spring80
asked on
web listener on port 80 or 443 not listen in forefront tmg
Dear Sir
i want to publish an internal site to external use, but i saw that the web listener not listen to port 80 or 443 .
When using the monitoring, I see the request passes over the rule
i am using forefront tmg .
i try add all the networs to the networks properties in the web listener properties but nothing help.
our sharepoint internal site is http://twp-sharepoint
the extarnal url to access our server is : https://twp.dyndns.tv or http://twp.dyndns.tv
how can properly configure the web listener to listen to port 80 or 443.
Regards
i want to publish an internal site to external use, but i saw that the web listener not listen to port 80 or 443 .
When using the monitoring, I see the request passes over the rule
i am using forefront tmg .
i try add all the networs to the networks properties in the web listener properties but nothing help.
our sharepoint internal site is http://twp-sharepoint
the extarnal url to access our server is : https://twp.dyndns.tv or http://twp.dyndns.tv
how can properly configure the web listener to listen to port 80 or 443.
Regards
ASKER
ok i try it before but without success.
in regards the certificate ,if there a problem in it , the web listener should not listen to the requests ??
i should create certificate from the sharepoint server or from the forefront server ???
in regards the certificate ,if there a problem in it , the web listener should not listen to the requests ??
i should create certificate from the sharepoint server or from the forefront server ???
ASKER
"Because we are using a self signed certificate, we have to import the self signed certificate into the Trusted Root Authority store on both ISA server nodes.
"
this from the site you submit .
i dont understand why should i have 2 isa server nodes ??
the outside client should have isa installed to access the internal site ?? sure not
so what the meaning of " both isa server nodes"
"
this from the site you submit .
i dont understand why should i have 2 isa server nodes ??
the outside client should have isa installed to access the internal site ?? sure not
so what the meaning of " both isa server nodes"
>>in regards the certificate ,if there a problem in it , the web listener should not listen to the requests ??
you can test the rule by click test on the rule properties. if any errors related to certificate , this test will tell you.
>>i should create certificate from the sharepoint server or from the forefront server ???
do you use Public trusted certificate ( not self-signed not internal CA) ? all cases this certificate should be installed on both servers.
>>"Because we are using a self signed certificate, we have to import the self signed certificate into the Trusted Root Authority store on both ISA server nodes.
" if you dont use self-sgined certificate, please ignore this- these are the lab configurations.
>>"i dont understand why should i have 2 isa server nodes ??"
you can do that by one node. again it is a lab config.
you can test the rule by click test on the rule properties. if any errors related to certificate , this test will tell you.
>>i should create certificate from the sharepoint server or from the forefront server ???
do you use Public trusted certificate ( not self-signed not internal CA) ? all cases this certificate should be installed on both servers.
>>"Because we are using a self signed certificate, we have to import the self signed certificate into the Trusted Root Authority store on both ISA server nodes.
" if you dont use self-sgined certificate, please ignore this- these are the lab configurations.
>>"i dont understand why should i have 2 isa server nodes ??"
you can do that by one node. again it is a lab config.
If i was you i would start with publishing the site through port 80 to test the TMG configuration and verify it's working....
Can you please provide us with the steps!!
Can you please provide us with the steps!!
ASKER
i try mny things without success, please don't tell me to read another link ,because i read it before but i have some problem.
in regards the certificate , i dont understand from where i export this certificate from sharepoint server or from forefront server ??
from forefront serve right ?
should i put the certificatein in the trusted root certification or only personal ?
in regards the certificate , i dont understand from where i export this certificate from sharepoint server or from forefront server ??
from forefront serve right ?
should i put the certificatein in the trusted root certification or only personal ?
ASKER
and also i have a question ,in the modem configuration, should i forward the port 80 and port 443 to forefront external nic ip ? or to forefront internet nic ip ? or to sharepoint server ??
or should don't use the port forwarding for these ports ??
or should don't use the port forwarding for these ports ??
ASKER
if i use only http for web listener and check the test rule , all the test pass but an error occured
"
Time reported by the Microsoft Forefront TMG Firewall Service: 0.003 seconds
Testing http://twp-sharepoint:80/_vti_inf.html*
Category: General error
Error details: An unexpected response was received from the server. HTTP response: 400 Bad Request
Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.
"
"
Time reported by the Microsoft Forefront TMG Firewall Service: 0.003 seconds
Testing http://twp-sharepoint:80/_vti_inf.html*
Category: General error
Error details: An unexpected response was received from the server. HTTP response: 400 Bad Request
Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.
"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for replying .
in regards the first step :
1. Export the Sharepoint site certificate from the Sharepoint/Personal Certificate (typcilly the certificates name the same as the servername)
my serve name is : twp-sharepoint
My domain name is :twp
when i was trying the certificate using selfssl, i create many certificate for testing ,and i put them in personal and trust root certification.
1- should i remove them ??
the original certificate is : TWP-TWP-Sharepoint-ca
and wmsvc-twp-sharepoint
2- which one should i use ?
3- should i create a new one using selfssl and name it twp-sharepoint ??
in regards the first step :
1. Export the Sharepoint site certificate from the Sharepoint/Personal Certificate (typcilly the certificates name the same as the servername)
my serve name is : twp-sharepoint
My domain name is :twp
when i was trying the certificate using selfssl, i create many certificate for testing ,and i put them in personal and trust root certification.
1- should i remove them ??
the original certificate is : TWP-TWP-Sharepoint-ca
and wmsvc-twp-sharepoint
2- which one should i use ?
3- should i create a new one using selfssl and name it twp-sharepoint ??
ASKER
but in these steps :
http://www.isaserver.org/tutorials/How-to-Publish-Microsoft-Sharepoint-Service-ISA-Server-2006.html
he rename the certificate with the name of internet url (sps.it ....) not the name of the server(server3)
so i should name the certificate as the name of the our server : twp-sharepoint
or with the name of the internet access to our server : twp.dyndns.tv ??
http://www.isaserver.org/tutorials/How-to-Publish-Microsoft-Sharepoint-Service-ISA-Server-2006.html
he rename the certificate with the name of internet url (sps.it ....) not the name of the server(server3)
so i should name the certificate as the name of the our server : twp-sharepoint
or with the name of the internet access to our server : twp.dyndns.tv ??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok but our site is name : twp-sharepoint and each user in the network use http://twp-sharepoint to coonect to the sharepoint site.
if he enter twp.dyndns.tv within the intranet it is redirect to router (modem) web admin page
if he enter twp.dyndns.tv within the intranet it is redirect to router (modem) web admin page
if i understand right. test this solution on your local PC:
Browse to C:\Windows\system32\driver s\etc\host s
open the the Hotsts file in notepad and add the following:
Sharepoint IP twp.dyndns.tv
save the hosts file, and try to connect to twp.dyndns.tv.
let me know if its work
Browse to C:\Windows\system32\driver
open the the Hotsts file in notepad and add the following:
Sharepoint IP twp.dyndns.tv
save the hosts file, and try to connect to twp.dyndns.tv.
let me know if its work
ASKER
no sir , it is doesnt work.
i can access http://twp-sharepoint from local pc but i can't access http://192.168.0.150 (the ip of the sharepoint server)
is there mapping problem or what exactly ? or related to dns ?
i can access http://twp-sharepoint from local pc but i can't access http://192.168.0.150 (the ip of the sharepoint server)
is there mapping problem or what exactly ? or related to dns ?
Please use a name not an ip address (use the host method)
ASKER
Dear Sir
it ia almost done , ican connect through https now from outside.
check https://twp.dyndns.tv
but now the problem i cannot connect through http from outside :
http://twp.dyndns.tv
running test rule give me this error :
Error details: An unexpected response was received from the server. HTTP response: 404 Not Found
Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.
it ia almost done , ican connect through https now from outside.
check https://twp.dyndns.tv
but now the problem i cannot connect through http from outside :
http://twp.dyndns.tv
running test rule give me this error :
Error details: An unexpected response was received from the server. HTTP response: 404 Not Found
Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.
ASKER
Thanks you so much ,it is working .
excellent
regards
excellent
regards
no problem sir any time :)
http://www.isaserver.org/tutorials/How-to-Publish-Microsoft-Sharepoint-Service-ISA-Server-2006.html