Scenario is same as mentioned in the post for installation of ISA server in workgroup.
Getting error " An attempt to establish an SSL channel with the Configuration Storage server computer failed."
Error description= The specified server cannot perform the requested operation.
This can happen if you have not installed the root certificate of the Issuing Authority i.e Certification Authority in the trusted CA computer store on the server. So the first thing to check in this scenario is if rootCA certificate is installed on the trusted CA certificate store or not? If yes then check if its correct and not expired.
If CA certificate is correct then we can use a tool called ldp that comes along with windows support tools, install windows support tools on Isaserver2.contoso.com and then open ldp and connect to Isaserver1.contoso.com (i.e. css server) on port 2172 with ssl.
if the above mentioned test fails then repeat the ldp connect steps from the CSS server i.e. Isaserver1.contoso.com to itself and see if you can connect using port 2172 with ssl .If yes then the server authetication certificate is correct and ssl part is functional ,if not then issue could be related to the certificates. . Things that you would like to check regarding the certificates on the CSS server are:
a. Check the server authentication certificate first.
b. To whom this certificate is issued and does it match the name of the CSS server i.e. is it issued to Isaserver1.contoso.com?
c. Is this certificate expired? what's the validity period for this certificate?
d. Does this certificate have the private key?
e. Who is the Issuing Certificate Authority?
f. Then check the certificate of the Issuing Certificate Authority and its validity period.
Will discuss variations to this scenario in my coming posts.