Port forward HTTPS on 443 to IIS server doesn't work

An IIS web server won't respond to port forwarded requests from the world on 443, but will reply to port forwarded requests on port 80. The IIS web server will answer on 80 and 443 on the LAN. I tried a new router, as well. I have been helping a local non-profit, and they have an IIS (6?) webserver with a secure certificate that stopped responding to https requests that came through their router. So I set up a new router, same problem (the first router had other issues, as well) Port 443 was forwarded in each router to 443 on the IIS box Port 80 works, on both routers The IIS server will deliver a secure page over the LAN, however. It will send it to a machine (my laptop) that isn't part of the local Microsoft domain. If I edit my local hosts file so that the local IP points to the domain name it will serve a page on port 443 with no complaint, or I can run the machine name and it will complain that the certificate doesn't match the name I'm asking for, but it will serve the page. There are no entries in the web server access log of any requests on 443, even when requested locally Running the IIS certificate test app shows no errors If you enable SSL on the machine, then the page delivered at port 80 says it must be accessed securely, so that part works. I have done several iisresets, as well The only thing of interest I found in the event logs was a Userenv warning about unknown computers, but it provided no detail. It may be related to other services this box provides over the LAN I saw a mention of this on google, someone else had the problem, but no answer was provided. I know my way around Unix and Apache, but this IIS stuff is a whole different world (sighs)
Answer:

First thing I'd do in your position is run http://www.wireshark.org/ on the IIS box to make sure the port 443 requests really truly are getting through to it. If they are, the next place I'd be looking is the Windows Firewall configuration in the Control Panel, to make sure that WF isn't dropping port 443 packets. And if that didn't work, I'd start swearing and cursing a lot. That generally helps Microsoft stuff perform at its best, in my experience.

Runcible Spoon at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

That sounds like a firewall on the Windows Server dropping the packets based on their origin. Could be Windows Firewall or TCP/IP filtering (see KB article 816792).

PhillC

Is it possible that your ISP is blocking the port in question?

xedrik

you might want to divide and conquer. Set up your laptop with the same IP and apache configured with a self-signed cert and a page to show you're received it. Connect via another machine. If you don't see the page, either the ISP is blocking 443 upstream or in the gateway router. If you can, it's local to the Windows box. Windows Firewall is the most likely answer, but other things could also interfere. Wireshark or TCPDump will help if you need to get to the low level "did anything get sent?" level.

Mad_Carew

So it *was* working and now it is not? Seems to me like the culprit would be the router more than anything else. If your router offers firewalling (and I assume that it does), turn off the Windows firewall (follow http://technet.microsoft.com/en-us/library/cc778253(WS.10).aspx instructions). This will take any local firewalling out of consideration and you don't need the firewall anyway if you are behind an external firewall. What model router are you using? Some of them have some pretty crappy/crufty/hard to grok interfaces IMO. Are you sure that you are redirecting port 443 to the correct internal IP? Have you tried scanning the external IP with http://nmap.org/? Does the port report as open? If your port is redirecting correctly and the server is up, you should be able to see it using nmap. You can also http://nixcraft.com/getting-started-tutorials/622-windows-how-do-i-tell-if-tcp-network-port-open-not.html (ie the http://nmap.org/dist/nmap-5.51-setup.exe) and check if your port is *really* open.

humpy

You don't actually need nmap to tell whether the port is open from localhost's point of view - the native netstat -ab command window will show you that, and show you whether it is in fact IIS that's listening on that port.

flabdablet

Related Q & A:

How come CD doesn't work in my shell script?Best solution by Super User
Youtube doesn't work on iphone?Best solution by answers.yahoo.com
Google doesn't work (google.com) on any computer?Best solution by Yahoo! Answers
Yahoo Music Doesn't Work?Best solution by Yahoo! Answers
Mail search doesn't work?Best solution by Yahoo! Answers

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.