I have a web app which is extended to extranet for our clients to access. We have setup a different AD server and domain for dmz and clients have to be authenticated against that domain. I'm little confused about the setup especially what all web.config files I have to update.

Do I have to update the web.config file for Central admin site and the extended web app. According to this blog I need to do update both, but as soon as I make the changes in the web.config for central admin, central admin site stops working. Here is what I added to the central admin web.config file

between /Sharepoint and system.web I have this

  <connectionStrings>
 <add name="DMZConnectionString"
    connectionString= "LDAP://dmz.xxx.com:389/OU=Clients,DC=dmz,DC=xxx,DC=com "/>

Between system.web and securityPolicy

<membership defaultProvider=”DMZADProvider“>
     <providers>
      <add
        name="DMZADProvider"
          connectionStringName="DMZConnectionString"
          connectionUsername="DMZ\ldapUser"
          connectionPassword="Password"
          enableSearchMethods="true"
          attributeMapUsername="userPrincipalName" 
          type="System.Web.Security.ActiveDirectoryMembershipProvider,
            System.Web, Version=2.0.0.0,
            Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      </providers>
    </membership>

I know the connectionusername and password works becuase I use the same in SSP for importing profiles. Any idea what might be causing the error?