Solved

How do I open port 443 in ISA to allow access to web pages that are SSL?

Posted on 2008-10-17
29
2,002 Views
Last Modified: 2008-11-18
I am accessing my ISP and I clicked on one of the links for me to enable web hosting with them and i got the following error message:
Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 17.0.0.18
Date: 10/17/2008 3:47:32 PM
Server: name_of_server.local
Source: proxy
-------------------------------
I went to ISA and created a protocol of 443 and a access rule but it still does not work.
My router has port forwarding for 443 enabled but it still does not work.
Maybe I created the protocol or access rule incorrectly.
These are the settings for protocol:
Port Range =443
Protocol Type=TCP
Direction=Outbound
No secondary connections

The settings for Access Rule are:
Action:
Action to take when the conditions are met=Allow
Log requests matching this rule=has a check mark
Protocols:
This rule applies to =Selected Protocols
Protocols=SSL 443 Protocol(The protocol I created)
From=Internal
To=External
Content Type=All content types
Schedule=always
Users=all users

Please advise on how I resolve this?
0
Comment
Question by:j_rameses
  • 16
  • 12
29 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22743804
The reason is that the site is moving you to a different SSl port number other than 443. This is a common issue as ISA (by default) only supports SSl on port 443. if you have a look at this link (Jim Harrison - Microsoft) you will see the ISA tunnel port tool. This utility allows you to add additional SSl ports.

http://www.isatools.org/tools.asp?Context=ISA2004

If you open the ISA gui - monitoring - logging - start query, watch the destination port that the client tries to go to. use the tool and add this port number.

Job done

Keith
0
 

Author Comment

by:j_rameses
ID: 22743911
the destination port is 80
what should i do?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22743939
That doesn't make sense.
Also, you don't need to create an ssl protocol - it is built in and called https. Have you enabled https from internal and localhost to external?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:j_rameses
ID: 22743955
what do you mean by "Have you enabled https from internal and localhost to external?"
please advise how i can check this and how to do this
0
 

Author Comment

by:j_rameses
ID: 22744014
on firewall policy:
name=SBS Windows Sharepoint Services Web Publishing Rule
Action = deny
protocols=https

does this have anything to do with it?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744045
Yes :) - it should be Allow
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744080
Actually, that may be incorrect information - sorry.
That rule says it is a publishing rule - what is the From and To boxes set to?
0
 

Author Comment

by:j_rameses
ID: 22744117
from=anywhere
to=publishing.domain.local
forward the original host header instead of the actual one= has a check mark
0
 

Author Comment

by:j_rameses
ID: 22744139

fyi
under listener:
networks=external
Port(HTTP)=disabled
Port(HTTPS)=444
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744150
leave that at deny - this blocks external access to your internal Intranet/Sharepoint.
There should be an access rule that allows https from internal & localhost to external.
If there isn't one OR https is not a listed protocol in an existing rule then add one.

In addition, you MUST be a member of the SBS domain users group
0
 

Author Comment

by:j_rameses
ID: 22744194
regarding your last comment, I am logged in as the system administrator.
how to i create i step by step your suggestion?
0
 

Author Comment

by:j_rameses
ID: 22744339
keith,
pls advise how to do your suggestion.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22744387
???? No offence but this is really basic ISA configuration.

Open the gui, select firewall policy
right-click the firewall policy description on the left and select new - access rule
give it a name - select allow - in the protocols select https - in the from box select internal & localhost - in the to box select external - all users - always
Move this rule to the top - apply policy
0
 

Author Comment

by:j_rameses
ID: 22744420
http or https?
0
 

Author Comment

by:j_rameses
ID: 22744424
there is also a https server?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744429
just https
0
 

Author Comment

by:j_rameses
ID: 22744497
it did not work.
should i restart the firewall?
0
 

Author Comment

by:j_rameses
ID: 22744502
i meant that i still get the same error message.
0
 

Author Comment

by:j_rameses
ID: 22744512
i moved it to position #1
0
 

Author Comment

by:j_rameses
ID: 22744596
keith,
this is the url address that appears when i click on the webpage:
https://api.webhosting.optonline.net:8443/ssoapp/servlet/SSORequest

it states a 8443.
does this have anything to do with it?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 22744637
I go back to my first posts - about checking the log to see what port it used - 443 is the ONLY https port supported by default. You need to use the tool in my link to add 8443 to the list of https supported ports.
0
 

Author Comment

by:j_rameses
ID: 22744705
that download only shows my ports not to add them.
i downloaded the tool called:   ISA Tunnel Port Tool
0
 

Author Comment

by:j_rameses
ID: 22744781
should i use the download:
ISA TPRE by Steven S.
This one has the option to enter:
LowPort:
HighPort
TunnelPortName:
Then I click on Add Tunnel Range
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744789
read the text that ccomes with it when you type in the command- it gives you the syntax to use with the tool to add the ports
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744797
Yes, you can use the GUI version if you wish. The range to add is 8443 to 8443
0
 
LVL 2

Expert Comment

by:wcoka2
ID: 22744813
Why are you enabling port forwarding for 443 at your router? For what I understand you want to access a website that uses SSL right? What is getting denied at the logging?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744817
What?? God help us from people who do not bother to read the posts before adding a comment.
0
 

Author Comment

by:j_rameses
ID: 22744849
Keith,

Bingo it worked.
Thank you.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744855
Welcome mate :)
0

Featured Post

ScreenConnect 6.0 Free Trial

Want empowering updates? You're in the right place! Discover new features in ScreenConnect 6.0, based on partner feedback, to keep you business operating smoothly and optimally (the way it should be). Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question