[isalist] Re: ISA Server 2006 Intra-Array Communication
- From: "Jerry Young" <jerrygyoungii@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 24 Oct 2008 11:31:04 -0400
Something else to add to the list of possible causes.
Turns out an expired intermediary certificate (thanks VeriSign :P) existed
in the Intermediate Certification Authorities Computer Store. The new one
was being dropped into the Personal Computer Store. By deleting the expired
certificate and moving the new one to the Intermediate Certification
Authorities Computer Store, the issue was resolved.
On Thu, Oct 23, 2008 at 10:19 PM, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
> http://www.ISAserver.org <http://www.isaserver.org/>
> -------------------------------------------------------
>
> This can also happen when you dbl-click on the cert, import it to your
> personal store, realize your mistake and copy it to the machine store.
> When you do this, the private key stays in your personal store.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jerry Young
> Sent: Thursday, October 23, 2008 9:10 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA Server 2006 Intra-Array Communication
>
> Actually, I did. :(
>
>
> On Thu, Oct 23, 2008 at 12:02 PM, Steve Moffat <steve@xxxxxxxxxx> wrote:
>
>
> You haven't exported the private key along with the cert.
>
>
>
> S
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:
> isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young
> Sent: Thursday, October 23, 2008 12:39 PM
> To: ISA Mailing List
> Subject: [isalist] Re: ISA Server 2006 Intra-Array Communication
>
>
>
> So... this is what I see (see attachment) after I import the SSL
> cert received from VeriSign on both servers and attempt to assign it to a
> listener. It's driving me nuts. :(
>
>
>
> Thoughts?
>
> On Thu, Oct 23, 2008 at 10:54 AM, Jim Harrison <Jim@xxxxxxxxxxxx>
> wrote:
>
> http://www.ISAserver.org <http://www.isaserver.org/> <
> http://www.isaserver.org/>
> -------------------------------------------------------
>
> This is set in the "Communication" tab of each server properties.
> You tell ISA what IP address to use and the interface is selected on
> that basis.
> Er..
> Why do you want them to communicate with each other via the external
> interface?
> There can be no web proxy listener operating there an so no
> intra-array communications can take place.
> Do the certs exist on all array members? They must if you want to
> assign them to a VIP.
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:
> isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young
> Sent: Thursday, October 23, 2008 7:18 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] ISA Server 2006 Intra-Array Communication
>
> All,
>
> I seem to recall reading something that talked about a Registry
> entry that can be used to tell ISA Server which interface to use for
> intra-array communication. This is not the same as the
> UnicastInterHostCommSupport Registry value.
>
> Right now, I'm in the process of standing up a pair of ISA Servers
> in an array but am waiting for the network engineers to properly configure
> the switch port to which the external interface on one the servers is
> connected. Until that time, the two servers can't communicate with each
> other over the external interfaces. I'm running into some strange behavior
> (machine certs sometimes show as installed correctly, not installed
> correctly, or can't be found) when attempting to assign a certificate
> (different from the machine cert) to a listener that runs on top of an NLB
> VIP on the external interfaces and I'd like to rule out network connectivity
> between the two as a potential cause.
>
> Does anyone know of which I write or did I somehow muddle and morph
> something I read into something that doesn't exist?
> --
> Cordially yours,
> Jerry G. Young II
> Microsoft Certified Systems Engineer
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
>
> --
> Cordially yours,
> Jerry G. Young II
> Microsoft Certified Systems Engineer
>
>
>
>
> --
> Cordially yours,
> Jerry G. Young II
> Microsoft Certified Systems Engineer
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Other related posts:
