ISA server 2004 blocking port 8080

Discussion in 'Windows Small Business Server' started by Oswaldo, Aug 11, 2005.

  1. Oswaldo

    Oswaldo Guest

    Hi,
    I had Xerox Docushare running on my SBS 2003 Premium edition. Docushare uses
    tomcat on port 8080 and a bridge to run with IIS. With ISA server 2000
    everything was working fine but after I install service pack 1 with ISA
    server 2004 I cannot access my Companyweb site or my Intranet or any of the
    websites that I have published I just can see a "Service Unavailable" page
    but I have access to the internet. I tried to use only tomcat for docushare
    and the program works and I can access the Intrane but I cannot access
    Internet I get a apache tomcat error. I know that the Webproxy on ISA uses
    port 8080 but since ISA 2000 it was using port 8080 so I don't think that is
    the problem, so what can be the error?
    Could be a Caching problem?
    Any help is really welcome
     
    Oswaldo, Aug 11, 2005
    #1
    1. Advertisements

  2. Oswaldo

    Edward Tian Guest

    Dear Oswaldo:
    Thank you for posting here.

    From your description, after you upgraded ISA2k to ISA2k4, companyweb and
    all the other websites no longer work. You received an error message
    "Service Unavailable" page when you try to browse the website. If I am off
    base, please feel free to let me know.

    Based on my experience, this issue can occur if the URL you use in the Web
    browser to access companyweb, RWW and other web sites that does not match
    the name in ISA server 2004 web publishing rules. To resolve this issue, we
    must run CEICW and specify the FQDN that you will use to access the sites
    as the web server certificate. To do so:

    1. On the SBS 2003 Server open the Server Management console. Go to
    Standard Management\To Do List.

    2. Click the "Connect to the Internet" link.

    3. Choose not to change the connection type and click Next. On the Firewall
    page, select "Enable firewall" and click Next (I suppose you have 2 network
    adapters in SBS 2003).

    4. On the "Services Configuration" page, select all the items and then
    click Next.

    5. On the "Web Services Configuration" page, make sure "Allow access to the
    entire Web site from the Internet" is selected. If you select "Allow access
    to only the following Web site services from the Internet", make sure the
    corresponding web site items are selected. Click Next.

    6. On the "Web Server Certificate" page, choose to create a new Web server
    certificate and then type the public FQDN that you will use to access the
    websites (for example, if your public FQDN that you use to access the sites
    is www.domain.com, you should type www.domain.com as the new certificate
    name). If you already requested a certificate with the name
    "www.domain.com" from a third party CA, you can choose "Use a Web server
    certificate from a trusted authority" and then import the certificate.

    7. Go through the remaining steps. The wizard will automatically configure
    the SBS 2003 Basic Firewall to securely publish the websites.

    8. If you have a router or hardware firewall, configure it to forward
    inbound traffic on TCP port 80, 443 and 444 to the SBS server's external
    address.

    9. Then check if you can access the companyweb and other websites.

    *Note*: After upgrading your SBS server, we should re-run CEICW wizard. It
    will automatically create the ISA rules for internet access and site
    publishing. It's strongly recommended to use the wizard to configure the
    SBS server. You can refer to this knowledge base article for detailed
    instruction:

    825763 How to configure Internet access in Windows Small Business Server
    2003
    http://support.microsoft.com/?id=825763

    If the problem persists, please do me a favor to gather the following
    information for further analysis:

    1. What's the error information in the event log? Please send the
    corresponding event log to my mailbox.

    2. Can you access the companyweb from an internal client?

    3. ISA Info:

    1) Download the file from the following URL:

    http://www.isatools.org/isainfo/ISAInfo.zip

    2) Extract all files to a folder on ISA server.
    3) Double click Isainfo.js. This will generate 2 files
    ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
    current folder.
    4) Please send these files to me.

    4. We may also gather the ISA logs:

    1) Schedule a down time.

    2) Open ISA 2004 management console.

    3) Expand the server node and highlight 'Monitoring'.

    4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
    Pane' is showed there.

    5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
    Tasks', and then switch the 'log storage format' from 'MSDE database'
    (default) to 'File'.

    6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

    7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
    Tasks', and then switch the 'log storage format' from 'MSDE database'
    (default) to 'File'.

    8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

    9) Click 'Apply' to save changes and update the configuration.

    10) Temporarily disable the Firewall service. To do that, please click
    Monitoring | Services tab, and then right click 'Microsoft Firewall' to
    choose 'Stop'.

    11) Clear the current existing W3C logs. To do that, go to the log saving
    directory and clean any existing .W3C logs. By default, the logs will be
    saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
    be able to deleted, that's normal.) You may backup them first and then
    delete them.

    12) Go back to the ISA 2004 management console, and then Start the stopped
    'Microsoft Firewall' service.

    13) Reproduce the problem, stop the service, and then gather the resulting
    W3C files to me for analysis.

    14) Please also let me know the IP address of the testing client/server so
    that I can filter the data.

    5. CEICW log
    1) Go to C:\Program Files\Microsoft Windows Small Business Server\Support\
    folder.

    2) Rename icwlog.txt to icwlog.old.

    3) Re-run CEICW and choose "Enable Firewall".

    4) Finish CEICW.

    5) Send C:\Program Files\Microsoft Windows Small Business
    Server\Support\icwlog.txt to my mailbox for research.

    You can send these files directly to my mailbox:

    In this thread, I recommend that we focus on the companyweb issue.
    Regarding the tomcat issue, we can make an investigation after the first
    issue is resolved or initiate a new thread. Do you agree?

    Hope it helps. I appreciate you taking time to perform the test. I look
    forward to hearing from you. If you have anything unclear, please feel free
    to let me know, I am glad to be of assistance.

    Have a nice day, Oswaldo! :)

    Best Regards
    Edward Tian(MSFT)
    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | Thread-Topic: ISA server 2004 blocking port 8080
    | thread-index: AcWemQ215PkOdri/TCOcchp7bJgVCg==
    | X-WBNR-Posting-Host: 208.33.47.68
    | From: "=?Utf-8?B?T3N3YWxkbw==?=" <>
    | Subject: ISA server 2004 blocking port 8080
    | Date: Thu, 11 Aug 2005 10:21:04 -0700
    | Lines: 15
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.sbs
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:143435
    | X-Tomcat-NG: microsoft.public.windows.server.sbs
    |
    | Hi,
    | I had Xerox Docushare running on my SBS 2003 Premium edition. Docushare
    uses
    | tomcat on port 8080 and a bridge to run with IIS. With ISA server 2000
    | everything was working fine but after I install service pack 1 with ISA
    | server 2004 I cannot access my Companyweb site or my Intranet or any of
    the
    | websites that I have published I just can see a "Service Unavailable"
    page
    | but I have access to the internet. I tried to use only tomcat for
    docushare
    | and the program works and I can access the Intrane but I cannot access
    | Internet I get a apache tomcat error. I know that the Webproxy on ISA
    uses
    | port 8080 but since ISA 2000 it was using port 8080 so I don't think that
    is
    | the problem, so what can be the error?
    | Could be a Caching problem?
    | Any help is really welcome
    | --
    | Oswaldo Cortes
    |
     
    Edward Tian, Aug 15, 2005
    #2
    1. Advertisements

  3. Oswaldo

    Oswaldo Guest

    Hi Edward,
    Thanks for your help. I solved the problem with Docushare and my websites.
    After the upgrade to ISA server 2004 the websites were not working when
    docushare was installed. So I uninstalled Docushre and they were working but
    I couldn't have Docushare and my websites running. I called Xerox and they
    help me to change the port that Docushare uses to 8088 and that solved the
    problem. Now with ISA server 2004 the web proxy is using the port 8080 a lot
    and Docushare was unable to use it.
    I don't know what was the change that they put on 2004 because with ISA
    server 2000 everything was working fine.
    Anyway it is working now.
    Again thank you very much for your time and consideration.
    Regards,
     
    Oswaldo, Aug 15, 2005
    #3
  4. Oswaldo

    Edward Tian Guest

    Dear Oswaldo:
    Thank you for your update!

    Sorry, I didn't assist in resolving the issue but I am glad to hear that
    the problem has been resolved. It is my pleasure to work with you in this
    post. If you encounter any difficulties in the future, please submit the
    post to the newsgroup. We are glad to be of the assistance.

    Again, thank you for using Microsoft newsgroup. Have a nice day. :)

    Best Regards
    Edward Tian(MSFT)
    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | Thread-Topic: ISA server 2004 blocking port 8080
    | thread-index: AcWhvUu9p+RAA5dhR4KDjRboEOk/EA==
    | X-WBNR-Posting-Host: 208.33.47.68
    | From: "=?Utf-8?B?T3N3YWxkbw==?=" <>
    | References: <>
    <>
    | Subject: RE: ISA server 2004 blocking port 8080
    | Date: Mon, 15 Aug 2005 10:18:04 -0700
    | Lines: 245
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | Newsgroups: microsoft.public.windows.server.sbs
    | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144514
    | X-Tomcat-NG: microsoft.public.windows.server.sbs
    |
    | Hi Edward,
    | Thanks for your help. I solved the problem with Docushare and my
    websites.
    | After the upgrade to ISA server 2004 the websites were not working when
    | docushare was installed. So I uninstalled Docushre and they were working
    but
    | I couldn't have Docushare and my websites running. I called Xerox and
    they
    | help me to change the port that Docushare uses to 8088 and that solved
    the
    | problem. Now with ISA server 2004 the web proxy is using the port 8080 a
    lot
    | and Docushare was unable to use it.
    | I don't know what was the change that they put on 2004 because with ISA
    | server 2000 everything was working fine.
    | Anyway it is working now.
    | Again thank you very much for your time and consideration.
    | Regards,
    |
    | --
    | Oswaldo Cortes
    |
    |
    | "Edward Tian" wrote:
    |
    | > Dear Oswaldo:
    | > Thank you for posting here.
    | >
    | > From your description, after you upgraded ISA2k to ISA2k4, companyweb
    and
    | > all the other websites no longer work. You received an error message
    | > "Service Unavailable" page when you try to browse the website. If I am
    off
    | > base, please feel free to let me know.
    | >
    | > Based on my experience, this issue can occur if the URL you use in the
    Web
    | > browser to access companyweb, RWW and other web sites that does not
    match
    | > the name in ISA server 2004 web publishing rules. To resolve this
    issue, we
    | > must run CEICW and specify the FQDN that you will use to access the
    sites
    | > as the web server certificate. To do so:
    | >
    | > 1. On the SBS 2003 Server open the Server Management console. Go to
    | > Standard Management\To Do List.
    | >
    | > 2. Click the "Connect to the Internet" link.
    | >
    | > 3. Choose not to change the connection type and click Next. On the
    Firewall
    | > page, select "Enable firewall" and click Next (I suppose you have 2
    network
    | > adapters in SBS 2003).
    | >
    | > 4. On the "Services Configuration" page, select all the items and then
    | > click Next.
    | >
    | > 5. On the "Web Services Configuration" page, make sure "Allow access to
    the
    | > entire Web site from the Internet" is selected. If you select "Allow
    access
    | > to only the following Web site services from the Internet", make sure
    the
    | > corresponding web site items are selected. Click Next.
    | >
    | > 6. On the "Web Server Certificate" page, choose to create a new Web
    server
    | > certificate and then type the public FQDN that you will use to access
    the
    | > websites (for example, if your public FQDN that you use to access the
    sites
    | > is www.domain.com, you should type www.domain.com as the new
    certificate
    | > name). If you already requested a certificate with the name
    | > "www.domain.com" from a third party CA, you can choose "Use a Web
    server
    | > certificate from a trusted authority" and then import the certificate.
    | >
    | > 7. Go through the remaining steps. The wizard will automatically
    configure
    | > the SBS 2003 Basic Firewall to securely publish the websites.
    | >
    | > 8. If you have a router or hardware firewall, configure it to forward
    | > inbound traffic on TCP port 80, 443 and 444 to the SBS server's
    external
    | > address.
    | >
    | > 9. Then check if you can access the companyweb and other websites.
    | >
    | > *Note*: After upgrading your SBS server, we should re-run CEICW wizard.
    It
    | > will automatically create the ISA rules for internet access and site
    | > publishing. It's strongly recommended to use the wizard to configure
    the
    | > SBS server. You can refer to this knowledge base article for detailed
    | > instruction:
    | >
    | > 825763 How to configure Internet access in Windows Small Business
    Server
    | > 2003
    | > http://support.microsoft.com/?id=825763
    | >
    | > If the problem persists, please do me a favor to gather the following
    | > information for further analysis:
    | >
    | > 1. What's the error information in the event log? Please send the
    | > corresponding event log to my mailbox.
    | >
    | > 2. Can you access the companyweb from an internal client?
    | >
    | > 3. ISA Info:
    | >
    | > 1) Download the file from the following URL:
    | >
    | > http://www.isatools.org/isainfo/ISAInfo.zip
    | >
    | > 2) Extract all files to a folder on ISA server.
    | > 3) Double click Isainfo.js. This will generate 2 files
    | > ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in
    the
    | > current folder.
    | > 4) Please send these files to me.
    | >
    | > 4. We may also gather the ISA logs:
    | >
    | > 1) Schedule a down time.
    | >
    | > 2) Open ISA 2004 management console.
    | >
    | > 3) Expand the server node and highlight 'Monitoring'.
    | >
    | > 4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
    | > Pane' is showed there.
    | >
    | > 5) In the 'Task Pane', click 'Configure Firewall Logging' under
    'Logging
    | > Tasks', and then switch the 'log storage format' from 'MSDE database'
    | > (default) to 'File'.
    | >
    | > 6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
    | >
    | > 7) In the 'Task Pane', click 'Configure Web Proxy Logging' under
    'Logging
    | > Tasks', and then switch the 'log storage format' from 'MSDE database'
    | > (default) to 'File'.
    | >
    | > 8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
    | >
    | > 9) Click 'Apply' to save changes and update the configuration.
    | >
    | > 10) Temporarily disable the Firewall service. To do that, please click
    | > Monitoring | Services tab, and then right click 'Microsoft Firewall' to
    | > choose 'Stop'.
    | >
    | > 11) Clear the current existing W3C logs. To do that, go to the log
    saving
    | > directory and clean any existing .W3C logs. By default, the logs will
    be
    | > saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may
    not
    | > be able to deleted, that's normal.) You may backup them first and
    then
    | > delete them.
    | >
    | > 12) Go back to the ISA 2004 management console, and then Start the
    stopped
    | > 'Microsoft Firewall' service.
    | >
    | > 13) Reproduce the problem, stop the service, and then gather the
    resulting
    | > W3C files to me for analysis.
    | >
    | > 14) Please also let me know the IP address of the testing client/server
    so
    | > that I can filter the data.
    | >
    | > 5. CEICW log
    | > 1) Go to C:\Program Files\Microsoft Windows Small Business
    Server\Support\
    | > folder.
    | >
    | > 2) Rename icwlog.txt to icwlog.old.
    | >
    | > 3) Re-run CEICW and choose "Enable Firewall".
    | >
    | > 4) Finish CEICW.
    | >
    | > 5) Send C:\Program Files\Microsoft Windows Small Business
    | > Server\Support\icwlog.txt to my mailbox for research.
    | >
    | > You can send these files directly to my mailbox:
    | >
    | > In this thread, I recommend that we focus on the companyweb issue.
    | > Regarding the tomcat issue, we can make an investigation after the
    first
    | > issue is resolved or initiate a new thread. Do you agree?
    | >
    | > Hope it helps. I appreciate you taking time to perform the test. I look
    | > forward to hearing from you. If you have anything unclear, please feel
    free
    | > to let me know, I am glad to be of assistance.
    | >
    | > Have a nice day, Oswaldo! :)
    | >
    | > Best Regards
    | > Edward Tian(MSFT)
    | > Microsoft CSS Online Newsgroup Support
    | >
    | > Get Secure! - www.microsoft.com/security
    | > ======================================================
    | > This newsgroup only focuses on SBS technical issues. If you have issues
    | > regarding other Microsoft products, you'd better post in the
    corresponding
    | > newsgroups so that they can be resolved in an efficient and timely
    manner.
    | > You can locate the newsgroup here:
    | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
    | >
    | > When opening a new thread via the web interface, we recommend you check
    the
    | > "Notify me of replies" box to receive e-mail notifications when there
    are
    | > any updates in your thread. When responding to posts via your
    newsreader,
    | > please "Reply to Group" so that others may learn and benefit from your
    | > issue.
    | >
    | > Microsoft engineers can only focus on one issue per thread. Although we
    | > provide other information for your reference, we recommend you post
    | > different incidents in different threads to keep the thread clean. In
    doing
    | > so, it will ensure your issues are resolved in a timely manner.
    | >
    | > For urgent issues, you may want to contact Microsoft CSS directly.
    Please
    | > check http://support.microsoft.com for regional support phone numbers.
    | >
    | > Any input or comments in this thread are highly appreciated.
    | > ======================================================
    | > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    | >
    | > --------------------
    | > | Thread-Topic: ISA server 2004 blocking port 8080
    | > | thread-index: AcWemQ215PkOdri/TCOcchp7bJgVCg==
    | > | X-WBNR-Posting-Host: 208.33.47.68
    | > | From: "=?Utf-8?B?T3N3YWxkbw==?=" <>
    | > | Subject: ISA server 2004 blocking port 8080
    | > | Date: Thu, 11 Aug 2005 10:21:04 -0700
    | > | Lines: 15
    | > | Message-ID: <>
    | > | MIME-Version: 1.0
    | > | Content-Type: text/plain;
    | > | charset="Utf-8"
    | > | Content-Transfer-Encoding: 7bit
    | > | X-Newsreader: Microsoft CDO for Windows 2000
    | > | Content-Class: urn:content-classes:message
    | > | Importance: normal
    | > | Priority: normal
    | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    | > | Newsgroups: microsoft.public.windows.server.sbs
    | > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
    | > | Path:
    TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
    | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:143435
    | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
    | > |
    | > | Hi,
    | > | I had Xerox Docushare running on my SBS 2003 Premium edition.
    Docushare
    | > uses
    | > | tomcat on port 8080 and a bridge to run with IIS. With ISA server
    2000
    | > | everything was working fine but after I install service pack 1 with
    ISA
    | > | server 2004 I cannot access my Companyweb site or my Intranet or any
    of
    | > the
    | > | websites that I have published I just can see a "Service Unavailable"
    | > page
    | > | but I have access to the internet. I tried to use only tomcat for
    | > docushare
    | > | and the program works and I can access the Intrane but I cannot
    access
    | > | Internet I get a apache tomcat error. I know that the Webproxy on ISA
    | > uses
    | > | port 8080 but since ISA 2000 it was using port 8080 so I don't think
    that
    | > is
    | > | the problem, so what can be the error?
    | > | Could be a Caching problem?
    | > | Any help is really welcome
    | > | --
    | > | Oswaldo Cortes
    | > |
    | >
    | >
    |
     
    Edward Tian, Aug 16, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.