locked
Change port 443 to 444, result is no css, images... RRS feed

  • Question

  • Hi all !

    I just deployed AD FS3.0 on a windows server 2016 and as my public ip is alreday used for 443 exchange services, i had to do NAT to use 444 port for AD FS.

    I didt that by following this article : https://www.inogic.com/blog/2014/07/how-to-change-the-port-of-adfs-3-0-windows-server-2012-r2-to-444/

    The issue is that after doing the trick, none of the ressources are accessibles, a 503 error code is displayed when trying to access direct ressources url like that :

    https://IPADDRESS:444/adfs/portal/css/style.css?id=0A13280A86E7DFA6949BD016EA848912FCAFC05E88CBEDF538AC325B27041205

    The question is : how to configure the ressources paths ? as ad fs3.0 is not managed in IIS and i'm not able to find some documentation on that.

    Thanks at all for your help,

    Friday, October 19, 2018 2:34 PM

Answers

  • Of course you have other choices. Make sure your device is SNI capable and you can use publish both sites in the same IP. And if your device is not doing it, then use WAP as WAP can publish your Exchange server and your ADFS servers all on the same port. 

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, October 21, 2018 9:49 PM

All replies

  • I don't see any good reason for changing the port.

    So I would fix the underlying reason why you are trying to change the port as opposed as assisting you changing it on ADFS.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, October 21, 2018 5:33 PM
  • Dear,

    Thanks for your answer.

    The reason is that i deployed all of that in a LAB environment and so i have limitations regarding the HW ressources and connectivity.

    I have only one public IP address, that one serves :

    - Exchange Server for (OWA,Autodiscover, ...)

    - AD FS

    As exchange server is using 443 port, i don't have any other choice to do NAT on a new port for ADFS (444 in my case).

    That's the reason, in AD FS 2.0 i believe that as it was managed by IIS...it was possible to "tweak" ports or other but with 3.0 ...

    So if someone have any idea regarding it...i'm listening  :)

    Sunday, October 21, 2018 5:53 PM
  • Of course you have other choices. Make sure your device is SNI capable and you can use publish both sites in the same IP. And if your device is not doing it, then use WAP as WAP can publish your Exchange server and your ADFS servers all on the same port. 

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Sunday, October 21, 2018 9:49 PM
  • Ok, thanks for that i tried to avoid to ddeploy a new server cause i'm limited regarding ressources on my hypervisor but i'll try it because i think i have no other solution.

    Monday, October 22, 2018 6:34 AM
  • Well, if you want to offer the service externally, you would have needed a WAP anyways :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, October 22, 2018 3:18 PM
  • Thanks at all !

    It's working well with WAP.

    Issue solved !

    • Proposed as answer by exp0zd Monday, October 22, 2018 5:17 PM
    Monday, October 22, 2018 5:17 PM