Solved

cannot telnet on port 443 on LAN

Posted on 2007-03-27
14
4,438 Views
Last Modified: 2008-11-18
HI Experts,

just got a little problem, i cannot telnet from my ISA server to my SMTP server on port 443.
I have allowed all access from isa to the smtp server on 443, but each time i try it, connection is refused
i can telnet from ISA box to the server on port 25 and port 80, but it refuses connection on port 443.

any suggestions?
0
Comment
Question by:demolition_unit
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18805690
SMTP should be running on port 25... not 443.  Unless you've changed it for some reason?
0
 

Author Comment

by:demolition_unit
ID: 18805694
let me clarify, i cannot telnet from a server called "ISA1" to a server called "smtp1" on port 443 (HTTPS)
both servers are on my LAN, if i telnet to "smtp1" on port 25 or 80 it works fine, but if i telnet on port 443 i get a connection refused...
0
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18806084
Hi

on smtp1 can you run the following command

netstat -an | find ":443"
Is the server actually listening on port 433?
If it is can you connect locally via port 443 on Smpt1

In ISS manager: expand "web sites" node and right click on "default web site" and  select properties.
Select "Directory security" tab , click edit under" ip address and domain name restrictions"
Is your ISA1 server IP address denied

Note: 443 wil not respond to get commands in the same way as on port 80.


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:groetting
ID: 18806425
You do know that port 443 is the SSL port right? I assume you are using telnet to check if the port is accepting connections. Have you tried telnetting to localhost 443 on the smtp1 server? If that works, try telnetting to the ip of smtp1 from smtp1 just to confirm it replies to both actions. If it works locally on smtp1 and not from the other host, there still is a problem with firewall/access rules
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 18807244
Connection refused generally does mean that the IIS service that is providing the port is set to accept connections from selected ip addresses only OR it is anticipating a certificate/authentication pass of some kind.  Generally speaking if the port was not open then you would get a timeout message rather than a connection refused.

Netstat -an on its own will list all of the ports and whether they are tcp, udp or in some cases both that the server has listening ports for. It also reports if the port is listening for connections, is already in a conversation or is in the process of closing a connection/recently closed a connection. Entries that show 0.0.0.0 mean that the server is listening on any of its available ip addresses (ie not set to a specific if you have multiple nics etc).

have you set the firewall policy rule in both directions?
ie port 443 from smtp server & local host TO smtp server & local host?

Normally this is not required as the forwarding would be handled by the publishing rule for OWA or similar anyway but if you are trying to do it from the ISA itself then you will need the rule I mentioned.

0
 

Author Comment

by:demolition_unit
ID: 18812686
suggestionstick:
i've tried netstat -an | find ":443" on the server, and there are NO results, seems like it's not listening on 443
in IIS manager there is no default website, the only thing installed on this server is the SMTP service, so that's the only thing that can be seen in IIS mgr.

0
 

Author Comment

by:demolition_unit
ID: 18812700
groetting:

telnetting to localhost 443 on the smtp1 (and with the IP address) server does not work. i get a "connection failed" message
0
 

Author Comment

by:demolition_unit
ID: 18812709
Keith:
my mistake, on telnet i recieve a "connection failed" message. I have tried opening ISA up both ways, but that wont seem to fix the problem.

a netstat -an does not show 443 being listened to at all...
0
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18812979
Hi

If the server Smtp1 is not listening on 443 then you will not be able to telnet to it no matter where you are, or what firewall rules you have in place.

I think you should focus on why 443 is not listening on SMTP1

Can you type the following command

netstat -anb | find ":80"
and copy/paste

thanks in advance

Trev
0
 
LVL 11

Expert Comment

by:AnthonyP9618
ID: 18813006
By default IIS doesn't listen on 443, only 80.  You would actually have to set that up within IIS to get any type of listener on 443.
0
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18813010
Hi

The previous command in my post, will not supply the information I need, sorry about that.

Run Instead

netstat -anb and manually locate port 80, I need the owner process just listed below the 0.0.0.0:80

example

TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       1764
[inetinfo.exe]

Thanks in advance

Trev
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 18814021
Demo, the previous comments do not compute, no offence :)

If the box is only running the smtp service which is on port 25, you would not have been able to connect to it through telnet on port 80 as per your first post.

Is this an exchange box by an chance?
can you http://servername/exchange and get the OWA screen up?
0
 
LVL 5

Expert Comment

by:suggestionstick
ID: 18814156
Hi


he was refering to IIS manager, it only had SMTP service listed, he could be running a non IIS web server on the box. This is why I asked for a netstat -anb for port 80, as it will should the owner process.  

Trev
0
 

Author Comment

by:demolition_unit
ID: 18840289
Hi Guys,

it turns out that i no longer need access to this server on port 443. we have decided to change our design.
i'm happy to increase the points to 250and split them amongst you guys :)
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Win 7 OS unable to install Win updates 3 200
Cannot create a homegroup on my computer 7 33
Cannot Change Local DNS 9 71
Print to local printer - Windows 7 RDP 9 41
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question