• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

https Sharepoint access through isa 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> https Sharepoint access through isa 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
https Sharepoint access through isa 2006 - 5.Jan.2007 9:12:50 AM   
junaid01

 

Posts: 1
Joined: 5.Jan.2007
Status: offline
Hi
iam trying to allow external users access to Sharepoint 2003 sites (SP2), using https (443) through an ISA 2006 Enterprise firewall. Sharepoint and Isa are installed on 2003 server with sp2.
Isa is currently setup as an edge firewall with 2 legs, internal and external. external leg is direct onto the internet.
I have created and array and within the array "firewall policy" i have created a rule "Sharepoint Site Publishing Rule", listener and a certificate.

However when i try to log onto it externally i get a following error:-
Action "Denied Connection"
Rule "[Enterprise] Default rule
Result Code "0xc004000d FWX_E_POLICY_RULES_DENIED"

internally i can access it fine via http or https.
Please Help
Post #: 1
RE: https Sharepoint access through isa 2006 - 19.Jan.2007 1:33:39 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Are you using SSL to SSL bridging?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to junaid01)
Post #: 2
RE: https Sharepoint access through isa 2006 - 9.Jul.2009 11:46:17 AM   
xxben007xx

 

Posts: 11
Joined: 25.Feb.2008
Status: offline
im having a similar issue. i am trying to use ssl to ssl bridging for my sharepoint sites. i have an external 3rd party wildcard cert on my web listener. i also installed an internal ca wildcard to bridge the ssl to the sharepoint server. however when i select the bridging to 443, and check use a certificate, my internal wildcard cert is not listed. my internal ca is a trusted root ca on the isa 2006 server. can i bridge from wildcard to wildcard? what am i doing wrong? i am using an internal wildcard becaues sherepoint is configured in host header mode.

thanks!


ben

(in reply to tshinder)
Post #: 3
RE: https Sharepoint access through isa 2006 - 9.Jul.2009 4:14:48 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
When you're on the Bridging tab, you do not need to select the option for 'Use a certificate'. That option is used for Certificate Authentication (mapping a cert to a certain user) and is not necessary for SSL Bridging to work correctly.

If you clear that option, what happens?

(in reply to xxben007xx)
Post #: 4
RE: https Sharepoint access through isa 2006 - 9.Jul.2009 5:27:29 PM   
xxben007xx

 

Posts: 11
Joined: 25.Feb.2008
Status: offline
i believe i have an issue with iis and sharepoint. after creating my sharepoint site in host header mode i cannot reach it over https locally. i believe isa is configured correctly. i will post my updates...

(in reply to ClintD)
Post #: 5
RE: https Sharepoint access through isa 2006 - 13.Jul.2009 9:38:14 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Is local access going through the ISA firewall?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to xxben007xx)
Post #: 6
RE: https Sharepoint access through isa 2006 - 23.Jul.2009 5:49:20 PM   
xxben007xx

 

Posts: 11
Joined: 25.Feb.2008
Status: offline
Tom,

thanks for your reply. could you describe it more? i spoke with Msft Support and we were able to determine that the problem i am having lies (i think) with ISA. The sharepoint server/site and iis is properly configured.

Basically from ISA's perspective, i have a wildcard listener (*.sub.domain.com) catching all external requests and i want to forward them internal to the sharepoint server using bridging of 443. The sharepoint server is using an internal wildcard for its sites (*.sub.domain.com) same as the public wildcard, just issued by my own internal ca. I get an error message when i test the rule:

Testing URL https://site1.sub.domain.com:443/
Category: Published server certificate error
Error details: 0x80090322 - The target principal name is incorrect.
Action: Go to http://go.microsoft.com/fwlink/?LinkId=115965


I have other rules configured (ssl termination) using the same public wildcard and listener and requests are forwarded to the same sharepoint server, just over http:80 not https:443; with no problems.

I am not sure why requests would fail over https unless there is a problem with my certificate. However, both ISA and the SharePoint trust the same internal CA. So ISA should trust the internal wildcard cert it issued.

Can isa bridge 443 external/internal to website using an internal wildcard cert? Does ISA expect to see a FQDN in the certificate and not a wildcard?

Ben

< Message edited by xxben007xx -- 24.Jul.2009 4:38:15 PM >

(in reply to tshinder)
Post #: 7
RE: https Sharepoint access through isa 2006 - 26.Jul.2009 12:07:33 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ben,

ISA 2006 is supposed to allow wildcard certificates on both the front-end (listener) and the back-end (published Web server), so it's strange that a 500 error should come up.

What name are you using on the "To" tab of the SSL Web Publishing Rule?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to xxben007xx)
Post #: 8
RE: https Sharepoint access through isa 2006 - 27.Jul.2009 2:21:55 PM   
xxben007xx

 

Posts: 11
Joined: 25.Feb.2008
Status: offline
it has the fqdn of the site. same that is referenced in the certificate error. example: site1.sub.domain.com

this also matches the hostheader on the sharepoint site.

the site can be browsed locally on the sharepoint server over https.

the front end listener (isa) is using a wildcard *.sub.domain.com
the back end sharepoint server is using the same *.sub.domain.com

the listener uses a wildcard issued by a 3rd party and the sharepoint server is using an internal wildcard.

(in reply to tshinder)
Post #: 9
RE: https Sharepoint access through isa 2006 - 28.Jul.2009 9:12:18 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Got me stumped on that one. I'll have to try to repro this config and see what the problem might be.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to xxben007xx)
Post #: 10
RE: https Sharepoint access through isa 2006 - 29.Jul.2009 9:58:48 AM   
xxben007xx

 

Posts: 11
Joined: 25.Feb.2008
Status: offline
tom,

i found that it works. i was using the test rule button and getting errors so i didnt actually try to login to the site exterally via isa. once i did this it worked. GRRR!! thanks for looking into this

Ben

(in reply to tshinder)
Post #: 11
RE: https Sharepoint access through isa 2006 - 30.Jul.2009 8:43:26 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Ha! That's great.

Thanks for the follow up.

Looks like the Test button isn't quite as good with wildcard certificates as the firewall itself

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to xxben007xx)
Post #: 12
RE: https Sharepoint access through isa 2006 - 12.Mar.2010 5:00:26 PM   
scottsever

 

Posts: 1
Joined: 12.Mar.2010
Status: offline
I am having a similar issue. I have OWA working through ISA, but I cannot get any connection to my Sharepoint site through ISA 2006. When I click on the Test Rule, it returns: Error: 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

What does this mean exactly? Is my Sharepoint WFE not responding to ISA requests? I have my SSL cert installed on both servers. My architecture is such that only external requests get directed through ISA. Internal is open to my domain users. Any help is GREATLY appreciated.

thanks!

Scott

(in reply to tshinder)
Post #: 13
RE: https Sharepoint access through isa 2006 - 26.Jan.2012 9:42:35 PM   
redhotcholopepper

 

Posts: 1
Joined: 26.Jan.2012
Status: offline
Hi Tom

I'm sort of on the same boat and I need assistance here please. I have a published OWA 2003 site as well as MOSS 2007 site in ISA 2006 SE. OWA 2003 site is hosted on a separate server machine as well as MOSS 2007 site is hosted on a different machine. My ISA 2006 has 1 NIC connected to the internal network (but with 2 IP addresses assigned to it) and 2 NICs facing the external network. I have followed your articles "Enabling-ISA-Firewall-FBA.for OWA.Internal.External.part1 and part2" where I used split DNS in publishing my OWA site. My OWA is working fine both when accessed from within internal network and external network. I sort of followed the same steps (in your articles above) in publishing my MOSS 2007 site. I am getting an error when I click Test Rule in the Web Publishing Rules I created for my MOSS 2007 site. There were 4 lines of error and they are as follow:-


Testing URL https://intranet1.stjosephsinternational.ac.pg:443/_layouts/
Category: General error
Error details: An unexpected response was received from the server. HTTP response: 404 Not Found
Action: Verify that the intended server is published and that virtual directories exist.
Ensure that you can browse the published site directly from an internal client computer.

Testing URL https://intranet1.stjosephsinternational.ac.pg:443/_upresources/

Testing URL https://intranet1.stjosephsinternational.ac.pg:443/_vti_bin/

Testing URL https://intranet1.stjosephsinternational.ac.pg:443/_vti_inf.html*


I hope you can assist me.

Best Regards,
Pocholo

(in reply to scottsever)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> https Sharepoint access through isa 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts