During a new implementation of a reverse proxy solution for Exchange Server 2010 OWA based on a Threat Management Gateway 2010 server. I encountered an issue where I couldn't bind port 80 for redirection to port 443. The server where i tried to install and configure TMG on was a Windows Server 2008 R2 SP1 machine.
The following post will guide you thought the issues i had and give you a solution to this problem.
During the installation of Service Pack 1 for Windows Server 2008 R2, the installation automatically installs the .NET Framework 3.5.1. feature. A side effect of installing this feature is that the "Web Server (IIS) role is dependent so this role will automatically install this role.
IIS shouldn't however be installed at all on a TMG machine. This will result in the binding of port 80 on the default network interface.
Before I figured it out, I received the following event in the event log.
After performing a netstat I could see that port 80 was already in use:
After the removal of the Web Server (IIS) Role and .NET dependencies and performing the netstat again, I received the following information:
So this looks OK. After configuring the Web Listener and Publishing rules voor Exchange 2010 OWA en ActiveSync i performed the netstat command again and received the following information:
As you can see port 80 is now binded to both interfaces as it should be. After this I tested the redirection and it worked like a charm.
Good luck in solving this issue if you ever encounter it.
The following post will guide you thought the issues i had and give you a solution to this problem.
During the installation of Service Pack 1 for Windows Server 2008 R2, the installation automatically installs the .NET Framework 3.5.1. feature. A side effect of installing this feature is that the "Web Server (IIS) role is dependent so this role will automatically install this role.
IIS shouldn't however be installed at all on a TMG machine. This will result in the binding of port 80 on the default network interface.
Before I figured it out, I received the following event in the event log.
| Log Name: Application Source: Microsoft Forefront TMG Web Proxy Date: 12-7-2012 14:59:13 Event ID: 14148 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: --- Description: The Web Proxy filter failed to bind its socket to 0.0.0.0 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure. |
After performing a netstat I could see that port 80 was already in use:
| C:\Windows\system32>netstat -a | findstr "80" TCP 0.0.0.0:80 WE-UTR01-TMG01:0 LISTENING TCP 10.31.1.98:8080 WE-UTR01-TMG01:0 LISTENING TCP 127.0.0.1:8008 WE-UTR01-TMG01:0 LISTENING TCP 127.0.0.1:8080 WE-UTR01-TMG01:0 LISTENING TCP [::]:80 WE-UTR01-TMG01:0 LISTENING |
After the removal of the Web Server (IIS) Role and .NET dependencies and performing the netstat again, I received the following information:
| C:\Windows\system32>netstat -a | findstr "80" TCP 10.31.1.98:8080 WE-UTR01-TMG01:0 LISTENING TCP 127.0.0.1:8008 WE-UTR01-TMG01:0 LISTENING TCP 127.0.0.1:8080 WE-UTR01-TMG01:0 LISTENING |
So this looks OK. After configuring the Web Listener and Publishing rules voor Exchange 2010 OWA en ActiveSync i performed the netstat command again and received the following information:
| C:\Windows\system32>netstat -a | findstr "80" TCP 10.31.1.98:80 WE-UTR01-TMG01:0 LISTENING TCP 10.31.1.98:8080 WE-UTR01-TMG01:0 LISTENING TCP 8.8.8.8:80 WE-UTR01-TMG01:0 LISTENING TCP 8.8.8.8:80 194:20682 ESTABLISHED TCP 127.0.0.1:8008 WE-UTR01-TMG01:0 LISTENING TCP 127.0.0.1:8080 WE-UTR01-TMG01:0 LISTENING TCP 127.0.0.1:8080 WE-UTR01-TMG01:10168 TIME_WAIT |
As you can see port 80 is now binded to both interfaces as it should be. After this I tested the redirection and it worked like a charm.
Good luck in solving this issue if you ever encounter it.