Thursday, January 24, 2008

Blank page or page cannot be displayed when you view SSL sites through ISA Server

SUMMARY

If Microsoft Internet Explorer is configured to reference a server that is running Microsoft Internet Security and Acceleration (ISA) Server as a Web proxy server, when you try to view a Secure Sockets Layer (SSL) Web site on the Internet by using a port other than 443, a blank page may appear with "Page cannot be displayed" in the title bar. Or, you may receive the following error message:
Page cannot be displayed

For ISA Server 2000

The following Visual Basic Scripting Edition script (VBScript) is an example of how to add ports to the tunnel port range:

set isa=CreateObject("FPC.Root")
set tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("SSL 84443", 8443, 8443)
tprange.Save

Restart the Microsoft ISA Server Control service after you run the script.


For ISA Server 2004

Displaying the Existing Tunnel Port Ranges

The Microsoft Visual Basic® Scripting Edition (VBScript) code in ShowTPRanges.vbs retrieves the collection of tunnel port ranges defined in the containing array, iterates through the collection, and displays the names and port ranges for the tunnel port ranges. This script must be run on an ISA Server 2004 computer with the Microsoft Firewall service installed, but it can be modified to run on a remote management computer.

Usage: CScript ShowTPRanges.vbs

Script Listing: ShowTPRanges.vbs

' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.

' This script retrieves the collection of tunnel port ranges defined in the
' containing array, iterates through the collection, and displays the names
' and port ranges for the tunnel port ranges.

Sub ShowTPRanges()

' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")

' Declare the other objects needed.
Dim isaArray ' An FPCArray object
Dim tpRanges ' An FPCTunnelPortRanges collection
Dim tpRange ' An FPCTunnelPortRange object

' Get references to the array object
' and the collection of tunnel port ranges.
Set isaArray = root.GetContainingArray()
Set tpRanges = isaArray.ArrayPolicy.WebProxy.TunnelPortRanges

' If at least one tunnel port range is defined in the
' collection, display the names and port ranges for all
' the tunnel port ranges.
If tpRanges.Count > 0 Then
For Each tpRange In tpRanges
WScript.Echo tpRange.Name & ": " & tpRange.TunnelLowPort & _ "-" & tpRange.TunnelHighPort
Next
Else
WScript.Echo "No tunnel port ranges are defined."
End If
End Sub

ShowTPRanges


Creating a New Tunnel Port Range

The VBScript code in AddTPRange.vbs includes a subprocedure that creates a new tunnel port range containing a single user-specified port to allow clients to send requests, for example, SSL requests, to that port. This script must be run on an ISA Server 2004 computer with the Microsoft Firewall service installed, but it can be modified to run on a remote management computer.

Usage:
[CScript] AddTPRange.vbs RangeName TunnelPort

RangeName specifies the name of the new tunnel port range.
TunnelPort specifies the single port to be included in the new tunnel port range.

Example: CScript AddTPRange.vbs "SSL 8443" 8443

Note that the fResetRequiredServices parameter is set to True to restart the Firewall service.

Script Listing: AddTPRange.vbs

' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.

' This script creates a new tunnel port range containing a single user-specified
' port to allow clients to send requests, for example, SSL requests, to that
' port.
' This script can be run from a command prompt by entering the
' following command:
' CScript AddTPRange.vbs RangeName PortNumber

Option Explicit

' Define the constants needed.
Const Error_TypeMismatch = &HD
Const Error_AlreadyExists = &H800700B7
Const Error_OutOfRange = &H80070057

Main(WScript.Arguments)

Sub Main(args)
If(args.Count <> 2) Then
Usage()
Else
AddTPRange args(0), args(1)
End If
End Sub

Sub AddTPRange(newRangeName, newTunnelPort)

' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")

'Declare the other objects needed.
Dim isaArray ' An ISA Server array object
Dim tpRanges ' An FPCTunnelPortRanges collection
Dim newRange ' An FPCTunnelPortRange object
Dim port ' An Integer

' Get a reference to the array and to
' the collection of tunnel port ranges.
Set isaArray = root.GetContainingArray()
Set tpRanges = isaArray.ArrayPolicy.WebProxy.TunnelPortRanges

' Create a new tunnel port range.
On Error Resume Next
port = CDbl(newTunnelPort)
If Err.Number = Error_TypeMismatch Then
WScript.Echo "A number must be entered for the port to be included."
WScript.Quit
End If
Err.Clear
Set newRange = tpRanges.AddRange(newRangeName, port, port)
If Err.Number = Error_AlreadyExists Then
WScript.Echo "A port range with the name specified already exists."
WScript.Quit
ElseIf Err.Number = Error_OutOfRange Then
WScript.Echo "The range of permissible ports is from 1 through 65535."
WScript.Quit
End If
On Error GoTo 0

' Save the changes to the collection of tunnel port ranges
' with fResetRequiredServices set to True to restart the Firewall service.
tpRanges.Save True
WScript.Echo "Done!"
End Sub

Sub Usage()
WScript.Echo "Usage:" & VbCrLf _
& " " & WScript.ScriptName & " RangeName TunnelPort" & VbCrLf _
& "" & VbCrLf _
& " RangeName - Name of the tunnel port range to be added" & VbCrLf _
& " TunnelPort - Port to be included in the new tunnel port range"

WScript.Quit
End Sub


Deleting a Tunnel Port Range

The VBScript code in DelTPRange.vbs includes a subprocedure that deletes the tunnel port range having the name specified by the user. This script must be run on an ISA Server 2004 computer with the Microsoft Firewall service installed, but it can be modified to run on a remote management computer.

Usage:
[CScript] DelTPRange.vbs RangeName

RangeName specifies the name of the new tunnel port range to be deleted.

Example:
CScript DelTPRange.vbs "SSL 8443"
To delete the tunnel port range with the name specified by the user

Note that the fResetRequiredServices parameter is set to True to restart the Firewall service.

Script Listing: DelTPRange.vbs

' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.

' This script deletes the specified tunnel port range.
' This script can be run from a command prompt by entering the
' following command:
' CScript DelTPRange.vbs RangeName

Option Explicit

' Define the constant needed.
const Error_FileNotFound = &H80070002

Main(WScript.Arguments)

Sub Main(args)
If(args.Count <> 1) Then
Usage()
Else
DelTPRange args(0)
End If
End Sub

Sub DelTPRange(rangeName)

' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")

'Declare the other objects needed.
Dim isaArray ' An ISA Server array object
Dim tpRanges ' An FPCTunnelPortRanges collection

' Get a reference to the array and to
' the collection of tunnel port ranges.
Set isaArray = root.GetContainingArray()
Set tpRanges = isaArray.ArrayPolicy.WebProxy.TunnelPortRanges

' Delete the specified tunnel port range.
On Error Resume Next
tpRanges.Remove(rangeName)
If Err.Number = Error_FileNotFound Then
WScript.Echo "The tunnel port range specified could not be found."
WScript.Quit
Else
WScript.Echo "Removing the tunnel port range specified ..."
End If
On Error GoTo 0

' Save the changes to the collection of tunnel port ranges
' with fResetRequiredServices set to True to restart the Firewall service.
tpRanges.Save True

WScript.Echo "Done!"
End Sub

Sub Usage()
WScript.Echo "Usage:" & VbCrLf _
& " " & WScript.ScriptName & " RangeName" & VbCrLf _
& "" & VbCrLf _
& " RangeName - Name of the tunnel port range to be deleted"
WScript.Quit
End Sub

Links to detailed information:
http://support.microsoft.com/kb/283284/en-us
http://www.microsoft.com/technet/isa/2004/plan/managingtunnelports.mspx
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)