[isapros] Re: Binding Issue
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Wed, 29 Nov 2006 10:24:13 -0600
Some service or application is binding the external sockets for 80/443
What is binding to "localhost" on those sockets?
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Wednesday, November 29, 2006 8:00 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
You lost me. Where do I go from here? Here being nothing is
shown as listening on port 80 or 443 on the external NIC. Localhost and
Internal NIC yes, but not on the external NIC.
Amy
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Tuesday, November 28, 2006 9:01 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
UbetchaUbet!
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, November 28, 2006 5:59 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Wait a minute. OK, no conflict, but the local service won't work
:)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, November 28, 2006 7:55 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
ACK! You're right :)
Thomas W Shinder, M.D.
Site: www.isaserver.org <http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Tuesday, November 28, 2006 4:31 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
True, but in route relationships, there is no
conflict created (port-stealing, y'see).
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, November 28, 2006 12:23 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Actually, it doesn't have to be NAT based, since
you can have Server Publishing Rules in a Route relationship ;P
Thomas W Shinder, M.D.
Site: www.isaserver.org
<http://www.isaserver.org/>
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
Sent: Tuesday, November 28, 2006 2:18 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Common ISA resource conflict
combinations:
- NAT-based Server publishing
rules & web listeners operating on the same IP/port combination
- Any publishing listener and a
non-ISA application (IIS, for instance) configured for the same IP/port
combination
- Web proxy and auto-discovery
listeners configured for the port
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
Sent: Tuesday, November 28, 2006 10:09
AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Binding Issue
Hi Amy,
I'd check the IIS configuration first
and check the bindings for the sites for 80 and 443.
I assume that they should only be bound
to the Internal interface, is that right? Otherwise, you can't have any
Web listeners if you only have a single IP address.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
<http://www.isaserver.org/>
Blog:
http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
________________________________
From: isapros-bounce@xxxxxxxxxxxxx
[mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak
Sent: Tuesday, November 28, 2006 11:58
AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Binding Issue
I've just had an SBS ISA install freak
out. It's unable to bind 80 and 443 to the external NIC. Now, they've
got a vendor in there for a LOB app and he's been known to "do stuff"
like delete the sbsflt asapi filter because he didn't need it. It was he
that called and said "none of the website are working over there".
Great, that the same message he left me last time when he deleted files
on me. Sorry, ranting...
The point is that I'm getting a binding
error on the external NIC. Internally websites are working for the most
part. The sharepoint site is not working this may be related but
generates a simple site not ready try again later error message. All
other sites are working if you access them from the inside. OWA and RWW
can't be accessed from the outside. I've not had to troubleshoot binding
problems before. How should I go about this? Here's what I've got for
log and events as a starting point.
ISA log, when I attempt to view a
website from outside the network.
Original Client IP Client
Agent Authenticated Client Service Server Name Referring
Server Destination Host Name Transport
MIME Type Object Source Source Proxy Destination Proxy
Bidirectional Client Host Name Filter
Information Network Interface Raw IP Header Raw
Payload Source Port Processing Time
Bytes Sent Bytes Received Result Code Cache Information
Log Record Type Destination IP Destination Port
Protocol Action Rule Client IP
Destination Network Client Username Source
Network HTTP Status Code Error Information
HTTP Method URL Log Time
68.41.152.252
SBS2003 - TCP -
No -
4274 0 0 0 0xc004000d
FWX_E_POLICY_RULES_DENIED 0x0 Firewall
70.90.38.29 80 HTTP Denied Connection
Default rule 68.41.152.252 Local Host
External 0x0 - -
11/28/2006 12:40:41 PM
Alerts
Alert Information
Description: The Web Proxy filter failed
to bind its socket to 70.90.38.29 port 80. This may have been caused by
another service that is already using the same port or by a network
adapter that is not functional. To resolve this issue, restart the
Microsoft Firewall service. The error code specified in the data area of
the event properties indicates the cause of the failure.
The failure is due to error: 0x8007271d
<br>The Web Proxy filter failed to bind
its socket to 70.90.38.29 port 443. This may have been caused by another
service that is already using the same port or by a network adapter that
is not functional. To resolve this issue, restart the Microsoft Firewall
service. The error code specified in the data area of the event
properties indicates the cause of the failure.
The failure is due to error: 0x8007271d
Event Viewer
14148
Source: Microsoft ISA Server Web Proxy
Amy Babinchak
All mail to and from this domain is
GFI-scanned.
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
Other related posts:
