none
windows 2012 direct access iphttps site

    Question

  • I've setup direct access on windows 2012, single NIC behind NAT device topology.

    We have a thirdparty ssl cert, which has been used during the setup wizard. internal pki for computer

    and server authentication certs, plus a external dns name for the internal server port 80 and 443 forwarded through our firewall.

    When I browse to the site via domain name either internally or externally I get the IIS 8 landing page. When I try and enter

    https://fqdn:443/IPHTTPS either internally from the server itself, LAN computer, or externally via a client computer I get nothing

    no response. If I use the internal ip from the server itself or from a LAN computer I get a certificate error, and then an error 404 page not found. the cRL for the third party ssl cert if accessible, and my understanding is there's no specific changes you need to make to bindings in IIS on the direct access server. Any ideas of what results I should be seeing. 

    Tuesday, July 16, 2013 2:16 PM

All replies

  • You won´t get any response when browsing https://fqdn:443/IPHTTPS with a web browser. This is the correct behaviour.

    I would recommend that you close Port 80 from external since it is not needed.

    Thursday, July 18, 2013 7:35 AM
  • You are correct that you do not need to modify bindings inside IIS manually, but it does sound like something did not configure correctly in IIS (this is supposed to be configured automatically by the DirectAccess wizard). I do not believe that you should be able to query the IIS splash screen. On most DA2012 servers, when you try to hit https://fqdn you get a 404 error. This is correct behavior.

    Querying https://fqdn:443/IPHTTPS results in the browser just spinning and spinning, which is unfortunate because it used to be a nice way to make sure your site was working properly, but if you try to hit just https://fqdn you should see the 404.

    Thursday, July 18, 2013 12:53 PM
  • Hello,

    In order to test the IPHTTPS from the outside network the only way you got is this command line:

    telnet <fqdn> 443 or netsh interface httpstunnel show interfaces

    Regards.


    Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) : http://security.sakuranohana.fr/

    Friday, July 26, 2013 8:49 AM