We help IT Professionals succeed at work.

ISA server 2004 and SurfControl Reports

Medium Priority
918 Views
Last Modified: 2008-11-18
I am having trouble making SurfControl Reporting work.  When I attempt to access my SurfControl Reports, I receive the following error message.

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 10.0.0.1
Date: 3/28/2006 8:11:51 PM <LI
 
Can anyone assist me in resolving this problem?

Thanks

Cliff
Comment
Watch Question

Obvious question. Have you set up a rule to allow IP traffic on port 443 from your SurfControl server to the ISA server? If it is the same box, then this will still need a rule as SurfControl is a web based application. It also uses port 3910 so you may need to open this up as well.

If you are able, can you open any to any and see if that works, then re-enable your rules until it stops?

Is there a log reference showing which rule rejected the traffic (I expect it to be your catch all block any any).

Hope this helps
Barny
crp0499CEO

Author

Commented:
MY ISA and SurfControl server are one in the same.  I'm thinking I need an internal to internal connection, right?
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Are you connecting to the surfcontrol on the external ip address or the internal ip address of ISA?
Isa only supports ssl on port 443 'out-of-the-box' It will not use other ssl port numbers (there is a script to run if you want to do that)

If you connect to the internal ISA ip and the port number does it work then?
crp0499CEO

Author

Commented:
I haven't gotten that far yet.  I just found out that my default web site was stopped and would not start.  I've gotten that taken care of, now I'm reinstalling the reporting tool.
Yep. I would say so. Your SurfControl will be using Web access to get present the application and so will go straight to ISA for its rules.

Set up a rule for SC that has port groups of 443 and 3910. I believe this is enough as I can't find anything else that it uses.

Barny
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
There should be no rules involved as the surfcontrol and the ISA are installed (I assume) on the same server.
crp0499CEO

Author

Commented:
Yes, on same server.  So you're saying if SC is installed in the ISA, then there should be no rules required?
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Correct as the rule would to allow local host to talk to local host.

i assume you have the standard rule that lets local host and internal talk to each other anyway.. As mentioned above, the 'funnies' start when you try to specifically call the external interface of the ISA using https for a port other than 443.

regards
keith
crp0499CEO

Author

Commented:
At this point, when I logged into the server, the default web site was stopped.  It would not start on port 80 as that file was in use by another process.  So, I changed the port on the default web site to 8081 and it started.  I assumed reporting would fail so long as the default web site was not running anyway, so I'd better solve that problem first.

Now, with the default web site up and running, I have moved to the problem of the reporting.  During my previous efforts, I uninstalled IIS and reinstalled it.  That trashed my subfolders that were established for reporting so I plan now to reinstall the reporting tool and go from there.  I also plan on leaving SSL on 443 and not jacking with it.

How's my plan sound?
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
I'm a great believer in keeping it simple. Sounds good to me.
Keith, you are right about the local host. It's been a long day and I'm missing the bleeding obvious !!!!

Barny
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Don't beat up on it :)  (wait till after he/she has it working lol).Its nearly 1AM here and I am out on my feet so going to bed.


CEO
Commented:
Well, it works.  Report manager has to be installed on a seperate server from ISA/Surf Control.  We installed it on a diff server running IIS and it works great!

It took two hours on the phone with Surf Control to figure it out.  Their support is free and they did a WEB Ex session and did all the work.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
Glad to hear it. Good for Surf Control tech support.



Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.