Hi iam trying to allow external users access to Sharepoint 2003 sites (SP2), using https (443) through an ISA 2006 Enterprise firewall. Sharepoint and Isa are installed on 2003 server with sp2. Isa is currently setup as an edge firewall with 2 legs, internal and external. external leg is direct onto the internet. I have created and array and within the array "firewall policy" i have created a rule "Sharepoint Site Publishing Rule", listener and a certificate.
However when i try to log onto it externally i get a following error:- Action "Denied Connection" Rule "[Enterprise] Default rule Result Code "0xc004000d FWX_E_POLICY_RULES_DENIED"
internally i can access it fine via http or https. Please Help
im having a similar issue. i am trying to use ssl to ssl bridging for my sharepoint sites. i have an external 3rd party wildcard cert on my web listener. i also installed an internal ca wildcard to bridge the ssl to the sharepoint server. however when i select the bridging to 443, and check use a certificate, my internal wildcard cert is not listed. my internal ca is a trusted root ca on the isa 2006 server. can i bridge from wildcard to wildcard? what am i doing wrong? i am using an internal wildcard becaues sherepoint is configured in host header mode.
When you're on the Bridging tab, you do not need to select the option for 'Use a certificate'. That option is used for Certificate Authentication (mapping a cert to a certain user) and is not necessary for SSL Bridging to work correctly.
i believe i have an issue with iis and sharepoint. after creating my sharepoint site in host header mode i cannot reach it over https locally. i believe isa is configured correctly. i will post my updates...
thanks for your reply. could you describe it more? i spoke with Msft Support and we were able to determine that the problem i am having lies (i think) with ISA. The sharepoint server/site and iis is properly configured.
Basically from ISA's perspective, i have a wildcard listener (*.sub.domain.com) catching all external requests and i want to forward them internal to the sharepoint server using bridging of 443. The sharepoint server is using an internal wildcard for its sites (*.sub.domain.com) same as the public wildcard, just issued by my own internal ca. I get an error message when i test the rule:
I have other rules configured (ssl termination) using the same public wildcard and listener and requests are forwarded to the same sharepoint server, just over http:80 not https:443; with no problems.
I am not sure why requests would fail over https unless there is a problem with my certificate. However, both ISA and the SharePoint trust the same internal CA. So ISA should trust the internal wildcard cert it issued.
Can isa bridge 443 external/internal to website using an internal wildcard cert? Does ISA expect to see a FQDN in the certificate and not a wildcard?
< Message edited by xxben007xx -- 24.Jul.2009 4:38:15 PM >
i found that it works. i was using the test rule button and getting errors so i didnt actually try to login to the site exterally via isa. once i did this it worked. GRRR!! thanks for looking into this
I am having a similar issue. I have OWA working through ISA, but I cannot get any connection to my Sharepoint site through ISA 2006. When I click on the Test Rule, it returns: Error: 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
What does this mean exactly? Is my Sharepoint WFE not responding to ISA requests? I have my SSL cert installed on both servers. My architecture is such that only external requests get directed through ISA. Internal is open to my domain users. Any help is GREATLY appreciated.
I'm sort of on the same boat and I need assistance here please. I have a published OWA 2003 site as well as MOSS 2007 site in ISA 2006 SE. OWA 2003 site is hosted on a separate server machine as well as MOSS 2007 site is hosted on a different machine. My ISA 2006 has 1 NIC connected to the internal network (but with 2 IP addresses assigned to it) and 2 NICs facing the external network. I have followed your articles "Enabling-ISA-Firewall-FBA.for OWA.Internal.External.part1 and part2" where I used split DNS in publishing my OWA site. My OWA is working fine both when accessed from within internal network and external network. I sort of followed the same steps (in your articles above) in publishing my MOSS 2007 site. I am getting an error when I click Test Rule in the Web Publishing Rules I created for my MOSS 2007 site. There were 4 lines of error and they are as follow:-
Testing URL https://intranet1.stjosephsinternational.ac.pg:443/_layouts/ Category: General error Error details: An unexpected response was received from the server. HTTP response: 404 Not Found Action: Verify that the intended server is published and that virtual directories exist. Ensure that you can browse the published site directly from an internal client computer.