This is an error visible in the web browser when connecting to a HTTPS web site behind an ISA Server.
The problem is that the firewall access rule for this web site in ISA Server is forwarding the requests to an internal server on a port that it is not listening on. For example you connect to https://server.example.com and the ISA Server forwards this request to http://internalsrv. On the Bridging tab check that the mentioned port(s) are actually working on the internal server. For example if you are listening in ISA Server on 443 for a SSL connection and the SSL/HTTPS port is ticked make sure that the port is 443, and that the web server internally is listening on 443. If its another number make sure that it is meant to be the other number and not really 443 or not ticked at all. Ditto for the HTTP port, which is 80 by default.
1 comment:
Many years after posting this blog I came across the error again. On an SBS server that was five years since it was installed with the option to auto renew certificates, it renewed the publishing cert (I think), though another admin was logged in at the time and he restarted IIS - maybe he did this!
Anyway, because the self signed cert was renewed and the old one removed, but not configured properly in IIS Admin, IIS stopped listening on port 443. I replaced the certificate in IIS with one of the newly published ones, but ISA rejected that one as it was not trusted. The answer to that was to copy it to the Trusted Root Certificate Authoritities container in Certificates MMC (opening Local Computer and not Local User)
Post a Comment