ISA server 2004 and SurfControl Reports

I am having trouble making SurfControl Reporting work.  When I attempt to access my SurfControl Reports, I receive the following error message.

Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address:
Date: 3/28/2006 8:11:51 PM <LI
Can anyone assist me in resolving this problem?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Obvious question. Have you set up a rule to allow IP traffic on port 443 from your SurfControl server to the ISA server? If it is the same box, then this will still need a rule as SurfControl is a web based application. It also uses port 3910 so you may need to open this up as well.

If you are able, can you open any to any and see if that works, then re-enable your rules until it stops?

Is there a log reference showing which rule rejected the traffic (I expect it to be your catch all block any any).

Hope this helps
crp0499CEOAuthor Commented:
MY ISA and SurfControl server are one in the same.  I'm thinking I need an internal to internal connection, right?
Keith AlabasterEnterprise ArchitectCommented:
Are you connecting to the surfcontrol on the external ip address or the internal ip address of ISA?
Isa only supports ssl on port 443 'out-of-the-box' It will not use other ssl port numbers (there is a script to run if you want to do that)

If you connect to the internal ISA ip and the port number does it work then?
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

crp0499CEOAuthor Commented:
I haven't gotten that far yet.  I just found out that my default web site was stopped and would not start.  I've gotten that taken care of, now I'm reinstalling the reporting tool.
Yep. I would say so. Your SurfControl will be using Web access to get present the application and so will go straight to ISA for its rules.

Set up a rule for SC that has port groups of 443 and 3910. I believe this is enough as I can't find anything else that it uses.

Keith AlabasterEnterprise ArchitectCommented:
There should be no rules involved as the surfcontrol and the ISA are installed (I assume) on the same server.
crp0499CEOAuthor Commented:
Yes, on same server.  So you're saying if SC is installed in the ISA, then there should be no rules required?
Keith AlabasterEnterprise ArchitectCommented:
Correct as the rule would to allow local host to talk to local host.

i assume you have the standard rule that lets local host and internal talk to each other anyway.. As mentioned above, the 'funnies' start when you try to specifically call the external interface of the ISA using https for a port other than 443.

crp0499CEOAuthor Commented:
At this point, when I logged into the server, the default web site was stopped.  It would not start on port 80 as that file was in use by another process.  So, I changed the port on the default web site to 8081 and it started.  I assumed reporting would fail so long as the default web site was not running anyway, so I'd better solve that problem first.

Now, with the default web site up and running, I have moved to the problem of the reporting.  During my previous efforts, I uninstalled IIS and reinstalled it.  That trashed my subfolders that were established for reporting so I plan now to reinstall the reporting tool and go from there.  I also plan on leaving SSL on 443 and not jacking with it.

How's my plan sound?
Keith AlabasterEnterprise ArchitectCommented:
I'm a great believer in keeping it simple. Sounds good to me.
Keith, you are right about the local host. It's been a long day and I'm missing the bleeding obvious !!!!

Keith AlabasterEnterprise ArchitectCommented:
Don't beat up on it :)  (wait till after he/she has it working lol).Its nearly 1AM here and I am out on my feet so going to bed.

crp0499CEOAuthor Commented:
Well, it works.  Report manager has to be installed on a seperate server from ISA/Surf Control.  We installed it on a diff server running IIS and it works great!

It took two hours on the phone with Surf Control to figure it out.  Their support is free and they did a WEB Ex session and did all the work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Glad to hear it. Good for Surf Control tech support.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.