web listener on port 80 or 443 not listen in forefront tmg

Dear Sir

i want to publish an internal site to external use, but i saw that the web listener not listen to port 80 or 443 .
When using the monitoring, I see the request passes over the rule
i am using forefront tmg .
i try add all the networs to the networks properties in the web listener properties but nothing help.
our sharepoint internal site is http://twp-sharepoint
the extarnal url to access our server is : https://twp.dyndns.tv   or http://twp.dyndns.tv
how can properly configure the web listener to listen to port 80 or 443.

Regards
spring80Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Suliman Abu KharroubIT Consultant Commented:
Below is a guide to publish SharePoint site throw ISA 2006, it also applicable on TMG:

http://www.isaserver.org/tutorials/How-to-Publish-Microsoft-Sharepoint-Service-ISA-Server-2006.html
0
spring80Author Commented:
ok i try it before but without success.

in regards the certificate ,if there a problem in it , the web listener should not listen to the requests ??

i should create certificate from the sharepoint server or from the forefront server ???
0
spring80Author Commented:
"Because we are using a self signed certificate, we have to import the self signed certificate into the Trusted Root Authority store on both ISA server nodes.
"

this from the site you submit .
i dont understand why should i have 2 isa server nodes ??
the outside client should have isa installed to access the internal site ?? sure not
so what the meaning of " both isa server nodes"
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Suliman Abu KharroubIT Consultant Commented:
>>in regards the certificate ,if there a problem in it , the web listener should not listen to the requests ??
you can test the rule by click test on the rule properties. if any errors related to certificate , this test will tell you.

>>i should create certificate from the sharepoint server or from the forefront server ???
 do you use Public trusted certificate ( not self-signed not internal CA) ? all cases this certificate should be installed on both servers.

>>"Because we are using a self signed certificate, we have to import the self signed certificate into the Trusted Root Authority store on both ISA server nodes.
" if you dont use self-sgined certificate, please ignore this- these are the lab configurations.


>>"i dont understand why should i have 2 isa server nodes ??"
you can do that by one node. again it is a lab config.

0
ms-proCommented:
If i was you i would start with publishing the site through port 80 to test the TMG configuration and verify it's working....

Can you please provide us with the steps!!
0
spring80Author Commented:
i try mny things without success, please don't tell me to read another link ,because i read it before but i have some problem.

in regards the certificate , i dont understand from where i export this certificate from sharepoint server or from forefront server ??

from forefront serve right ?
should i put the certificatein in the trusted root certification or only personal ?

0
spring80Author Commented:
and also i have a question ,in the modem configuration, should i forward the port 80 and port 443 to forefront external nic ip ? or to forefront internet nic ip ? or to sharepoint server ??
or should don't use the port forwarding for these ports ??
0
spring80Author Commented:
if i use only http for web listener and check the test rule , all the test pass but an error occured
"
Time reported by the Microsoft Forefront TMG Firewall Service: 0.003 seconds
Testing http://twp-sharepoint:80/_vti_inf.html*
Category: General error
Error details: An unexpected response was received from the server. HTTP response: 400 Bad Request
Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.
"
0
ms-proCommented:
I will try to make a step by step baisc gudie for you about web publishing:
1. Export the Sharepoint site certificate from the Sharepoint/Personal Certificate (typcilly the certificates name the same as the servername)
2.import the certificate to the Forefront TMG / Personal and Trust Root Certificatiion
3.Run the web wizard from the forefront tmg
4.finish
Use the steps above if you are going to use https:// port 443.
You dont need the steps above regarding port 80 http://

From the router (modem) you need to forward to port 80 if you are going to use http:// and port 443 if you are going to use https:// to Forefront TMG External IP (not internal IP)

From the router (modem) firewall you need to open/allow port 80 or 443.

Make sure the Windows Firewall on the sharepoint allow port 80 and 443 (basically you can disable for the test purposes)

please let me know if there is anything else
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
spring80Author Commented:
thanks for replying .
in regards the first step :
1. Export the Sharepoint site certificate from the Sharepoint/Personal Certificate (typcilly the certificates name the same as the servername)

my serve name is : twp-sharepoint
My domain name is :twp
when i was trying the certificate using selfssl, i create many certificate for testing ,and i put them in personal and trust root certification.
1- should i remove them ??

the original certificate is : TWP-TWP-Sharepoint-ca
and wmsvc-twp-sharepoint
2- which one should i use ?
3- should i create a new one using selfssl and name it twp-sharepoint ??
0
spring80Author Commented:
but in these steps :
http://www.isaserver.org/tutorials/How-to-Publish-Microsoft-Sharepoint-Service-ISA-Server-2006.html

he rename the certificate with the name of internet url (sps.it ....) not the name of the server(server3)

so i should name the certificate as the name of the our server : twp-sharepoint
or with the name of the internet access to our server : twp.dyndns.tv ??
0
ms-proCommented:
Hi,
You can remove all unnecessary certificates, no problem with that.

Regarding to the certificates name, the name should be the same as the site name so if your site called twp.dyndns.tv  then the certificate should have the same name.

if you are going to use http:// (Server Connection Security step in TMG) for the internal site then you dont need to use a certifiate, but if your weblistener is going to over https:// then you need to use the certificate with the same name as your external site in your case the site and the certificate name should be twp.dyndns.tv.
0
spring80Author Commented:
ok but our site is name : twp-sharepoint and each user in the network use http://twp-sharepoint to coonect to the sharepoint site.
if he enter twp.dyndns.tv within the intranet it is redirect to router (modem) web admin page
0
ms-proCommented:
if i understand right. test this solution on your local PC:
Browse to C:\Windows\system32\drivers\etc\hosts
open the the Hotsts file in notepad and add the following:
 Sharepoint IP      twp.dyndns.tv
save the hosts file, and try to connect to twp.dyndns.tv.
let me know if its work
0
spring80Author Commented:
no sir , it is doesnt work.

i can access http://twp-sharepoint from local pc but i can't access http://192.168.0.150 (the ip of the sharepoint server)

is there mapping problem or what exactly ? or related to dns ?
0
ms-proCommented:
Please use a name not an ip address (use the host method)
0
spring80Author Commented:
Dear Sir

it ia almost done , ican connect through https now from outside.
check https://twp.dyndns.tv
but now the problem i cannot connect through http from outside :
http://twp.dyndns.tv

running test rule give me this error :
Error details: An unexpected response was received from the server. HTTP response: 404 Not Found
Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.
0
spring80Author Commented:
Thanks you so much ,it is working .
excellent

regards
0
ms-proCommented:
no problem sir any time :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.