Link to home
Create AccountLog in
Avatar of crp0499
crp0499Flag for United States of America

asked on

ISA server 2004 and SurfControl Reports

I am having trouble making SurfControl Reporting work.  When I attempt to access my SurfControl Reports, I receive the following error message.

Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 10.0.0.1
Date: 3/28/2006 8:11:51 PM <LI
 
Can anyone assist me in resolving this problem?

Thanks

Cliff
Avatar of IPKON_Networks
IPKON_Networks

Obvious question. Have you set up a rule to allow IP traffic on port 443 from your SurfControl server to the ISA server? If it is the same box, then this will still need a rule as SurfControl is a web based application. It also uses port 3910 so you may need to open this up as well.

If you are able, can you open any to any and see if that works, then re-enable your rules until it stops?

Is there a log reference showing which rule rejected the traffic (I expect it to be your catch all block any any).

Hope this helps
Barny
Avatar of crp0499

ASKER

MY ISA and SurfControl server are one in the same.  I'm thinking I need an internal to internal connection, right?
Avatar of Keith Alabaster
Are you connecting to the surfcontrol on the external ip address or the internal ip address of ISA?
Isa only supports ssl on port 443 'out-of-the-box' It will not use other ssl port numbers (there is a script to run if you want to do that)

If you connect to the internal ISA ip and the port number does it work then?
Avatar of crp0499

ASKER

I haven't gotten that far yet.  I just found out that my default web site was stopped and would not start.  I've gotten that taken care of, now I'm reinstalling the reporting tool.
Yep. I would say so. Your SurfControl will be using Web access to get present the application and so will go straight to ISA for its rules.

Set up a rule for SC that has port groups of 443 and 3910. I believe this is enough as I can't find anything else that it uses.

Barny
There should be no rules involved as the surfcontrol and the ISA are installed (I assume) on the same server.
Avatar of crp0499

ASKER

Yes, on same server.  So you're saying if SC is installed in the ISA, then there should be no rules required?
Correct as the rule would to allow local host to talk to local host.

i assume you have the standard rule that lets local host and internal talk to each other anyway.. As mentioned above, the 'funnies' start when you try to specifically call the external interface of the ISA using https for a port other than 443.

regards
keith
Avatar of crp0499

ASKER

At this point, when I logged into the server, the default web site was stopped.  It would not start on port 80 as that file was in use by another process.  So, I changed the port on the default web site to 8081 and it started.  I assumed reporting would fail so long as the default web site was not running anyway, so I'd better solve that problem first.

Now, with the default web site up and running, I have moved to the problem of the reporting.  During my previous efforts, I uninstalled IIS and reinstalled it.  That trashed my subfolders that were established for reporting so I plan now to reinstall the reporting tool and go from there.  I also plan on leaving SSL on 443 and not jacking with it.

How's my plan sound?
I'm a great believer in keeping it simple. Sounds good to me.
Keith, you are right about the local host. It's been a long day and I'm missing the bleeding obvious !!!!

Barny
Don't beat up on it :)  (wait till after he/she has it working lol).Its nearly 1AM here and I am out on my feet so going to bed.


ASKER CERTIFIED SOLUTION
Avatar of crp0499
crp0499
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Glad to hear it. Good for Surf Control tech support.