locked
Redirecting HTTP to HTTPS not working RRS feed

  • Question

  • TMG 2010 EE SP2 on WS2008 R2 SP1.

    Publishing WS2008 R2 RDWEB through TMG. I have 2 Web Publishing Rules set up. The only difference between them is that one that redirects /* to /rdweb/*, and the other directs <same as internal> to /rpc/*.

    Both rules use the same Web Listener. The listener listens on 80 & 443, and it is set to redirect all HTTP traffic to HTTPS.

    Browsing HTTPS works. When user browses https://host.domain.com, TMG redirects to https://host.domain.com/rdweb.

    Browsing HTTP doesn't. When user browses http://host.domain.com, they get a 404 page.

    In the logs, I see the HTTP connections, but they're all denied by Default Rule.

    These 2 rules are at the top of the Array list.

    Seems so simple...why doesn't it work?

    TIA


    • Edited by JRV529088 Saturday, December 24, 2011 1:52 AM
    Saturday, December 24, 2011 1:51 AM

Answers

  • Thanks...MSFT has just tonight confirmed my suspicion on the Partner forum: It is simply not possible to publish HTTP/80 on TMG 2010 in its default configuration, PERIOD. Because TMG 2010 includes IIS, and configures it to listen on port 80 for SQL reporting.

    One can either disable IIS (which is what I did), or move reporting to a different port. Both are workarounds for an exceptionally stupid design flaw in TMG 2010 that has persisted from RTM through Service Pack 2 without so much as a KB article.

    Once TMG is able to listen on TCP 80, there are a variety of ways to solve the redirect problem. The simplest by far, ever since ISA 2006, is to rely on 1 Web Listener. That is my solution, and it (now) works quite well, so I imagine that's how I'll leave it.

    I haven't re-enabled IIS and changed the port yet, but I imagine that, too, will solve the problem. Once I caught on to the TMG design flaw, I was really just looking for confirmation that I wouldn't break anything by changing the port, or if there was some other, more elegant solution that shows that someone at MSFT actually tried publishing HTTP through TMG before releasing the product.

    However, it turns out they didn't try, and there is no elegant solution. So there it is...a lot of time wasted on what should have been a trivial exercise.

    Monday, December 26, 2011 7:57 AM

All replies

  • Hi,

    Thanks for the post,

    Try this options

    Option 1

    In the Bridging, select Redirect requests to HTTP port 80.

    Option 2

    Copy this previous working rule and paste it, rename the rule. Then Right click on this rule and select Properties,click Action, select Deny and put checkmark on Rediret HTTP requests to this web page; and type the http://host.domain.com .

     

    Thanks,

    Naresh

    Saturday, December 24, 2011 12:28 PM
  • Option 1:

    I assume that also means switching to HTTPS-HTTP on the RDG. This did not work.

    Option 2:

    Had already tried that; did not work. Also, I assume the redirection needs to be to httpS://host.domain.com and not http://host.domain.com.

    What DID work, after a little more research:

    Disable WWW service and IISADMIN service and restart TMG. I've read in other threads that you can't publish HTTP/80 when this is running. That's a serious bug, still unfixed after 2 service packs!

    Of course, disabling IIS also means I can't use TMG Reporting.

    Is there a way to have both? Change the reporting port to something else? Is HTTP/80 hard-coded into TMG for reporting? Possible to host reporting on another machine?

    Saturday, December 24, 2011 6:20 PM
  • Hi,

    Could you check this site,himalayanbank.com and go to Internet banking. I hope this will help you where is your problems.

     

    Thanks


    Best Regards, -------------------- Naresh Man Maharjan Nepal
    Sunday, December 25, 2011 7:06 AM
  • Thanks...browsed the site and clicked Internet Banking. Not clear on how it relates to the problem; can you expand on that a little bit?
    Sunday, December 25, 2011 5:49 PM
  • Hi,

    Could it possible to give me your email address, so  I can give you details  about this. Because it is official.

     

     


    Best Regards, -------------------- Naresh Man Maharjan Nepal
    Sunday, December 25, 2011 7:04 PM
  • Hi,

    Thank you for the post.

    Please refer to this thread and see if it helps: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/b42e108d-afbe-420d-ad0d-29115a1c6b36

    Regards,

     


    Nick Gu - MSFT
    Monday, December 26, 2011 7:39 AM
    Moderator
  • Thanks...MSFT has just tonight confirmed my suspicion on the Partner forum: It is simply not possible to publish HTTP/80 on TMG 2010 in its default configuration, PERIOD. Because TMG 2010 includes IIS, and configures it to listen on port 80 for SQL reporting.

    One can either disable IIS (which is what I did), or move reporting to a different port. Both are workarounds for an exceptionally stupid design flaw in TMG 2010 that has persisted from RTM through Service Pack 2 without so much as a KB article.

    Once TMG is able to listen on TCP 80, there are a variety of ways to solve the redirect problem. The simplest by far, ever since ISA 2006, is to rely on 1 Web Listener. That is my solution, and it (now) works quite well, so I imagine that's how I'll leave it.

    I haven't re-enabled IIS and changed the port yet, but I imagine that, too, will solve the problem. Once I caught on to the TMG design flaw, I was really just looking for confirmation that I wouldn't break anything by changing the port, or if there was some other, more elegant solution that shows that someone at MSFT actually tried publishing HTTP through TMG before releasing the product.

    However, it turns out they didn't try, and there is no elegant solution. So there it is...a lot of time wasted on what should have been a trivial exercise.

    Monday, December 26, 2011 7:57 AM