ISA 2006 Doesn’t Accept HTTPS Traffic
Wanted to make a note about this just in case someone else ever runs into this problem.
ISSUE: ISA drops traffic to port 443 (HTTPS) based on the system rule allow HTTPS Traffic to specific sites. None of the publishing rules for ISA on HTTPS ports seem to get processed and then the traffic is dropped by the default rule.
I have to say I spent too much time trying to figure this one out. Nothing on the system pointed as to why this traffic would get processed like this. running the ISA troubleshooter didn’t point to anything that would cause this. It seemed like the ISA server was just ignoring the traffic.
The ISA analyzer did provide some insight on the issue. It made mention to the web proxy filter failing to bind to port 443. This seemed strange as I didn’t remember installing anything that would bind to port 443. that is when it hit me. Windows Remote Management.
So what had happened is I was installing Dell Openmanage on Windows Server 2003 R2, for Openmange to work it required windows remote management. According to the documentation I had to bind WinRM to HTTPS, the command it recommended was like this
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<host_name>";CertificateThumbprint=""}
The problem lies in the “Address=*” part of the command. Of course I realize this now.
To correct the problem I had to delete this entry in winrm with the command:
winrm delete winrm/config/Listener?Address=*+Transport=HTTP
And then run the command and bind it only to the internal IP address.
winrm create winrm/config/Listener?Address=a.b.c.d+Transport=HTTPS @{Hostname=”servername";CertificateThumbprint="……."}
Once this was complete and I restarted the ISA services web proxy filter service didn’t report any errors binding to external ip addresses. The external sites were now available.
Comments
Leave a Reply
