Re: ISA Event
From: Jack (jack30_at_hotmail.com)
Date: 10/07/04
- Next message: Jack: "Re: ISA Event"
- Previous message: Ben Tan: "Member server on SBS 2000"
- In reply to: SuperGumby [SBS MVP]: "Re: ISA Event"
- Next in thread: Jack: "Re: ISA Event"
- Reply: Jack: "Re: ISA Event"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 7 Oct 2004 12:57:28 +1000
Thats my problem i don't know how to bind 443 only to one interface i know
80 is not bound in iis anymore thanks to disableingsocketpooling but 443
still is bound to both.
Here is the details:
c:\ netstat -an | find "443"
TCP 10.0.0.2:443 0.0.0.0 LISTENING
TCP 127.0.0.1 0.0.0.0 LISTENING
TCP 192.168.4.9 0.0.0.0 LISTENING
As you can see 443 is bound to everything.
I ran the same command on 80 and 8080 and they are only bound to the 1
interface.
How do i fix it. It is very frustrating.
Can you take isa of sbs and use it on a second machine connected to the
router. That would fix the problem.
Thanks
Jack.
"SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
news:uLXJwz6qEHA.3288@TK2MSFTNGP12.phx.gbl...
> OK, so try manually binding 443 only to the internal interface.
>
> not via a command, via IIS management.
>
> "Jack" <jack30@hotmail.com> wrote in message
> news:u37gnOzqEHA.3840@TK2MSFTNGP10.phx.gbl...
> > Hi
> > I am not trying to put you guys down at all thats why i am here seeking
> > advise from MVP's i just get a bit defensive i suppose spending all that
> > money on microsoft courses does that especially when you get a problem
you
> > haven't covered in the courses and as i said earlier they don't teach
> > anything about sbs only enterprise level like all the domain controllers
i
> > have used have iis and isa on seperate boxes usually on 3 leg perimiter
> > networks. I understand that it is not just sbs as isa and iis on any box
> > would give the same grief even in a enterprise enviroment. You are right
> > and
> > thats why i can't understand why when i ran the to do list it didn't fix
> > the
> > problem on 443. Doesn't the iis section in the to do list unbind iis
from
> > port 80 not 80 and 443? I noticed i am not getting port 80 warnings in
the
> > event viewer. It only started when we created a certificate server on
sbs
> > so
> > you have to use 443 to get it the eg: OWA working externally. If i turn
> > off
> > the 443 ( uninstall the certificate) and use 80 again there is no
problem
> > as
> > the to do list did its job if i go back to certificates then i get the
> > warning in the event viewer.
> > Thanks
> > Jack.
> > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> > news:#4pML9sqEHA.3244@tk2msftngp13.phx.gbl...
> >> Hi Jack,
> >>
> >> I left this alone till I was home rather than work.
> >>
> >> I'm sorry you have this idea that there is some MVP vs MCPE thing,
> > there
> >> is no such item on my agenda.
> >>
> >> Think about it. If you had followed my advice you _COULD NOT_ be
> >> receiving the same error message. IIS would no longer be bound to your
> >> external interface so would no longer be in conflict with the ISA
> > listeners.
> >>
> >> You're right. The MVP award is not a certification. It is
recognition
> > of
> >> efforts made with no expectation of reward.
> >>
> >> Why do we, or at least I, post links rather than explanations?
> >> Because
> > I
> >> don't want to give a man a fish, I want him to learn how to fish. That
> >> and
> >> the fact that if the link exists the problem has been resolved
previously
> >> and is probably better explained in a well thought out article than my
> > best
> >> recollection of such.
> >>
> >> I will still claim that (my fellow MVP, grrrr, now it's an MVP vs
MVP
> >> WAR!!!! :) Chad's answer is wrong. In one foul swoop he advised to
ignore
> >> the wizards designed to handle this task in an SBS environment.
> >>
> >> BTW. Your 'error' (which it isn't, it is more an informational
alert)
> >> would occur on any system (ie. even those big corporate boxes) which
had
> > ISA
> >> listeners and IIS bound to the same interface. It is in no way SBS
> > specific.
> >>
> >> "Jack" <jack30@hotmail.com> wrote in message
> >> news:%233yRWpmqEHA.1160@tk2msftngp13.phx.gbl...
> >> > The fix you reckon works didn't. i still get the same message in the
> > event
> >> > viewer. I am not bothering with sbs2k i am installing 2003 at least i
> > can
> >> > get it to work ok.
> >> > It is funny how MVP's put down MCSE's when MVP isn't even a
> > certification.
> >> > It is really funny you can say we MVP's fix up problems MCSE did,
you
> >> > must
> >> > be mental. Why don't you people go and pay some money and get a
proper
> >> > certification against your name? I have noticed all you guys do is go
> >> > to
> >> > the
> >> > knowledge base or paste a link to the knowledge base, well to pass an
> > exam
> >> > you need to know how to fix and troubleshoot without having to use
the
> > ms
> >> > website.
> >> > Jack.
> >> >
> >> > Jack.
> >> >
> >> > "Chad A. Gross [SBS Community Member]"
> >> > <chad.gross@laytonflower.nospam.com>
> >> > wrote in message news:eCq3uHJpEHA.3592@TK2MSFTNGP09.phx.gbl...
> >> >> LOL . . . Mick, it's so nice to see that your penchant for
subtlety
> >> > hasn't
> >> >> changed . . . ;^)
> >> >>
> >> >> Jack - for the record, he is right. The Configure IIS task on the
To
> > Do
> >> >> List will disable socket pooling, and when you run the ICW you have
> >> >> the
> >> >> option to publish your website, which will create the necessary web
> >> >> publishing rule within ISA.
> >> >>
> >> >> --
> >> >>
> >> >> Chad A. Gross - SBS MVP
> >> >> SBS ROCKS!
> >> >>
> >> >> www.msmvps.com/cgross
> >> >> www.gosbs.org
> >> >>
> >> >>
> >> >> SuperGumby [SBS MVP] wrote:
> >> >> > tickles my fancy that does.
> >> >> >
> >> >> > The man who gives the right answer is lambasted while the man
giving
> >> >> > the wrong one is thanked.
> >> >> >
> >> >> > "Jack" <jack30@hotmail.com> wrote in message
> >> >> > news:#q9twSHpEHA.896@TK2MSFTNGP12.phx.gbl...
> >> >> >> Thanks Chad
> >> >> >> Thats the answer i was after and all i wanted from the start.
> >> >> >> I wasn't having a go at dudes that use sbs i was having a go at
> >> >> >> microsoft as in all my courses and tests there is no sbs
questions
> >> >> >> they don't teach you about how to run sbs server studying mcse. I
> >> >> >> realised it was different unlike some people i know that only use
> >> >> >> enterprise and have egos thinking they can fix all ms products I
> >> >> >> came here so I don't stuff the sbs server up eg: I have never
used
> >> >> >> a
> >> >> >> domain controller that pops mail i am used to mail servers so
that
> >> >> >> was an eye opener as exchange enterprise doesn't come with any
pop
> >> >> >> connector.
> >> >> >> But the good thing is now i will know both worlds even though i
am
> >> >> >> not used to running so many wizards i will learn them so thanks
> >> >> >> again.
> >> >> >> Cheers
> >> >> >> Jack
> >> >> >> "Chad A. Gross [SBS Community Member]"
> >> >> >> <chad.gross@laytonflower.nospam.com> wrote in message
> >> >> >> news:ugxRLqDpEHA.648@tk2msftngp13.phx.gbl...
> >> >> >>> Jack -
> >> >> >>>
> >> >> >>> It sounds like you're trying to bind an IIS website to port 443
on
> >> >> >>> your external interface. This isn't going to happen because the
> >> >> >>> ISA web listeners are bound to 80 & 443 on your external
> >> >> >>> interface.
> >> >> >>> What you want to do is create a web publishing rule in ISA.
Open
> >> >> >>> ISA Management, expand Servers & Arrays | <servername> |
> >> >> >>> Publishing
> >> >> >>> | Web Publing Rules.
> >> >> > Click
> >> >> >>> Action | New | Rule. Follow the wizard to create a new web
> >> >> >>> publishing rule to publish your web site.
> >> >> >>>
> >> >> >>> The reason you want to do it this way (instead of directly
binding
> >> >> >>> the website to the external interface) is to take advantage of
the
> >> >> >>> application-level filtering that ISA gives you.
> >> >> >>>
> >> >> >>> As for the wizards, they're there so we can easily & quickly fix
> >> >> >>> an
> >> >> >>> SBS and get it to a recommended configuration after an
Enterprise
> >> >> >>> MCSE screws it up . . . ;^) That is nothing against you
> >> >> >>> personally - most smallbiz IT consultants would have a hard time
> >> >> >>> adjusting to an enterprise deployment. The big difference is
that
> >> >> >>> we know we'd have to learn new things to fit into that
> >> >> >>> environment.
> >> >> >>> All to often, the enterprise level tech assumes that SBS is just
> >> >> >>> these 4 products installed on one box. What they overlook is
that
> >> >> >>> SBS is much more than the sum of it's parts, and the fact that
we
> >> >> >>> have IIS, Exchange & ISA on our one & only DC means that we do
> >> >> >>> things slightly differently. More often than not, they don't
> >> >> >>> respect that they may have to learn something to get this box to
> >> >> >>> sing. All of us have our own real-world experiences of cleaning
> >> >> >>> up
> >> >> >>> after the enterprise MCSE who tried to set up SBS . . . :^)
> >> >> >>>
> >> >> >>> As for the security - we're all aware that SBS breaks MS' own
> >> >> >>> rules
> >> >> >>> regarding ISA - and we'd love to be able to pull that off and
put
> >> >> >>> in on a separate server. However, our threat vectors down here
> >> >> >>> are
> >> >> >>> slightly different that the enterprise. Our main threat isn't
the
> >> >> >>> fact that our ISA is on our DC - no, our main threat is our
> >> >> >>> desktops, and poorly written smallbiz apps (QuickBooks) that
> >> >> >>> require local Administrator rights, etc.
> >> >> >>>
> >> >> >>> Back to the wizards - you do realize that the wizards write log
> >> >> >>> files that tell you what they did?
> >> >> >>>
> >> >> >>> --
> >> >> >>>
> >> >> >>> Chad A. Gross - SBS MVP
> >> >> >>> SBS ROCKS!
> >> >> >>>
> >> >> >>> www.msmvps.com/cgross
> >> >> >>> www.gosbs.org
> >> >> >>>
> >> >> >>>
> >> >> >>> Jack wrote:
> >> >> >>>> Mate, just face the fact that you don't know how to fix my
> >> >> >>>> problem. I don't know by what you mean the hard way? I ran the
> >> >> >>>> wizards in the to do list and it didn't fix the problem just
like
> >> >> >>>> you recommended. SBS is basicly made for companys who don't
> >> >> >>>> really have a fulltime administrator and thats why there is so
> >> >> >>>> many wizards. You dont get all those wizards in enterprise
> >> >> >>>> edition
> >> >> >>>> and that makes a whole lot of difference when troubleshooting
a
> >> >> >>>> problem as you need to know the program not just how to run a
> >> >> >>>> wizard. How do you know a wizard worked as they don't tell you
> >> >> >>>> where wizard makes changes so how can you troubleshoot a
problem
> >> >> >>>> if you don't know where the exact changes are made.I would
rather
> >> >> >>>> make the changes myself even though it might take a bit longer
at
> >> >> >>>> lease you know what happened step by step if there is a problem
> >> >> >>>> down the track so you know where to fix the problem .And how
can
> >> >> >>>> you undo wizards. You can't. You just rerun them. dodgy.
> >> >> >>>> Jack
> >> >> >>>>
> >> >> >>>>
> >> >> >>>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> >> >> >>>> news:#YN6t43oEHA.3460@TK2MSFTNGP15.phx.gbl...
> >> >> >>>>> and I feel sorry for people who do things the hard way.
> >> >> >>>>>
> >> >> >>>>> "Jack" <jack2007a@hotmail.com> wrote in message
> >> >> >>>>> news:#j996I3oEHA.800@TK2MSFTNGP14.phx.gbl...
> >> >> >>>>>> Hi, when i said i am new to sbs 2k i mean't new to having all
> >> >> >>>>>> apps on the same box. I use windows Advanced server 2003 in
an
> >> >> >>>>>> enterprise with a multiple domain structure with seperate
boxes
> >> >> >>>>>> for ISA, Exchange etc. I am currently Studying my MCSE 2003
and
> >> >> >>>>>> as the books say.....Don't have isa and iss on the same box.
MS
> >> >> >>>>>> recommend having the seperate scenario for security purposes
> >> >> >>>>>> even exchange should be seperate. Basicly SBS breaks their
own
> >> >> >>>>>> rules. I have also noticed that alot of the services are not
> >> >> >>>>>> even being used on sbs, What a waste. I feel sorry for people
> >> >> >>>>>> who just use sbs as they don't get to see the full function
of
> >> >> >>>>>> Forest wide domain structure and all the services that come
> >> >> >>>>>> with
> >> >> >>>>>> it. To answer your question i did use the to do list. The iis
> >> >> >>>>>> section in yhe list just runs a wizard which does exactly the
> >> >> >>>>>> same thing as i did in the command prompt (Disabled
> >> >> >>>>>> socketpooling) In sbs 2003 it is easy to do using httpcfg but
> >> >> >>>>>> not 2k.
> >> >> >>>>>> I just need to know how to disablesocketpooling for port 443
> >> >> >>>>>> rather than just 80 without having to change the port which
> >> >> >>>>>> will
> >> >> >>>>>> work. Thanks
> >> >> >>>>>> Jack.
> >> >> >>>>>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> >> >> >>>>>> news:u8thTa8nEHA.3968@TK2MSFTNGP11.phx.gbl...
> >> >> >>>>>>> It says nothing of the sort, there is an inference that
socket
> >> >> >>>>>>> pooling has been disabled, if you stretch your imagination a
> >> >> >>>>>>> long way, all you really present is a single line of netstat
> >> >> >>>>>>> output. But hey, what's the big deal.
> >> >> >>>>>>>
> >> >> >>>>>>> More important than any measure you may have manually taken
> >> >> >>>>>>> I'm
> >> >> >>>>>>> interested to find out whether you have completed (at least)
> > the
> >> >> >>>>>>> to-do list items I refer to and hopefully the full to-do
list.
> > I
> >> >> >>>>>>> don't want to know if you have manually performed the
> >> >> >>>>>>> functions
> >> >> >>>>>>> you believe are accomplished by the to-do list items, I
wanna
> >> >> >>>>>>> know if you have completed the to-do list. Main reason being
> >> >> >>>>>>> that someone who had completed the to-do list would not
> > normally
> >> >> >>>>>>> experience the problem you are experiencing.
> >> >> >>>>>>>
> >> >> >>>>>>> Why do you wish to move the 'exchange virtual servers'? what
> >> >> >>>>>>> do
> >> >> >>>>>>> you believe you will accomplish by doing this? As the system
> >> >> >>>>>>> is
> >> >> >>>>>>> SBS no component of the SBS applications can be moved to
> > another
> >> >> >>>>>>> box, but, for example, you could easily set up an SMTP
service
> >> >> >>>>>>> on another box, it would just need to be an SMTP service (or
> >> >> >>>>>>> virtual server) which IS NOT part of SBS Exchange. eg. GFI
ME
> >> >> >>>>>>> can be set up as an SMTP filter on a front end which feeds
SBS
> >> >> >>>>>>> exchange, I'm not suggesting this is recommended let alone
> >> >> >>>>>>> advised but it is a possibility.
> >> >> >>>>>>>
> >> >> >>>>>>> "Jack" <jack2007a@hotmail.com> wrote in message
> >> >> >>>>>>> news:ulJk936nEHA.536@TK2MSFTNGP11.phx.gbl...
> >> >> >>>>>>>> I disabled socketpooling If you read my first article
> >> >> >>>>>>>> properly
> >> >> >>>>>>>> it says that. I have done what i should but sbs2k is
useless.
> >> >> >>>>>>>> I will move the web pages to another server and if i do
that
> >> >> >>>>>>>> is it possible to move the exchange virtual servers to a
> >> >> >>>>>>>> member server on my network?
> >> >> >>>>>>>> cheers
> >> >> >>>>>>>> Jack.
> >> >> >>>>>>>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> >> >> >>>>>>>> news:#20YGAsnEHA.2140@TK2MSFTNGP11.phx.gbl...
> >> >> >>>>>>>>> go through the to-do list. 'Configure IIS' (will disable
> >> >> >>>>>>>>> socket pooling and bind the IIS listeners to the internal
> >> >> >>>>>>>>> only) and 'Connect to the Internet'.
> >> >> >>>>>>>>>
> >> >> >>>>>>>>> --
> >> >> >>>>>>>>> Mick Malloy
> >> >> >>>>>>>>> http://www.micropol.com.au
> >> >> >>>>>>>>>
> >> >> >>>>>>>>> "jack" <jack2007a@hotmail.com> wrote in message
> >> >> >>>>>>>>> news:edIEBwrnEHA.2388@TK2MSFTNGP10.phx.gbl...
> >> >> >>>>>>>>>> There is 2 nics and here is My ipconfig:
> >> >> >>>>>>>>>> Windows 2000 IP Configuration
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Host Name . . . . . . . . . . . . : server
> >> >> >>>>>>>>>> Primary DNS Suffix . . . . . . . : domain name
> >> >> >>>>>>>>>> Node Type . . . . . . . . . . . . : Hybrid
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> IP Routing Enabled. . . . . . . . : Yes
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> WINS Proxy Enabled. . . . . . . . : No
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> DNS Suffix Search List. . . . . . : domain name
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Ethernet adapter local:
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Connection-specific DNS Suffix . :
> >> >> >>>>>>>>>> Description . . . . . . . . . . . : HP NC7760 Gigabit
> >> >> >>>>>>>>>> Server
> >> >> >>>>>>>>>> Adapter Physical Address. . . . . . . . . : mac address
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> DHCP Enabled. . . . . . . . . . . : No
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> IP Address. . . . . . . . . . . . : 10.0.0.2
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Default Gateway . . . . . . . . . :
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> DNS Servers . . . . . . . . . . . : 10.0.0.2
> >> >> >>>>>>>>>> Primary WINS Server . . . . . . . : 10.0.0.2
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Ethernet adapter external:
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Connection-specific DNS Suffix . :
> >> >> >>>>>>>>>> Description . . . . . . . . . . . : HP NC3123 Fast
Ethernet
> >> >> >>>>>>>>>> NIC Physical Address. . . . . . . . . : mac address
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> DHCP Enabled. . . . . . . . . . . : No
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> IP Address. . . . . . . . . . . . : 192.168.4.9
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> Default Gateway . . . . . . . . . : 192.168.4.11
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> DNS Servers . . . . . . . . . . . : 10.0.0.2
> >> >> >>>>>>>>>>
> >> >> >>>>>>>>>> "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message
> >> >> >>>>>>>>>> news:erix$zqnEHA.3876@TK2MSFTNGP15.phx.gbl...
> >> >> >>>>>>>>>>> looks like a single NIC SBS? correct?
> >> >> >>>>>>>>>>>
> >> >> >>>>>>>>>>> please give us the output of 'ipconfig /all >
> >> >> >>>>>>>>>>> c:\ipconfig.txt' from the server.
> >> >> >>>>>>>>>>>
> >> >> >>>>>>>>>>> --
> >> >> >>>>>>>>>>> Mick Malloy
> >> >> >>>>>>>>>>> http://www.micropol.com.au
> >> >> >>>>>>>>>>>
> >> >> >>>>>>>>>>> "Jack" <jack2007a@hotmail.com> wrote in message
> >> >> >>>>>>>>>>> news:OLR6ksqnEHA.1304@TK2MSFTNGP09.phx.gbl...
> >> >> >>>>>>>>>>>> I am new to sbs and i need some help with publishing 0n
> >> >> >>>>>>>>>>>> isa. I keep gettig the error below in the event viewer:
> >> >> >>>>>>>>>>>> Web Proxy service failed to bind its socket to
> >> >> >>>>>>>>>>>> 192.168.4.9
> >> >> >>>> port
> >> >> >>>>>>> 443.
> >> >> >>>>>>>>>> This
> >> >> >>>>>>>>>>>> could be caused by another service that is already
using
> >> >> >>>>>>>>>>>> the
> >> >> >>>>> same
> >> >> >>>>>>>> port
> >> >> >>>>>>>>>> or
> >> >> >>>>>>>>>>>> by
> >> >> >>>>>>>>>>>> a network interface card that is not functional. The
> >> >> >>>>>>>>>>>> error
> >> >> >>>>>>>>>>>> code specified in
> >> >> >>>>>>>>>>>> the Data area of the event properties indicates the
cause
> >> >> >>>>>>>>>>>> of the failure. For more information about this event,
> >> >> >>>>>>>>>>>> see
> >> >> >>>>>>>>>>>> ISA Server Help.
> >> >> >>>>>>>>>>>>
> >> >> >>>>>>>>>>>> I looked on the web for help and did a netstat -an and
> > this
> >> >> >>>> is
> >> >> >>>>>> what
> >> >> >>>>>>> i
> >> >> >>>>>>>>>> get:
> >> >> >>>>>>>>>>>>
> >> >> >>>>>>>>>>>> TCP 192.168.4.9:443 0.0.0.0:0 LISTENING.
> >> >> >>>>>>>>>>>>
> >> >> >>>>>>>>>>>> How do i stop this error. I found an article to disable
> >> >> >>>>>>>>>>>> socketpooling on
> >> >> >>>>>>>>>>>> the
> >> >> >>>>>>>>>>>> sbs if isa and iss are on the same box but it didn't
seem
> >> >> >>>>>>>>>>>> to
> >> >> >>>> do
> >> >> >>>>>> any
> >> >> >>>>>>>>>> good.
> >> >> >>>>>>>>>>>> Any help would be much appreciated.
> >> >> >>>>>>>>>>>> Thanks
> >> >> >>>>>>>>>>>> Jack.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>
- Next message: Jack: "Re: ISA Event"
- Previous message: Ben Tan: "Member server on SBS 2000"
- In reply to: SuperGumby [SBS MVP]: "Re: ISA Event"
- Next in thread: Jack: "Re: ISA Event"
- Reply: Jack: "Re: ISA Event"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
