We are migrating a WSS 3.0 site (remotely hosted) to MOSS 2007 (locally hosted). The site must be CAC enabled (we are hosting a government site), and allow anonymous access to the top level sites, but your CAC must be tied to an AD account to see most of the portal. On our production server, we have a web app on port 80, and SSL enabled on Port 443. SSL is required, a certificate is assigned to the web app, client certificates are required, client certificate mapping is enabled. The web site is accessible by IP (https : //{IP address}), but we are waiting on DNS (https : // our_site.mil is not available yet). The certificate is mapped to our DNS name. When you hit the site, you get the "There is a problem with this website's security certificate" error, because DNS is not set up. You proceed to the site, get prompted for a certificate, and the site is displayed. Now, once you are on the site, you see "Sign In" instead of a welcome message, even though the CAC certificate I used is associated with an AD account. I _SHOULD_ see "Welcome, Chris Douglas", but I don't. So, what are we doing wrong? Christopher W. Douglas

You said the top-level sites allow anonymous access. It seems they are not requesting the client to authenticate since there's no need. If you disable anonymous access on that site, you'd be authenticated and have "Welcome, Chris Douglas." Your setup seems sound, mostly. I'd use TMG as the SSL endpoint not the server itself.Wahid Saleemi Sr. Consultant, Avanade http://www.wahidsaleemi.com