• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5606
  • Last Modified:

cannot telnet on port 443 on LAN

HI Experts,

just got a little problem, i cannot telnet from my ISA server to my SMTP server on port 443.
I have allowed all access from isa to the smtp server on 443, but each time i try it, connection is refused
i can telnet from ISA box to the server on port 25 and port 80, but it refuses connection on port 443.

any suggestions?
0
demolition_unit
Asked:
demolition_unit
  • 5
  • 4
  • 2
  • +2
2 Solutions
 
AnthonyP9618Commented:
SMTP should be running on port 25... not 443.  Unless you've changed it for some reason?
0
 
demolition_unitAuthor Commented:
let me clarify, i cannot telnet from a server called "ISA1" to a server called "smtp1" on port 443 (HTTPS)
both servers are on my LAN, if i telnet to "smtp1" on port 25 or 80 it works fine, but if i telnet on port 443 i get a connection refused...
0
 
suggestionstickCommented:
Hi

on smtp1 can you run the following command

netstat -an | find ":443"
Is the server actually listening on port 433?
If it is can you connect locally via port 443 on Smpt1

In ISS manager: expand "web sites" node and right click on "default web site" and  select properties.
Select "Directory security" tab , click edit under" ip address and domain name restrictions"
Is your ISA1 server IP address denied

Note: 443 wil not respond to get commands in the same way as on port 80.


0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
groettingCommented:
You do know that port 443 is the SSL port right? I assume you are using telnet to check if the port is accepting connections. Have you tried telnetting to localhost 443 on the smtp1 server? If that works, try telnetting to the ip of smtp1 from smtp1 just to confirm it replies to both actions. If it works locally on smtp1 and not from the other host, there still is a problem with firewall/access rules
0
 
Keith AlabasterEnterprise ArchitectCommented:
Connection refused generally does mean that the IIS service that is providing the port is set to accept connections from selected ip addresses only OR it is anticipating a certificate/authentication pass of some kind.  Generally speaking if the port was not open then you would get a timeout message rather than a connection refused.

Netstat -an on its own will list all of the ports and whether they are tcp, udp or in some cases both that the server has listening ports for. It also reports if the port is listening for connections, is already in a conversation or is in the process of closing a connection/recently closed a connection. Entries that show 0.0.0.0 mean that the server is listening on any of its available ip addresses (ie not set to a specific if you have multiple nics etc).

have you set the firewall policy rule in both directions?
ie port 443 from smtp server & local host TO smtp server & local host?

Normally this is not required as the forwarding would be handled by the publishing rule for OWA or similar anyway but if you are trying to do it from the ISA itself then you will need the rule I mentioned.

0
 
demolition_unitAuthor Commented:
suggestionstick:
i've tried netstat -an | find ":443" on the server, and there are NO results, seems like it's not listening on 443
in IIS manager there is no default website, the only thing installed on this server is the SMTP service, so that's the only thing that can be seen in IIS mgr.

0
 
demolition_unitAuthor Commented:
groetting:

telnetting to localhost 443 on the smtp1 (and with the IP address) server does not work. i get a "connection failed" message
0
 
demolition_unitAuthor Commented:
Keith:
my mistake, on telnet i recieve a "connection failed" message. I have tried opening ISA up both ways, but that wont seem to fix the problem.

a netstat -an does not show 443 being listened to at all...
0
 
suggestionstickCommented:
Hi

If the server Smtp1 is not listening on 443 then you will not be able to telnet to it no matter where you are, or what firewall rules you have in place.

I think you should focus on why 443 is not listening on SMTP1

Can you type the following command

netstat -anb | find ":80"
and copy/paste

thanks in advance

Trev
0
 
AnthonyP9618Commented:
By default IIS doesn't listen on 443, only 80.  You would actually have to set that up within IIS to get any type of listener on 443.
0
 
suggestionstickCommented:
Hi

The previous command in my post, will not supply the information I need, sorry about that.

Run Instead

netstat -anb and manually locate port 80, I need the owner process just listed below the 0.0.0.0:80

example

TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       1764
[inetinfo.exe]

Thanks in advance

Trev
0
 
Keith AlabasterEnterprise ArchitectCommented:
Demo, the previous comments do not compute, no offence :)

If the box is only running the smtp service which is on port 25, you would not have been able to connect to it through telnet on port 80 as per your first post.

Is this an exchange box by an chance?
can you http://servername/exchange and get the OWA screen up?
0
 
suggestionstickCommented:
Hi


he was refering to IIS manager, it only had SMTP service listed, he could be running a non IIS web server on the box. This is why I asked for a netstat -anb for port 80, as it will should the owner process.  

Trev
0
 
demolition_unitAuthor Commented:
Hi Guys,

it turns out that i no longer need access to this server on port 443. we have decided to change our design.
i'm happy to increase the points to 250and split them amongst you guys :)
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 5
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now