[isapros] Re: Binding Issue
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 28 Nov 2006 19:55:12 -0600
ACK! You're right :)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Tuesday, November 28, 2006 4:31 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
True, but in route relationships, there is no conflict created
(port-stealing, y'see).
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, November 28, 2006 12:23 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Actually, it doesn't have to be NAT based, since you can have
Server Publishing Rules in a Route relationship ;P
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Tuesday, November 28, 2006 2:18 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Common ISA resource conflict combinations:
- NAT-based Server publishing rules & web
listeners operating on the same IP/port combination
- Any publishing listener and a non-ISA
application (IIS, for instance) configured for the same IP/port
combination
- Web proxy and auto-discovery listeners
configured for the port
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, November 28, 2006 10:09 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Hi Amy,
I'd check the IIS configuration first and check the
bindings for the sites for 80 and 443.
I assume that they should only be bound to the Internal
interface, is that right? Otherwise, you can't have any Web listeners if
you only have a single IP address.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Tuesday, November 28, 2006 11:58 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Binding Issue
I've just had an SBS ISA install freak out. It's
unable to bind 80 and 443 to the external NIC. Now, they've got a vendor
in there for a LOB app and he's been known to "do stuff" like delete the
sbsflt asapi filter because he didn't need it. It was he that called and
said "none of the website are working over there". Great, that the same
message he left me last time when he deleted files on me. Sorry,
ranting...
The point is that I'm getting a binding error on
the external NIC. Internally websites are working for the most part. The
sharepoint site is not working this may be related but generates a
simple site not ready try again later error message. All other sites are
working if you access them from the inside. OWA and RWW can't be
accessed from the outside. I've not had to troubleshoot binding problems
before. How should I go about this? Here's what I've got for log and
events as a starting point.
ISA log, when I attempt to view a website from
outside the network.
Original Client IP Client Agent
Authenticated Client Service Server Name Referring Server
Destination Host Name Transport MIME Type
Object Source Source Proxy Destination Proxy
Bidirectional Client Host Name Filter
Information Network Interface Raw IP Header Raw
Payload Source Port Processing Time
Bytes Sent Bytes Received Result Code Cache Information
Log Record Type Destination IP Destination Port
Protocol Action Rule Client IP
Destination Network Client Username Source
Network HTTP Status Code Error Information
HTTP Method URL Log Time
68.41.152.252
SBS2003 - TCP -
No -
4274 0 0 0 0xc004000d
FWX_E_POLICY_RULES_DENIED 0x0 Firewall
70.90.38.29 80 HTTP Denied Connection
Default rule 68.41.152.252 Local Host
External 0x0 - -
11/28/2006 12:40:41 PM
Alerts
Alert Information
Description: The Web Proxy filter failed to bind
its socket to 70.90.38.29 port 80. This may have been caused by another
service that is already using the same port or by a network adapter that
is not functional. To resolve this issue, restart the Microsoft Firewall
service. The error code specified in the data area of the event
properties indicates the cause of the failure.
The failure is due to error: 0x8007271d
<br>The Web Proxy filter failed to bind its
socket to 70.90.38.29 port 443. This may have been caused by another
service that is already using the same port or by a network adapter that
is not functional. To resolve this issue, restart the Microsoft Firewall
service. The error code specified in the data area of the event
properties indicates the cause of the failure.
The failure is due to error: 0x8007271d
Event Viewer
14148
Source: Microsoft ISA Server Web Proxy
Amy Babinchak
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
Other related posts:
