Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

The IISSync command does not run successfully when you use SSL and server certificates in an IIS 5.0 cluster

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 922724 - Last Review: March 12, 2007 - Revision: 1.0

The IISSync command does not run successfully when you use SSL and server certificates in an IIS 5.0 cluster

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.

SYMPTOMS

When you use the IISSync command to synchronize two nodes (for example, node A and node B) in an Internet Information Services (IIS) 5.0 cluster, you receive one of the following error messages:
An attempt was made to reference a token that does not exist. At least one target computer was not replicated successfully.
The path specified cannot be used at this time. At least one target computer was not replicated successfully.
This problem occurs if the following conditions are true:
  • You have installed a Web server certificate on node A.
  • You use Secure Sockets Layer (SSL) on node A.
Back to the top

CAUSE

This issue may occur if the certificate that you use does not have an exportable private key. The IISSync command cannot replicate the private key if the private key is not exportable. Therefore, the IISSync command is not successful.
Back to the top

WORKAROUND

To work around this issue, make sure that the certificate that you are using has an exportable private key. If the certificate that you are using does not have an exportable private key, try to use a certificate that has an exportable private key.

If you still experience the issue after you use a certificate that has an exportable private key, follow these steps:
  1. On node A, disable SSL in IIS 5.0.
    For more information about how to disable SSL in IIS, click the following article number to view the article in the Microsoft Knowledge Base:
    187498  (http://kbalertz.com/Feedback.aspx?kbNumber=187498/ ) How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
  2. On node A, open a command prompt.
  3. At the command prompt, type IISSync node B, and then press ENTER to synchronize Web sites on both nodes.
  4. Close the command prompt.
  5. Install a root certification authority certificate on both node A and node B.
  6. Export the certificate that you want to use from node A to node B. For more information about how to export a certificate, click the following article number to view the article in the Microsoft Knowledge Base:
    232136  (http://kbalertz.com/Feedback.aspx?kbNumber=232136/ ) How to back up a server certificate in Internet Information Services 5.0
    Note Make sure that the certificate that you export has a private key that is exportable.
  7. On node B, import the certificate that you exported from node A.
  8. In Internet Services Manager, bind the certificate that you imported to the Web site that you want to enable SSL for. For more information about how to import and bind a certificate to a Web site, click the following article number to view the article in the Microsoft Knowledge Base:
    232137  (http://kbalertz.com/Feedback.aspx?kbNumber=232137/ ) How to Import a Server Certificate for Use in Internet Information Services 5.0
  9. On node A, enable SSL.
  10. On node A, run the IISSync command again.
Back to the top

MORE INFORMATION

For more information about other related issues and information, click the following article number to view the article in the Microsoft Knowledge Base:
288207  (http://kbalertz.com/Feedback.aspx?kbNumber=288207/ ) PRB: IISSYNC may fail if SSL is enabled on IIS 5.0/Windows 2000 cluster
280400  (http://kbalertz.com/Feedback.aspx?kbNumber=280400/ ) How to Configure the SMTP Resource on a Windows 2000-Based Server Cluster
249603  (http://kbalertz.com/Feedback.aspx?kbNumber=249603/ ) Using IISSync to synchronize clustered Web sites on Windows 2000 Advanced Server
Back to the top
APPLIES TO
  • Microsoft Internet Information Services 5.0
Back to the top
Keywords: 
kbexpertiseadvanced kbtshoot KB922724
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting