ISA Connection Refused
I am receiving 10061: Connection refused when accessing a website published through ISA 2006 from the outside world. I'm not sure what the problem is; the website is accessible when RDPed into the ISA gateway.
I double checked that the port assignments are right.
Here are the details on the rule:
Allow HTTP, HTTPS from MyListener to www.mysite.com with access from all users all the time
MyRule Properties
From External
To www.mysite.com
Applies to HTTP, HTTPS
Rule applies to www.mysite.com
Web server: Redirect requests to HTTP port 80 and redirect requests to SSL port 443
Web listener properties:
Action: allow
From: External
To: www.mysite.com
Requests appear from original client
Connections: Enable HTTP 80, SSL 443 Do not redirect from HTTP to HTTPS
Certificates: Use single certificate www.mysite.com
Authentication: none
I double checked that the port assignments are right.
Here are the details on the rule:
Allow HTTP, HTTPS from MyListener to www.mysite.com with access from all users all the time
MyRule Properties
From External
To www.mysite.com
Applies to HTTP, HTTPS
Rule applies to www.mysite.com
Web server: Redirect requests to HTTP port 80 and redirect requests to SSL port 443
Web listener properties:
Action: allow
From: External
To: www.mysite.com
Requests appear from original client
Connections: Enable HTTP 80, SSL 443 Do not redirect from HTTP to HTTPS
Certificates: Use single certificate www.mysite.com
Authentication: none
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
pwindell:
This is a TS connection; the initial page loads correctly, and the error occurs when I attempt to enter the user and password in the RDP screen. When I look back at my initial post I didn't make that clear; my apologies. Changing settings in IE hasn't given any further error messages. What I'm posting comes from the ISA logs.
Raj-GT:
I checked everything you recommended - the problem turned out to reside in the Authentication Delegation screen. Once I turned on authentication to the end server everything is in the clear for the firewall.
This is a TS connection; the initial page loads correctly, and the error occurs when I attempt to enter the user and password in the RDP screen. When I look back at my initial post I didn't make that clear; my apologies. Changing settings in IE hasn't given any further error messages. What I'm posting comes from the ISA logs.
Raj-GT:
I checked everything you recommended - the problem turned out to reside in the Authentication Delegation screen. Once I turned on authentication to the end server everything is in the clear for the firewall.
Do you mean it works now or does not?
With some Termianal Service sitautions with ISA you have to publish both the "web site" and RDP using separate Publishing Rules. They are two distinct processes. In these cases the Web site does nothing more than provided an ActiveX version of the RDP Client to the user via the browser,...but once the ActiveX Control loads and activates it operates just as a regular RDP Client App and conects with just normal pure RDP,...so it use the RPD Publishing Rule.
I forget the exact situation where this is the case. there is one thing called the Termianl Services Gateway and then their iw the Remote Web Workplace is SBS and I don't think they work the same way. There may even be other variations of this beyond these two.
With some Termianal Service sitautions with ISA you have to publish both the "web site" and RDP using separate Publishing Rules. They are two distinct processes. In these cases the Web site does nothing more than provided an ActiveX version of the RDP Client to the user via the browser,...but once the ActiveX Control loads and activates it operates just as a regular RDP Client App and conects with just normal pure RDP,...so it use the RPD Publishing Rule.
I forget the exact situation where this is the case. there is one thing called the Termianl Services Gateway and then their iw the Remote Web Workplace is SBS and I don't think they work the same way. There may even be other variations of this beyond these two.
Turn off "Friendly Error Messages" in IE if that is what it takes to get the entire description.