This post is about a case that I recently worked here in CSS. The problem was that customer has an ISA Server 2004 publishing OWA from Exchange 2007 and he was getting the error below:
500 Internet Server Error – The target principal name is incorrect
Everything was running just fine until they changed the certificate in both places (ISA and Exchange). The certificate used to be mail.contoso.com and it was changed to *.contoso.com. After this change this issue started to happen when it try to access the OWA from outside. Looks familiar? I guess so right, this is known issue explained here:
The reason why I’m bring this up now is because people are starting to renew some certificates and are planning on what path to choose as far as certificate type is concern. Wildcard certificate is good, but be aware of the above limitation on ISA and also that Exchange 2007 has some limitations on that too, such as this one below:
Wildcard Certificate Causes Client Connectivity Issues for Outlook Anywhere
Note: Exchange Team strongly recommends using SAN Certificate and now with ISA Server 2006 SP1 being able to read the SAN Certificate we have the perfect match.
For more info on Certificate for Exchange read this cool article on the Exchange Team Blog site: