We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
10 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
ISA 2006
Posted on 2013-01-06
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
- +2
6 Comments
See if this helps
If you're running SBS Premium w/ ISA, then you'll need to add a protocol
definition for TCP 8020. The way ISA works, is that it uses protocol
definitions to define protocol (TCP/UDP/ICMP) and port combinations. It
then uses protocol rules that are based on these definitions as well as
other policy elements like schedules, users, etc. to determin who can go
where when. The effective 'allow all traffic' rule we have in ISA on SBS is
somewhat misleading as it only allows all of the protocols that are
currently defined. If a user tries to access a resource on the internet
using a protocol that is not currently defined in ISA (e.g. TCP 8020), then
ISA is going to deny the outbound request. Adding the new protocol
definition and restarting the Microsoft ISA Server Control service should solve the problem
If you're running SBS Premium w/ ISA, then you'll need to add a protocol
definition for TCP 8020. The way ISA works, is that it uses protocol
definitions to define protocol (TCP/UDP/ICMP) and port combinations. It
then uses protocol rules that are based on these definitions as well as
other policy elements like schedules, users, etc. to determin who can go
where when. The effective 'allow all traffic' rule we have in ISA on SBS is
somewhat misleading as it only allows all of the protocols that are
currently defined. If a user tries to access a resource on the internet
using a protocol that is not currently defined in ISA (e.g. TCP 8020), then
ISA is going to deny the outbound request. Adding the new protocol
definition and restarting the Microsoft ISA Server Control service should solve the problem
Active today
No need to change anything in your rules. You should have an access rule that allow HTTPS to go outside and that's it for the rules...
The problem is that by default ISA/TMG do not allow SSL protocol on any other port than 443.
In your example the URL is https://blahblahblah:8020/... Meaning you want to access a SSL web site on a port that is not 443 !!
You can refer to this article that talks about the same problem : http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/d64b5887-9218-4387-bc95-11906e8bae82/
Even it is not the same port they want to use in the article it's the same cause.
As said in the article you'll have to download the script http://www.isatools.org/tools/isa_tpr.js and use it to allow your specific port 8020 to be used for SSL.
This change wil require a full restart of TMG services, stopping any current connections.
Have a good day.
The problem is that by default ISA/TMG do not allow SSL protocol on any other port than 443.
In your example the URL is https://blahblahblah:8020/... Meaning you want to access a SSL web site on a port that is not 443 !!
You can refer to this article that talks about the same problem : http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/d64b5887-9218-4387-bc95-11906e8bae82/
Even it is not the same port they want to use in the article it's the same cause.
As said in the article you'll have to download the script http://www.isatools.org/tools/isa_tpr.js and use it to allow your specific port 8020 to be used for SSL.
This change wil require a full restart of TMG services, stopping any current connections.
Have a good day.
Featured Post
It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server
SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages:
ERROR
1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month10 days, 15 hours left to enroll
631 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.