 --- wrong cert

18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a--- wrong cert

25 0c e8 e0 30 61 2e 9f 2b 89 f7 05 4d 7c f8 fd --- correct cert

Solution:

Just replace the cert for the correct one and the problem will be solved.

3.

4.

On this document there is information about How to Securely Publish a Configuration Storage Server in ISA Server 2006 and also how to change an expiate certificate:

http://technet.microsoft.com/en-us/library/bb794830.aspx

How to Back Up and Restore an ISA Server Enterprise Configuration (Enterprise Edition)

http://technet.microsoft.com/en-us/library/bb794757.aspx

In ISA Server 2006 EE the configuration is stored in ADAM (Active Directory Application Mode)
Connect to you ADAM ADSI Edit
Server Name: localhost and port: 2171
Connect to the following node:
Distinguished name (DN) or namingContext: CN=FPC2
Navigate to CN=Array-Root
CN=Arrays
CN={ID of your Array}
CN=ArrayPolicy
CN=PolicyRules
CN={ID of the bad rule}

5.

No hay comentarios:

Publicar un comentario