[THIN] Re: WI 2.0 SCG 2.0 on same box in DMZ

  • From: "Joe Shonk" <joe.shonk@xxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Mon, 9 May 2005 10:45:26 -0700

Well, you don't need 443 on WI.  Remember, CSG will proxy the WI requests
for you.  Having a separate IP (not external) is not required it does give
the organization flexibility when sharing WI for both internal and external
access.

Also, you can share 443 across multiple IP address with CSG v2.  The trick
is you have to disable socket pooling...  I've been "required" to do this
several time and it works like a charm.

Joe

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Andrew Wood
Sent: Monday, May 09, 2005 10:16 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI 2.0 SCG 2.0 on same box in DMZ

That won't work iirc. When I was looking at this,if you have CSG 2 & WI 3 on
the same box; regardless of IP addresses assigned there was a conflict which
will prevent IIS from starting. 

While this worked in older releases, with v2 the csg service prevents the
iis service from operating on 443 full stop; regardless of setting IP
addresses.  

'Unable to bind to the underlying transport for 0.0.0.0:443.' is the comedy
error in the system log. IIS fails to start the web site.

This was with a single NIC - never tried multiple nics.

The only way round was to :-

A) disable the IIS service from accessing SSL  or
B) change the IIS service to use a different port from 443.


-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Joe Shonk
Sent: 08 May 2005 15:15
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI 2.0 SCG 2.0 on same box in DMZ

Well, I suppose you don't need two IP if the ports are different 80 (WI) and
443 (csg), but if you need to expose the WI server (customer requirement,
redirect non http traffic to https) I think it's better to use a separate IP
rather than change port numbers.

Joe

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jeff Pitsch
Sent: Sunday, May 08, 2005 5:45 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: WI 2.0 SCG 2.0 on same box in DMZ

Why even do that?  

Jeff

On 5/7/05, Joe Shonk <joe.shonk@xxxxxxxxx> wrote:
> You don't need to change the port.. Just setup the WI on a separate IP 
> address (does not need to be public).
> 
> Joe
> 
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf
> Of Bruce Bodart
> Sent: Friday, May 06, 2005 12:42 PM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] WI 2.0 SCG 2.0 on same box in DMZ
> 
> I'm trying to setup WI 2.0 and SCG 2.0 on Same box in DMZ
> (hardware/money constrants).   What is the best/easiest way to get
> around the issue of both the SCG and IIS wanting to use 443.
> 
> Besides changing IIS port to 444?  Network admin would prefer not to
> 
> Windows 2003 Box
> have cert. installed on it
> WI and SCG installed on it
> STA setup in secured domain
> Published apps on one XP FR 2 box from farm in secure domain
> 
> Any suggestions would be appreciated.
> 
> Thanks
> 
> --
> Bruce
> ********************************************************
> This Weeks Sponsor: ThinPrint GmbH
> Now available: The new version .print Engine 6.2 with SSL encryption 
> and certificate management.
> http://www.thinprint.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ThinWiki community - Excellent SBC Search Capabilities!
> http://www.thinwiki.com
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode 
> use the below link:
> http://thin.net/citrixlist.cfm
> 
> ********************************************************
> This Weeks Sponsor: ThinPrint GmbH
> Now available: The new version .print Engine 6.2 with SSL encryption 
> and certificate management.
> http://www.thinprint.com
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thin.net/links.cfm
> ThinWiki community - Excellent SBC Search Capabilities!
> http://www.thinwiki.com
> ***********************************************************
> For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode 
> use the below link:
> http://thin.net/citrixlist.cfm
>
********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption and
certificate management.
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption and
certificate management.
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use
the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption 
and certificate management.
http://www.thinprint.com
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This Weeks Sponsor: ThinPrint GmbH
Now available: The new version .print Engine 6.2 with SSL encryption 
and certificate management.
http://www.thinprint.com
********************************************************** 
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
ThinWiki community - Excellent SBC Search Capabilities!
http://www.thinwiki.com
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts: