Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A hotfix is available to let you use a different upstream port for Secure Sockets Layer tunneling in Microsoft Internet Security and Acceleration (ISA) Server 2004


View products that this article applies to.

Introduction

This article describes a hotfix that you can apply to let you use a different upstream port for Secure Sockets Layer (SSL) tunneling in Microsoft Internet Security and Acceleration (ISA) Server 2004.

↑ Back to the top


More information

When this hotfix is not applied, ISA Server determines how to connect to an upstream Web proxy server according to the port that the client computer used to connect to ISA Server. In this scenario, one of the following actions occurs:
  • If the client computer connects to ISA Server on port 8080, ISA Server forwards the request to the upstream Web proxy server on port 8080.
  • If the client computer connects to ISA Server on port 8443, ISA Server forwards the request to the upstream Web proxy server on port 8443. In this instance, ISA Server performs the forwarding operation over SSL.
You can configure the ports on which ISA Server listens for client connections on the Web Proxy tab of the Properties dialog box for the network in ISA Server 2004. Also, you can configure the ports that ISA Server uses to connect to an upstream Web proxy server in the Upstream Server Setting dialog box of the particular Web chaining rule.

Added functionality

This hotfix adds the following functionality to ISA Server 2004.

If a client connects to ISA Server on port 8080 and uses the HTTP CONNECT method to request SSL tunneling, ISA Server forwards the CONNECT request to the upstream Web proxy server on port 8443. In this scenario, ISA Server does not forward the request over SSL.

This functionality may help in a scenario that resembles the following:
  • The upstream Web proxy server applies different policies depending on the port on which it receives the request from the downstream ISA Server computer.
  • You are not able to configure the client computers to use different ports to connect to the downstream ISA Server computer.

Hotfix installation information

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

To enable this functionality, install the hotfix package that is described in the following Microsoft Knowledge Base article:
920716� Description of the ISA Server 2004 hotfix package: June 6, 2006
After you install this hotfix, you must run the following script to enable the functionality that this hotfix provides. This script configures ISA Server to use port 8443 for SSL tunnel requests.

Note You can change the port number from 8443 to any port number. If you set the port number to 0 (zero), ISA Server uses port number 8080 for SSL tunnel requests.
Sub AddRedirectHostConnectPort()

' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")

' Declare the other objects that are required.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object

' Obtain references to the array object
' and to the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets

On Error Resume Next
Set VendorSet = VendorSets.Item( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )

If Err.Number <> 0 Then
Err.Clear

' Add the item.
Set VendorSet = VendorSets.Add( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name

Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value("RedirectHostConnectPort")
End If

if VendorSet.Value("RedirectHostConnectPort") <> 1 Then

Err.Clear
VendorSet.Value("RedirectHostConnectPort") = 8443

If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError

If Err.Number = 0 Then
WScript.Echo "Done, saved!"
End If
End If
Else
WScript.Echo "Done, no change!"
End If

End Sub

Sub CheckError()

If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If

End Sub

AddRedirectHostConnectPort

Hotfix removal information

Before you remove this hotfix, you must run the following script to remove the RedirectHostConnectPort value:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script removes a VendorParametersSet value.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub RemoveRedirectHostConnectPort()

    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets

    On Error Resume Next
    Set VendorSet = VendorSets.Item( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )

    If Err.Number <> 0 Then
        Err.Clear

        WScript.Echo "VendorParametersSet does not exist."

    Else
        Err.Clear
        VendorSet.RemoveValue("RedirectHostConnectPort")

        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError

            If Err.Number = 0 Then
                WScript.Echo "Done removing RedirectHostConnectPort, saved!"
            End If
        End If
    End If

End Sub

Sub CheckError()

    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If

End Sub

RemoveRedirectHostConnectPort

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684� Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top


Keywords: KB919170, kbpubtypekc, kbbug, kbfix, kbqfe

↑ Back to the top

Article Info
Article ID : 919170
Revision : 5
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 350