Monday, 23 February 2009

SBS 2008 SharePoint 987 and ISA 2006 Non-Standard SSL Ports

If there comes a time to work with a Web site that uses a nonstandard SSL port for its setup, then ISA will not allow the Web browser on through to the site.

For those of us running ISA 2006 SP1 to protect our now migrated domains to SBS 2008, or to manage our client’s SBS 2008 domains where the Companyweb SharePoint site now uses port 987 for its SSL connections from within our ISA protected network, there will be a need to allow that port through ISA 2006 SP1.

The same need applies for those that need to connect to remote SBS 2008 Companyweb sites via SBS 2003 SP1 and R2 Premium networks protected by ISA 2004 SP3.

To correct this, a utility is needed to modify the allowed SSL ports list in ISA. We use the ISA Tunnel Port Editor (ISAtrpe) utility that can be had from the ISATools.org site: ISATools.org ISA 2004 downloads. The download is about 2/3 of the way down the list.

09-02-23 SBS 2008 and ISA 2006 - SSL Port configuration

ISA Tunnel Port Editor

In the above screenshot, we are looking at a vanilla ISA 2006 SP1 install on Windows Server 2003 R2 Standard.

So, we would do the following to get things happening:

  1. LowPort: 987
  2. HighPort: 987
  3. TunnelPortName: SBSSharePoint
  4. Click the Add Tunnel Range button.
  5. Wait a minute or two.
  6. An “Added SBSSharePoint successful!” message will appear when done. Click the OK button.
  7. The newly added port should be listed in the ports list as shown below.

Note that if the port addition is done via an RDP session, the RDP session may be broken. It should be reestablished close to the end of the procedure.

09-02-23 SBS 2008 and ISA 2006 - SSL Port configuration with SharePoint

ISA Tunnel Port Editor with Port 987 Added

Once the procedure has completed, close the Tunnel Editor.

Direct access, or access via the Remote Web Workplace, to any remote Companyweb SharePoint site will work after this.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac!

Windows Live Writer

2 comments:

David said...

There seems to be another way to do this. I have Companyweb working to SBS 2008 through ISA 2006 SP1. Following Eriq Neale's April 2009 "Deploying Microsoft Internet Security and Acceleration (ISA) Server 2006 with Windows Small Business Server 2008", I changed the Companyweb Listener to use port 987 on the Connections tab. This document is available at http://www.microsoft.com/downloads/details.aspx?familyid=7F341602-D2D0-45F5-BAD0-BD5AF3ED39FD&displaylang=en

Philip Elder Cluster MVP said...

David,

Thanks for the pointer!

Philip