TMG with UAG drops HTTPS connections
Problem
I am running UAG/TMG on a server running Windows 2008 R2. All the latest pathes at the time of writing is applied.
My web listener accepts traffic on port 80 but not on port 443. Each time I access port 443 I see a corresponding entry in the log – packet dropped by default policy and a wierd error like 0xc004000d. (I did write about this problem in a previous article, that conclution was wrong but helped me at that time.)
Investigating further I see that running “netstat –ano” shows a binding to 0.0.0.0:443 that should not be there. This is the root cause of all my problems.
If you run the command “netsh http show urlacl” you’ll find HTTP bindings that are caused by http.sys. I found SSTPSvc started as part of the UAG install.
How I solved my problem
The easiest way to solve this problem is to bind http.sys to a specific IP address. Just make sure that you add all IP addresses used by UAG.
netsh http add iplisten ipaddress=1.2.3.4
Boot your server and everything should now work.
Labels: ISA
posted by Helge Olav Helgsen @ 12:23
0 comments
links to this post
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home