I went back through my old mail, and we discussed this problem on 3/21/2005 (I had to look them up to refresh my memory on what I did do...) I followed the steps listed in http://www.isaserver.org/articles/exportsslcert.html step-by-step, matching the text and the pictures of the menus to make sure I was doing it exactly as recommended. No, both users were not logged in simultaneously. It does act like it's in the wrong location, but I've done everything I could to make sure it was installed in the "right" location. If it isn't in the correct place, there must me some other thing I'm missing. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Wednesday, July 13, 2005 9:28 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org Dan, Exactly what steps were followed in each installation case? Are both of you operating on the server simultaneously? I've done this dozens of times and have never encountered this problem *when the certificate is installed in the right location*. -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Wednesday, July 13, 2005 5:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org Okay, I got a chance to test this out with my co-worker this morning. Since "I" installed the certificate the last time, if "he" goes into the web listener and clicks Select, it delays for about 30 seconds, then tells him that there is no certificate installed on the server. If "I" go in and do the same thing, it brings up a box showing the installed certificate. How would you like to test this? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, July 11, 2005 9:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org Hi Dan, This location holds a reference to the certificate handed to the upstream server for client authentication of the ISA itself. As stated in the UI selectbox in the "Bridging" tab: "Use a certificate to authenticate to the SSL Web server" This is completely unrelated to the server certificate installed in the web listener. Basically: Listener == server certificate Rule == client certificate Also, if one admin can see it, but another can't, it's installed in the wrong store. - Server certificates must be installed in the "local computer" personal store. - Client certificates must be installed in the firewall service personal store. NeverEverEverEver install the certificate in a "user" personal store if you want ISA to "see" them. All this is covered in the ISA help, Tom's books, articles on www.microsoft.com/isaserver/guidance and www.isaserver.org. Jim -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Monday, July 11, 2005 4:33 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org Okay, I was testing it out this morning, to see if it was still doing it. I found that if I go into the current web listener, or create a new one, the certificate will show up. If I go into the "Bridging" menu of a publishing rule, it tells me there are no certificates installed on the server. I still have to test the multiple user aspect we experienced before, this is just with a single login. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, July 07, 2005 9:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org It's possible - or even one in ISA. Can you still repro the behavior? If so, would you be willing to run a test script for me? -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Thursday, July 07, 2005 2:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org Yes, it does act like it is a situation where it is in the "user" personal store. Actually, that does explain a lot of the problems. I just know for a fact (I had others verify my steps) that it was installed in the "local computer" store. I've followed the instructions (both from isaserver.org and Microsoft's KB) step-by-step many times over, reading each and every step closely to make sure it was done "correctly". It is possible there is a bug in 2003 server? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, July 07, 2005 9:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org What you describe is what happens when you install the certificate in the "user" personal store; not the "local computer" personal store. -----Original Message----- From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] Sent: Thursday, July 07, 2005 4:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SSL all the way. with OWA. http://www.ISAserver.org I ran into this on ISA2004 many times, it appeared (at the time) to be partly a permissions problem. We have discussed it before in this forum, I described it as this: If one person installs a certificate, any other administrators will get that message that there are no certificates installed (from the ISA console), even though it clearly shows up in the certificates MMC. If a second administrator installs the same certificate again, the first then gets that message (where he didn't before), and the second one can then see it from the ISA console. I don't think it was ever resolved because I could get the certificate installed with the work-around. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: dball@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx