Getting Erorrs “The internal Web site [exchange] could not be created” and “The Web site [exchange] could not be added to the lIS” while Activating the Configuration on a Forefront UAG(Unified Access Gateway) server
You will see the below errors on a Forefront UAG server while activating the UAG configuration:
And if you see the above Error there, first thing you need to check is the Certificate. Make sure you have the Certificate bound to the Trunk, installed not only on the Array Manager but on all the Array Members as well.
In this particular case I had the following Certificate in the Trunk Settings:
And as you can see I have this Cert in my Local Computer Store of the Array Manager:
Now when I go to the Array Member and check my Local Computer Store, I don't see that Certificate there:
As you can see above, I have some other Certificates here but not the*.singh.com Cert, which I am using for my Trunk. So, I put *.singh.com certificate on the Array Member as well and then try to activate the UAG Configuration again from the Array Manager and now I see this in the Array Monitor:
Strange, right? Why would I get the above Error now when I have the Certificate with the same name on both the UAG servers.
Answer is, UAG checks for the ThumbPrint of the Certificate as well while Activating the Config and if it doesn't match on the all the Certificates on all the UAG servers, Activation will Fail.
Please Pay attention to the ThumbPrints on the below Certificates which are from both the Servers:
As you can see above the Certificates don't have the same ThumbPrints and hence we were getting that Error while Activating the UAG configuration.
After I Exported the Certificate from the Array Manager and Imported the same Certificate on the Array Member(which made sure that the ThumbPrint remains the same for the Certificate on both the servers), I was then able to Activate the UAG configuration successfully.
SUPPORT ESCALATION ENGINEER, FOREFRONT EDGE SECURITY, MICROSOFT