Added to my RSS readerWhile doing a ISA Server deployment recently I came across this tricky little problem:
Event ID: 12260 Source: Microsoft ISA Server Job Scheduler
This error may be due to a corrupted certificate or insufficient permissions to access the certificate.
Locate the reported certificate in the local machine store. If required, reinstall the certificate and its private key, or delete it.
Why?
This occurs because of the way that the certificate is applied. If you import an SSL cert from a .PFX file via the the method described below the problem occurs:
…"Place all certificates in the following store" should be selected, and below it, the Personal node should also be selected. Press "Next". Press "finish" on the next screen and your certificate has been successfully imported.
If you do this the cert is placed in the Personal node of the Current User not the Personal node of the Local Computer.
If you open the Certificates store MMC you will see the following:
This is also the case if you choose the “Automatic select option” option
The obvious thing to do to resolve this misplacement is to open the Certificate store, cut and paste the Cert from Current User into Local Computer Personal store. You open the Cert and everything looks fine the certificate chain all works and the certificate says that it has its private key. Great….
Then you go into ISA and configure your web listener and select your Cert only to find that ISA is not happy…
Notice that the Certificate is correctly installed according to the GUI, but ISA is not happy. If you look in the application log you will see an error 12660.
To resolve this is:
First delete the Certificate in the Local Computer Personal store
Then right click on the Local Computer Personal store and select Import
Navigate to your PFX file
Follow the wizard
Bingo
Here is an example errors
This is what you see if you allow auto placement or follow the instructions without installing via an import in the certificate store. Notice that the Private Key is correctly installed but the Certificate store is wrong.
This is what you see if you move the Cert to the correct Local Computer Personal store. The Certificate store is correct but the Private key now shows an error.
And finally how it should all look 
The event id 12660 also mentions permissions. You need to check that the certificate store is accessible by the system account. In order to check this navigate to \Documents and Settings\All Users\Application Data\Microsoft\crypto check that SYSTEM has full control on this folder.
Further info
How to install and use certificates for SSL connections in ISA Server 2006
http://support.microsoft.com/kb/840614
Troubleshooting SSL Certificates in ISA Server 2004 Publishing http://technet.microsoft.com/en-gb/library/cc302619.aspx
Pingback by Security Proxy for Exchange 2007 | Dialup and Mocha — May 15, 2009 @ 3:39 am
[...] Valid Self-cert for ISA 2006 [...]