ISA 2004 - MS Firewall Won't Start with https rules

[Killer_Bot]

I've recently took over the responsibilities of our Network Manager at our school and have been left with the job of sorting out our Firewall machine that's running Server 2003 with ISA 2004 SP2. We've had some new equipment in and exported the rules from the old box to the new box.

The issue I'm having is everything works fine so long as our OWA and External MIS rules are not set. I've checked the rules with the old one's and everything is identical. To clarify, I can start the ISA server and it'll run fine, the internet works as it should. As soon as I enable the rules for the OWA and MIS the Firewall service refuses to start.

We had an engineer in on the same day and came to the conclusion it's the certificates for the SSL encryption. He tried copying them across (couldn't export the personal key so copies and pasted them from the 'Machine keys' directory) but that still wouldn't work. It'd show as having a personal key installed when looking at the cert details but still no dice when trying to enable them.

He figured it was permissions on the keys and so changed them using some kind of command, think it was calcs or something like that.

That didn't work and now the same issue is happening on the original box which I'm assuming is to do with the permissions he changed. He eventually gave up 11 hours later but now it's left to me to sort out.

I'm going to look into recreating the certificates through the IIS on the relevant servers but wondered if anyone on here would be able to shed some light on how or why this has happened?

Appreciate any advice you may have, I even appreciate it if you've read this far in and have nothing to say; least you read it

[dalsoth]

I recall reading some forum post from somewhere where some expert was mentioning that copying certificates across on a particular RADIUS setup would not work. They had to be exported and then imported etc.. The problem the guy who posted had was that he copied and pasted them into the new machines store. I really do not have much experience with your problem and can see you had an issue trying to export/import but i would go back and try this again and try to overcome it.

Perhaps someone else will come up with something much more useful but it just reminded me of this thread i read somewhere a while ago as i remembered thinking how i should remember how things like that are important sometimes.

[Killer_Bot]

Well I reissued the certificates today and put them on the exchange box. Exported them with the key for the ISA box and atleast now they are showing up when selecting the OWA Listener. Still no dice as soon as they're activated though.

Have spoken with two network engineers so far and both are stumped

Have recreated the rules, imported and exported but whatever I try I get stuck at the same hurdle.

Does anybody else have any ideas?