Welcome to ISAserver.org

Publishing multiple websites on a single URL

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Publishing multiple websites on a single URL

Page: [1]

Message

<< Older Topic Newer Topic >>

Publishing multiple websites on a single URL - 21.Jul.2004 3:46:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi all,

I'm encoutering a few problems and know how's on the following.

First my network situation:
My ISP has a hostname like myname.myisp.nl in its DNS, im not able to make sub domains like owa.myname.myisp.nl.

Schema:
My ISP with in its DNS myname.myisp.nl witch points to my internet ipadres.
|
|
|
10.0.0.1
Stand alone windows 2003 server with ISA server 2004 (not in the internal domain).
192.168.100.1
|
|
|
192.168.100.5
Windows 2003 server (mydomain.internal.net)
DC / DNS / Webserver

What i want to do is to publish like multiple websites. All the websites are on the DC server.
I want to publish like the following websites.

mydomain.internal.net:8098 = Administration site (SSL)
mydomain.internal.net:443 = default SSL
mydomain.internal.net:8080 = WMA admin
mydomain.internal.net:80 = normal non SSL root dir

And some other like tsweb, printer, owaadmin, etc etc

How do i publish this on myname.myisp.nl?

P.s. i want to use SSL bridging and not tunneling.

Thanxz for the advise

Post #: 1

Featured Links*

RE: Publishing multiple websites on a single URL - 22.Jul.2004 12:25:00 AM

Uju Sivas

Posts: 236
Joined: 31.Dec.2001
Status: offline

this was joke in 2000, I don't know , if it is still valid....

I mean you cannot

(in reply to StarChase)

Post #: 2

RE: Publishing multiple websites on a single URL - 22.Jul.2004 7:11:00 AM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: online

Hi Star,

Instead of using alternate port numbers for each internal site, use alternate IP addresses. Then this configuration is a no-brainer. Using alternate port numbers makes is difficult for the Web Proxy filter to determine exactly where you want the direct to go, esp. if you want to use SSL to SSL bridging. But if you assign each site a different address (I never use alternate ports, always different addresses for each site), then its quite easy.

HTH,
Tom

[ July 22, 2004, 07:13 AM: Message edited by: tshinder ]

(in reply to StarChase)

Post #: 3

RE: Publishing multiple websites on a single URL - 22.Jul.2004 2:05:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Thanxz Tom, i will try it out later this evening.
Let you all know if i run into any problems.

(in reply to StarChase)

Post #: 4

RE: Publishing multiple websites on a single URL - 22.Jul.2004 3:21:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

I gave the NIC of the DC / webserver the following ip's extra.

192.168.100.6
192.168.100.7
192.168.100.8
192.168.100.9

Then i went to IIS management and bound all the diffrent virtual website's to its own ip adres like.

192.168.100.5 = Default website
192.168.100.6 = Administration
192.168.100.7 = Microsoft SharePoint Administration
192.168.100.8 = Windows Media Administration
192.168.100.9 = Nothing yet / reserved

Then i gave all virtual dirs to listen on port 80 for normal requests and set all the virtual dirs on port 443 for SSL requests. Then i restarted IIS but it starts only 1 site and gives the folowing error "Cannot create a file when that file already exists".

P.s. i removed all SSL certificated from all virtual websites and didnt maked new ones yet.

Greetz

(in reply to StarChase)

Post #: 5

RE: Publishing multiple websites on a single URL - 23.Jul.2004 3:54:00 AM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: online

Hi Star,

Interesting. I have a few IIS machines that host over 50 sites, each with its own private IP address and have never encountered this issue. I've heard of IIS machine hosting hundreds of sites using different addresses.

Not sure what would be causing the problem here. I'm sure its not a certificate issue, since you can use the same certificate on all the sites if you like (although it won't work in a publishing scenario, IIS itself doesn't care if you use the same cert on all sites).

HTH,
Tom

(in reply to StarChase)

Post #: 6

RE: Publishing multiple websites on a single URL - 23.Jul.2004 9:19:00 AM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi all / Tom,

This is what i mean whats happening when i tried to follow up Toms advise.

But when im using a diffrent port like displayed on the administration site it does start [Confused]

It should work becouse each site has its own ip adres [Frown]

Some advise ?

[ July 23, 2004, 09:21 AM: Message edited by: StarChase ]

(in reply to StarChase)

Post #: 7

RE: Publishing multiple websites on a single URL - 26.Jul.2004 3:08:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi all,

What i forgot is that the SSL part was still standing on default, so it tryed to bind SSL port 443 on the same ip, so it gave the error that the port was already being used.

Ive now set it up correctly, ganna test the bridging etc.

Thanxz by the way

(in reply to StarChase)

Post #: 8

RE: Publishing multiple websites on a single URL - 27.Jul.2004 9:09:00 AM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Ive made for each site a diffrent SSL certificate what is issued to the same external URL name like.

issued to: myurl.nl

I've imported these certificates into the ISA box under "Certificates (local computer" under the personal certificates AND the Trusted root certificates authority

But now i recieve this error:

The page cannot be displayed
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------------

Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

[ July 27, 2004, 09:12 AM: Message edited by: StarChase ]

(in reply to StarChase)

Post #: 9

RE: Publishing multiple websites on a single URL - 28.Jul.2004 1:47:00 AM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: online

Hi Star,

For each Web Publishing rule, the name on the "To" tab must match the name on the certificate used on the Web site, and that name must resolve to the IP address the Web site is listening on at the Web server.

HTH,
Tom

(in reply to StarChase)

Post #: 10

RE: Publishing multiple websites on a single URL - 28.Jul.2004 1:58:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi Tom / All,

I have changed the name on the "To" tab and placed the name in my Host file becouse my internal domain has no records in the DNS of my ISP. But it still results in the same error.

Here some more info and screenshots.

ISP hostname = myname.xs4all.nl
myname.xs4all.nl points to my ip / ISA server.

ISA server = 192.168.100.1 (internal NIC)
Is not member of the internal domain wolters.net
Has in its hostfile myname.xs4all.nl to point to 192.168.100.5

DC / Webserver = deep-space-9.wolters.net / 192.168.100.5

Here some screeners from the IIS on the DC / webserver.

Here some screeners of my ISA

[ July 28, 2004, 02:01 PM: Message edited by: StarChase ]

(in reply to StarChase)

Post #: 11

RE: Publishing multiple websites on a single URL - 29.Jul.2004 7:41:00 AM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: online

Hi Star,

So, on the ISA firewall, when you ping the *actual name* you have on the Web site certificate, what IP address is returned?

Thanks!
Tom

(in reply to StarChase)

Post #: 12

RE: Publishing multiple websites on a single URL - 29.Jul.2004 8:30:00 AM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi Tom,

When im logged on the ISA box and pinging myurl.xs4all.nl it points to 192.168.100.5, it doesnt come back with the external ip adsress assighned from my ISP, so thats fine i think.

However, i dont know how ISA itself handles DNS.
For the extra info, there is also DNS running on the ISA box, its the secondary DNS for if the DC is offline for the internal clients. The ISA box replicates its DNS entry's from the DC. In the internal DNS on the DC, there is no entry myurl.xs4all.nl and uses my ISP DNS as forwarders.

If ISA uses my internal DNS it would resolve the external ipadres of my ISP i think, maybe there's the problem?

What i will try to do is to disable the DNS on the ISA, maybe that helps.

Update: Ive deinstalled the DNS on the ISA box, but still results in:

Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

Cant be this the issue?
This certificate is from a client on the internet.

[ July 29, 2004, 10:18 AM: Message edited by: StarChase ]

(in reply to StarChase)

Post #: 13

RE: Publishing multiple websites on a single URL - 29.Jul.2004 3:26:00 PM

tshinder

Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: online

Hi Star,

That could explain it!

Make sure the CA's certificate is in the Trusted Root Certification Authorities certificate store on the ISA firewall computer.

HTH,
Tom

(in reply to StarChase)

Post #: 14

RE: Publishing multiple websites on a single URL - 29.Jul.2004 10:13:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi Tom,

The certificate is in the trusted store.
Ive exported the certificate to a *.pfx file with the export of the private key and imported with the mmc certification in the ISA box.
*sigh* [Frown]

I will take a look in the morning for other options, keep you posted.

Thanxz for all the help in this never ending issue....

(in reply to StarChase)

Post #: 15

RE: Publishing multiple websites on a single URL - 30.Jul.2004 1:13:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Hi tom / all,

I think that i have found the problem! [Smile]

, i reviewed some other articles like using the wildcart cert on making, exporting and importing certificates.

On the isa box in the certificate mmc are the certificates in the personal and trusted root store, but if you dubble click the certificate it gives a red cross through the certificate and it seas something that it cant find the CA to verify if the private key is valid. The ISA Box is not in the domain, do you know how the ISA box can connect to the DC CA for verifying the certs?

I can ping the DC server on the name of the certificate, like deep-space-9.wolters.net and on myurl.xs4all.nl

Update: Must the Sertificate Services be installed on the ISA box?
Ive installed it now as a stand alone sub CA.
The DC has a Enterprice CA.

[ July 30, 2004, 02:13 PM: Message edited by: StarChase ]

(in reply to StarChase)

Post #: 16

RE: Publishing multiple websites on a single URL - 30.Jul.2004 2:23:00 PM

StarChase

Posts: 59
Joined: 5.Feb.2004
From: The Netrherlands
Status: offline

Tom,

It finally works now, the problem was that i had not installed the certificate services on the ISA box as a sub CA. It works now fine, i owe you 1 !

Thanxz for the great support! [Smile]

(in reply to StarChase)

Post #: 17