Wednesday, October 17, 2012 8:09 AM
I need some help publishing a Website through our pair of UAG's. First of all I'm no UAG expert hence why I'm here asking questions.
I already have a trunk which has several websites published through it, one of the websites has a custom file which points to two IIS internal web servers which is all working just fine. The website that is hosted on these servers is been moved to two new IIS web servers and the website's has an upgraded version. When the website owner wanted to move this website to the new IIS web servers and a newer version of the site I simply changed all the settings that point to the current two web servers to the two new web servers, problem is that the UAG's do not like the new version of this website and certain parts of the website do not work, this is a separate problem that I've opened a case for and Microsoft are looking into it.
While Microsoft is looking into this problem I need to setup a test website on the UAG's that points to the new web servers with the new version of the website so that I can carry out testing. I've created a new trunk and copied all the settings from the working trunk, the differences in the new trunk is that I've changed the "Web Servers" settings to point to the two new web servers and I've edited the custom file under \von\conf\Websites\TrunkName\Conf\CustomUpdate\***_HTTP.xml and changed the web server settings in there to the new servers. From the outside world when I try and access this newly created website I get "page cannot be displayed" in IE, on the UAG servers when I go to the website the first thing I see is "There is a problem with this website's security certificate"?????? When I click "Continue" I get a "Server Error in Application "DEFAULT WEB SITE" HTTP Error 403.14 - Forbidden.
With the very limited UAG experience I have the only conclusion I can come to is that this new trunk is somehow pointing to the Default Website in IIS, problem is I have no idea where to begin.
The newly created trunk has the exact same settings as the working trunk except all the obvious things, Public host name, application name, array member IP, web servers etc. Where am I going wrong?
I've come across this link http://boardreader.com/thread/UAG_Update_2_HTTP_403_14_error_when_try_2fb93__f49fa59b-6f97-4452-b200-bd0637e61989.html which is very similar to the problem I'm experiencing, restarting IIS and or the UAG's makes no difference.
- Edited by MarkieSA Wednesday, October 17, 2012 8:11 AM added info
Friday, October 19, 2012 7:19 PM
So if I understand correctly, you are adding a brand new trunk to the existing UAG server, correct? Just to make sure, you are running this new trunk on its own new IP address, with its own new public DNS name, correct? And you have a certificate configured on the trunk that reflects the new DNS name?
I would remove the customizations you put into von and focus first on getting the portal to display properly, checking the items I mentioned above. Once you have the portal responding correctly and are able to log into it, then add in applications and customizations as needed.
Friday, October 19, 2012 7:42 PM
First of all, thank you for taking the time to read my post. This is all very good advice, I agree that I need to forget about the customisations in the VON folder and focus on getting the portal to display properly.
So to answer your questions, yes it has it's own IP address with it's own new public DNS name, NO I have not configured the certificate for that trunk. Would you be so kind as to direct me to where I need to do this? I've not Setup certificates in UAG before.
Thanks in advance.
Friday, October 19, 2012 7:49 PM
I may be making an incorrect assumption here. Are you using an HTTP or an HTTPS trunk? I hardly ever see HTTP trunks in production because, well, the traffic isn't encrypted. :)
If you are publishing an HTTP trunk then you certainly shouldn't be getting any kind of certificate warning, as certs shouldn't even be called. If you are wanting to publish your portal as HTTPS so that your traffic is not going clear-text over the internet, then you'll need to acquire an SSL certificate and put it onto your UAG server, into IIS just like any other SSL cert on any other web server, and then you choose to use the cert from the trunk configuration page.
Friday, October 19, 2012 7:56 PM
I'm publishing it through an HTTP trunk, but the website externally has to be accessed via HTTPS, please don't ask me how this works as I inherited this setup which was setup my someone else so I'm still trying to get my head around how it's all been done.
If I from the UAG box try to browse directly to the working published webiste it works just fine, if I try to browse directly to the newly created trunk I first see a certificate warning then after I click continue I get a 403.14 error on the DEFAULT WEBSITE which doesn't make sense at all.
I've double checked IP's and the local hosts file just in case something was lurking in there which it isn't. If I ping the external URL from the UAG I get the public IP address so this is good.
Friday, October 19, 2012 8:24 PM
So you are using an HTTP portal in UAG, but the webserver itself on the internal network is requiring HTTPS? This is backwards of the normal approach, typically we issue an HTTPS portal in UAG so that anyone (good or bad) trying to hit that page from the internet has to authenticate through the UAG portal first, before they are sent into the internal network at all. Then UAG behaves as the middle-man for this traffic, and so in most cases the internal application server can be running simple HTTP because UAG is authenticating and encrypting everything on the outside part of the connection.
I'm trying to come up with a valid use-case for the way you are doing it and am not coming up with anything off the top of my head. I think you may want to re-evaluate the way you are handling this, because there are much more secure ways of doing it (what I specified above). Unless I'm still just not understanding the purpose of what you are trying to do here, which is possible :)