Microsoft Knowledge Base Article
This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved.
Terms
of Use |
Trademarks
Article ID: 922724 - Last Review: March 12, 2007 - Revision: 1.0
The IISSync command does not run successfully when you use SSL and server certificates in an IIS 5.0 cluster
When you use the IISSync command to synchronize two nodes (for example, node A and node B) in an Internet Information Services (IIS) 5.0 cluster, you receive one of the following error messages:
An attempt was made to reference a token that does not exist. At least one target computer was not replicated successfully.
The path specified cannot be used at this time. At least one target computer was not replicated successfully.
This problem occurs if the following conditions are true:
- You have installed a Web server certificate on node A.
- You use Secure Sockets Layer (SSL) on node A.
This issue may occur if the certificate that you use does not have an exportable private key. The IISSync command cannot replicate the private key if the private key is not exportable. Therefore, the IISSync command is not successful.
To work around this issue, make sure that the certificate that you are using has an exportable private key. If the certificate that you are using does not have an exportable private key, try to use a certificate that has an exportable private key.
If you still experience the issue after you use a certificate that has an exportable private key, follow these steps:
- On node A, disable SSL in IIS 5.0.
For more information about how to disable SSL in IIS, click the following article number to view the article in the Microsoft Knowledge Base:
187498Â
(http://kbalertz.com/Feedback.aspx?kbNumber=187498/
)
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
- On node A, open a command prompt.
- At the command prompt, type IISSync node B, and then press ENTER to synchronize Web sites on both nodes.
- Close the command prompt.
- Install a root certification authority certificate on both node A and node B.
- Export the certificate that you want to use from node A to node B.
For more information about how to export a certificate, click the following article number to view the article in the Microsoft Knowledge Base:
232136Â
(http://kbalertz.com/Feedback.aspx?kbNumber=232136/
)
How to back up a server certificate in Internet Information Services 5.0
Note Make sure that the certificate that you export has a private key that is exportable. - On node B, import the certificate that you exported from node A.
- In Internet Services Manager, bind the certificate that you imported to the Web site that you want to enable SSL for.
For more information about how to import and bind a certificate to a Web site, click the following article number to view the article in the Microsoft Knowledge Base:
232137Â
(http://kbalertz.com/Feedback.aspx?kbNumber=232137/
)
How to Import a Server Certificate for Use in Internet Information Services 5.0
- On node A, enable SSL.
- On node A, run the IISSync command again.
For more information about other related issues and information, click the following article number to view the article in the Microsoft Knowledge Base:
288207Â
(http://kbalertz.com/Feedback.aspx?kbNumber=288207/
)
PRB: IISSYNC may fail if SSL is enabled on IIS 5.0/Windows 2000 cluster
280400Â
(http://kbalertz.com/Feedback.aspx?kbNumber=280400/
)
How to Configure the SMTP Resource on a Windows 2000-Based Server Cluster
249603Â
(http://kbalertz.com/Feedback.aspx?kbNumber=249603/
)
Using IISSync to synchronize clustered Web sites on Windows 2000 Advanced Server
APPLIES TO
- Microsoft Internet Information Services 5.0
| kbexpertiseadvanced kbtshoot KB922724 |
Retired KB Content DisclaimerThis article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Community Feedback System
Very often, it takes hours to solve a problem. Very often, you've looked high
and low, and have tried a lot of solutions. When you finally found it, chances
are, it was because someone else helped you. Here's your chance to give back.
Use our community feedback tool to let others know what worked for you and what
didn't.
Please also understand that the community feedback system is not warranted to be
correct, it's simply a system that we've built to let people try and help each
other. If something in a feedback response doesn't make sense to you, or you're
not comfortable making changes that the feedback talks about (like registry
edits), please consult a professional.
Thank you for using kbAlertz.com Feedback System.
-- Scott Cate
Be the first to leave feedback, to help others about this knowledge base
article.
(Optional) Name
(Optional)
Public URL Or Email
Comments
No
HTML -- Text Only Please