Solved

How do I open port 443 in ISA to allow access to web pages that are SSL?

Posted on 2008-10-17
29
2,034 Views
Last Modified: 2008-11-18
I am accessing my ISP and I clicked on one of the links for me to enable web hosting with them and i got the following error message:
Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 17.0.0.18
Date: 10/17/2008 3:47:32 PM
Server: name_of_server.local
Source: proxy
-------------------------------
I went to ISA and created a protocol of 443 and a access rule but it still does not work.
My router has port forwarding for 443 enabled but it still does not work.
Maybe I created the protocol or access rule incorrectly.
These are the settings for protocol:
Port Range =443
Protocol Type=TCP
Direction=Outbound
No secondary connections

The settings for Access Rule are:
Action:
Action to take when the conditions are met=Allow
Log requests matching this rule=has a check mark
Protocols:
This rule applies to =Selected Protocols
Protocols=SSL 443 Protocol(The protocol I created)
From=Internal
To=External
Content Type=All content types
Schedule=always
Users=all users

Please advise on how I resolve this?
0
Comment
Question by:j_rameses
  • 16
  • 12
29 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22743804
The reason is that the site is moving you to a different SSl port number other than 443. This is a common issue as ISA (by default) only supports SSl on port 443. if you have a look at this link (Jim Harrison - Microsoft) you will see the ISA tunnel port tool. This utility allows you to add additional SSl ports.

http://www.isatools.org/tools.asp?Context=ISA2004

If you open the ISA gui - monitoring - logging - start query, watch the destination port that the client tries to go to. use the tool and add this port number.

Job done

Keith
0
 

Author Comment

by:j_rameses
ID: 22743911
the destination port is 80
what should i do?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22743939
That doesn't make sense.
Also, you don't need to create an ssl protocol - it is built in and called https. Have you enabled https from internal and localhost to external?
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 

Author Comment

by:j_rameses
ID: 22743955
what do you mean by "Have you enabled https from internal and localhost to external?"
please advise how i can check this and how to do this
0
 

Author Comment

by:j_rameses
ID: 22744014
on firewall policy:
name=SBS Windows Sharepoint Services Web Publishing Rule
Action = deny
protocols=https

does this have anything to do with it?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744045
Yes :) - it should be Allow
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744080
Actually, that may be incorrect information - sorry.
That rule says it is a publishing rule - what is the From and To boxes set to?
0
 

Author Comment

by:j_rameses
ID: 22744117
from=anywhere
to=publishing.domain.local
forward the original host header instead of the actual one= has a check mark
0
 

Author Comment

by:j_rameses
ID: 22744139

fyi
under listener:
networks=external
Port(HTTP)=disabled
Port(HTTPS)=444
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744150
leave that at deny - this blocks external access to your internal Intranet/Sharepoint.
There should be an access rule that allows https from internal & localhost to external.
If there isn't one OR https is not a listed protocol in an existing rule then add one.

In addition, you MUST be a member of the SBS domain users group
0
 

Author Comment

by:j_rameses
ID: 22744194
regarding your last comment, I am logged in as the system administrator.
how to i create i step by step your suggestion?
0
 

Author Comment

by:j_rameses
ID: 22744339
keith,
pls advise how to do your suggestion.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22744387
???? No offence but this is really basic ISA configuration.

Open the gui, select firewall policy
right-click the firewall policy description on the left and select new - access rule
give it a name - select allow - in the protocols select https - in the from box select internal & localhost - in the to box select external - all users - always
Move this rule to the top - apply policy
0
 

Author Comment

by:j_rameses
ID: 22744420
http or https?
0
 

Author Comment

by:j_rameses
ID: 22744424
there is also a https server?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744429
just https
0
 

Author Comment

by:j_rameses
ID: 22744497
it did not work.
should i restart the firewall?
0
 

Author Comment

by:j_rameses
ID: 22744502
i meant that i still get the same error message.
0
 

Author Comment

by:j_rameses
ID: 22744512
i moved it to position #1
0
 

Author Comment

by:j_rameses
ID: 22744596
keith,
this is the url address that appears when i click on the webpage:
https://api.webhosting.optonline.net:8443/ssoapp/servlet/SSORequest

it states a 8443.
does this have anything to do with it?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 22744637
I go back to my first posts - about checking the log to see what port it used - 443 is the ONLY https port supported by default. You need to use the tool in my link to add 8443 to the list of https supported ports.
0
 

Author Comment

by:j_rameses
ID: 22744705
that download only shows my ports not to add them.
i downloaded the tool called:   ISA Tunnel Port Tool
0
 

Author Comment

by:j_rameses
ID: 22744781
should i use the download:
ISA TPRE by Steven S.
This one has the option to enter:
LowPort:
HighPort
TunnelPortName:
Then I click on Add Tunnel Range
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744789
read the text that ccomes with it when you type in the command- it gives you the syntax to use with the tool to add the ports
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744797
Yes, you can use the GUI version if you wish. The range to add is 8443 to 8443
0
 
LVL 2

Expert Comment

by:wcoka2
ID: 22744813
Why are you enabling port forwarding for 443 at your router? For what I understand you want to access a website that uses SSL right? What is getting denied at the logging?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744817
What?? God help us from people who do not bother to read the posts before adding a comment.
0
 

Author Comment

by:j_rameses
ID: 22744849
Keith,

Bingo it worked.
Thank you.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744855
Welcome mate :)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question