crp0499
asked on
ISA server 2004 and SurfControl Reports
I am having trouble making SurfControl Reporting work. When I attempt to access my SurfControl Reports, I receive the following error message.
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 10.0.0.1
Date: 3/28/2006 8:11:51 PM <LI
Can anyone assist me in resolving this problem?
Thanks
Cliff
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 10.0.0.1
Date: 3/28/2006 8:11:51 PM <LI
Can anyone assist me in resolving this problem?
Thanks
Cliff
ASKER
MY ISA and SurfControl server are one in the same. I'm thinking I need an internal to internal connection, right?
Are you connecting to the surfcontrol on the external ip address or the internal ip address of ISA?
Isa only supports ssl on port 443 'out-of-the-box' It will not use other ssl port numbers (there is a script to run if you want to do that)
If you connect to the internal ISA ip and the port number does it work then?
Isa only supports ssl on port 443 'out-of-the-box' It will not use other ssl port numbers (there is a script to run if you want to do that)
If you connect to the internal ISA ip and the port number does it work then?
ASKER
I haven't gotten that far yet. I just found out that my default web site was stopped and would not start. I've gotten that taken care of, now I'm reinstalling the reporting tool.
Yep. I would say so. Your SurfControl will be using Web access to get present the application and so will go straight to ISA for its rules.
Set up a rule for SC that has port groups of 443 and 3910. I believe this is enough as I can't find anything else that it uses.
Barny
Set up a rule for SC that has port groups of 443 and 3910. I believe this is enough as I can't find anything else that it uses.
Barny
There should be no rules involved as the surfcontrol and the ISA are installed (I assume) on the same server.
ASKER
Yes, on same server. So you're saying if SC is installed in the ISA, then there should be no rules required?
Correct as the rule would to allow local host to talk to local host.
i assume you have the standard rule that lets local host and internal talk to each other anyway.. As mentioned above, the 'funnies' start when you try to specifically call the external interface of the ISA using https for a port other than 443.
regards
keith
i assume you have the standard rule that lets local host and internal talk to each other anyway.. As mentioned above, the 'funnies' start when you try to specifically call the external interface of the ISA using https for a port other than 443.
regards
keith
ASKER
At this point, when I logged into the server, the default web site was stopped. It would not start on port 80 as that file was in use by another process. So, I changed the port on the default web site to 8081 and it started. I assumed reporting would fail so long as the default web site was not running anyway, so I'd better solve that problem first.
Now, with the default web site up and running, I have moved to the problem of the reporting. During my previous efforts, I uninstalled IIS and reinstalled it. That trashed my subfolders that were established for reporting so I plan now to reinstall the reporting tool and go from there. I also plan on leaving SSL on 443 and not jacking with it.
How's my plan sound?
Now, with the default web site up and running, I have moved to the problem of the reporting. During my previous efforts, I uninstalled IIS and reinstalled it. That trashed my subfolders that were established for reporting so I plan now to reinstall the reporting tool and go from there. I also plan on leaving SSL on 443 and not jacking with it.
How's my plan sound?
I'm a great believer in keeping it simple. Sounds good to me.
Keith, you are right about the local host. It's been a long day and I'm missing the bleeding obvious !!!!
Barny
Barny
Don't beat up on it :) (wait till after he/she has it working lol).Its nearly 1AM here and I am out on my feet so going to bed.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Glad to hear it. Good for Surf Control tech support.
If you are able, can you open any to any and see if that works, then re-enable your rules until it stops?
Is there a log reference showing which rule rejected the traffic (I expect it to be your catch all block any any).
Hope this helps
Barny