https Sharepoint access through isa 2006 (Full Version)

All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing


junaid01 -> https Sharepoint access through isa 2006 (5.Jan.2007 9:12:50 AM)

iam trying to allow external users access to Sharepoint 2003 sites (SP2), using https (443) through an ISA 2006 Enterprise firewall. Sharepoint and Isa are installed on 2003 server with sp2.
Isa is currently setup as an edge firewall with 2 legs, internal and external. external leg is direct onto the internet.
I have created and array and within the array "firewall policy" i have created a rule "Sharepoint Site Publishing Rule", listener and a certificate.

However when i try to log onto it externally i get a following error:-
Action "Denied Connection"
Rule "[Enterprise] Default rule
Result Code "0xc004000d FWX_E_POLICY_RULES_DENIED"

internally i can access it fine via http or https.
Please Help

tshinder -> RE: https Sharepoint access through isa 2006 (19.Jan.2007 1:33:39 PM)

Are you using SSL to SSL bridging?


xxben007xx -> RE: https Sharepoint access through isa 2006 (9.Jul.2009 11:46:17 AM)

im having a similar issue. i am trying to use ssl to ssl bridging for my sharepoint sites. i have an external 3rd party wildcard cert on my web listener. i also installed an internal ca wildcard to bridge the ssl to the sharepoint server. however when i select the bridging to 443, and check use a certificate, my internal wildcard cert is not listed. my internal ca is a trusted root ca on the isa 2006 server. can i bridge from wildcard to wildcard? what am i doing wrong? i am using an internal wildcard becaues sherepoint is configured in host header mode.



ClintD -> RE: https Sharepoint access through isa 2006 (9.Jul.2009 4:14:48 PM)

When you're on the Bridging tab, you do not need to select the option for 'Use a certificate'. That option is used for Certificate Authentication (mapping a cert to a certain user) and is not necessary for SSL Bridging to work correctly.

If you clear that option, what happens?

xxben007xx -> RE: https Sharepoint access through isa 2006 (9.Jul.2009 5:27:29 PM)

i believe i have an issue with iis and sharepoint. after creating my sharepoint site in host header mode i cannot reach it over https locally. i believe isa is configured correctly. i will post my updates...

tshinder -> RE: https Sharepoint access through isa 2006 (13.Jul.2009 9:38:14 AM)

Is local access going through the ISA firewall?


xxben007xx -> RE: https Sharepoint access through isa 2006 (23.Jul.2009 5:49:20 PM)


thanks for your reply. could you describe it more? i spoke with Msft Support and we were able to determine that the problem i am having lies (i think) with ISA. The sharepoint server/site and iis is properly configured.

Basically from ISA's perspective, i have a wildcard listener (* catching all external requests and i want to forward them internal to the sharepoint server using bridging of 443. The sharepoint server is using an internal wildcard for its sites (* same as the public wildcard, just issued by my own internal ca. I get an error message when i test the rule:

Testing URL
Category: Published server certificate error
Error details: 0x80090322 - The target principal name is incorrect.
Action: Go to

I have other rules configured (ssl termination) using the same public wildcard and listener and requests are forwarded to the same sharepoint server, just over http:80 not https:443; with no problems.

I am not sure why requests would fail over https unless there is a problem with my certificate. However, both ISA and the SharePoint trust the same internal CA. So ISA should trust the internal wildcard cert it issued.

Can isa bridge 443 external/internal to website using an internal wildcard cert? Does ISA expect to see a FQDN in the certificate and not a wildcard?


tshinder -> RE: https Sharepoint access through isa 2006 (26.Jul.2009 12:07:33 PM)

Hi Ben,

ISA 2006 is supposed to allow wildcard certificates on both the front-end (listener) and the back-end (published Web server), so it's strange that a 500 error should come up.

What name are you using on the "To" tab of the SSL Web Publishing Rule?


xxben007xx -> RE: https Sharepoint access through isa 2006 (27.Jul.2009 2:21:55 PM)

it has the fqdn of the site. same that is referenced in the certificate error. example:

this also matches the hostheader on the sharepoint site.

the site can be browsed locally on the sharepoint server over https.

the front end listener (isa) is using a wildcard *
the back end sharepoint server is using the same *

the listener uses a wildcard issued by a 3rd party and the sharepoint server is using an internal wildcard.

tshinder -> RE: https Sharepoint access through isa 2006 (28.Jul.2009 9:12:18 AM)

Got me stumped on that one. I'll have to try to repro this config and see what the problem might be.


xxben007xx -> RE: https Sharepoint access through isa 2006 (29.Jul.2009 9:58:48 AM)


i found that it works. i was using the test rule button and getting errors so i didnt actually try to login to the site exterally via isa. once i did this it worked. GRRR!! thanks for looking into this


tshinder -> RE: https Sharepoint access through isa 2006 (30.Jul.2009 8:43:26 AM)

Ha! That's great.

Thanks for the follow up.

Looks like the Test button isn't quite as good with wildcard certificates as the firewall itself [;)]


scottsever -> RE: https Sharepoint access through isa 2006 (12.Mar.2010 5:00:26 PM)

I am having a similar issue. I have OWA working through ISA, but I cannot get any connection to my Sharepoint site through ISA 2006. When I click on the Test Rule, it returns: Error: 10060 - A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

What does this mean exactly? Is my Sharepoint WFE not responding to ISA requests? I have my SSL cert installed on both servers. My architecture is such that only external requests get directed through ISA. Internal is open to my domain users. Any help is GREATLY appreciated.



redhotcholopepper -> RE: https Sharepoint access through isa 2006 (26.Jan.2012 9:42:35 PM)

Hi Tom

I'm sort of on the same boat and I need assistance here please. I have a published OWA 2003 site as well as MOSS 2007 site in ISA 2006 SE. OWA 2003 site is hosted on a separate server machine as well as MOSS 2007 site is hosted on a different machine. My ISA 2006 has 1 NIC connected to the internal network (but with 2 IP addresses assigned to it) and 2 NICs facing the external network. I have followed your articles "Enabling-ISA-Firewall-FBA.for OWA.Internal.External.part1 and part2" where I used split DNS in publishing my OWA site. My OWA is working fine both when accessed from within internal network and external network. I sort of followed the same steps (in your articles above) in publishing my MOSS 2007 site. I am getting an error when I click Test Rule in the Web Publishing Rules I created for my MOSS 2007 site. There were 4 lines of error and they are as follow:-

Testing URL
Category: General error
Error details: An unexpected response was received from the server. HTTP response: 404 Not Found
Action: Verify that the intended server is published and that virtual directories exist.
Ensure that you can browse the published site directly from an internal client computer.

Testing URL

Testing URL

Testing URL*

I hope you can assist me.

Best Regards,

Page: [1]