ISA Server 2004 FAQ: Application Publishing

  • Article

This frequently asked questions (FAQ) document provides answers to questions commonly asked about publishing in Microsoft® Internet Security and Acceleration (ISA) Server 2004.

Q

In the Outlook Web Access Publishing Wizard, there is an option to enable high-bit characters. What does this mean?

A

The default for this setting is enabled, and if you need to support clients who will connect to Exchange servers using non-English characters, you should leave this enabled. If English is the only language in use, you can disable the setting.

Q

If I have a single IP address on the external interface of ISA Server, can I use multiple Web listeners on the same IP address and port?

A

No, ISA Server does not allow duplicate Web listeners with the same IP address and port.

Q

Can I add content types to the predefined types?

A

Yes, you can create your own content types in addition to the predefined ones. Common content types you may want to add include:

  • Common Windows media types:
    • .wma = windows media audio
    • .wmv = windows media video
    • (.asf is either audio or video)
  • Potentially dangerous files:
    • .jse = encoded JScript
    • .vbe = encoded VBScript
    • .wsf= Windows Script file
    • .reg = Windows registry file
    • .pl = PERL script
    • .com = executable

Q

Does ISA Server support RPC-over-HTTP publishing?

A

Yes.

Q

Can I publish my Outlook Web Access server on a non-standard port?

A

Creating a publishing rule that uses non-standard ports on the ISA Server computer or the Outlook Web Access server is not supported. Standard ports are 80 (for HTTP) and 443 (for HTTPS).

Q

I tried to create a Web listener and get an ADDRESS_IN_USE error. What might be wrong? I have tried restarting the Firewall service.

A

This is a known issue. If you get this error, try the following:

  • Check that the IIS service is not listening on the same port.
  • Wait approximately five minutes and restart the Firewall service.
  • Restart the ISA Server computer.
  • Reduce the waiting time with the following registry keys if the error is persistent.
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay (DWORD). Set the required value in seconds.
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\StrictTimeWaitSeqCheck (DWORD). Set the value to 1.

Q

When trying to create a Web listener for Outlook Web Access publishing, I receive an error message that no certificates are configured on the server. What might be wrong?

A

Check the following:

  • You imported the certificate into the wrong store. Server authentication certificates should be in the personal store of the local computer.
  • When you exported the certificate from another computer you forgot to export the private key with the certificate. (You need to select the private key check box.)

Q

I cannot use the Certificate Request Wizard in the Certificates MMC, or the Web Site Certificate Request Wizard. What can I do?

A

Disable the RPC filter and create an all open rule between the source and destination. Be sure to reenable the RPC filter and remove the all open rule when you are done.

Q

Publishing fails when I publish a secure Web server and present a wildcard certificate. For example, when I publish myserver.adomain.com and present a wildcard certificate *.adomain.com, publishing fails. Why?

A

This is by design. ISA Server can use a wildcard certificate on a listener, but will not accept a wildcard certificate from a published website.

Q

I want to publish a site with /* for the path, but it is producing an error. What might be wrong?

A

Using /* provides access to the entire site you are publishing. Note that for this to work, you require a default document on the site, or an error will be generated.

Q

I want to use a certificate with multiple CN names in it. For example to reference https://server_name and https://www.server_name.com. Can ISA Server handle these multiple CN names?

A

No, ISA Server will only reference the first CN in the certificate, and does not support multiple names.

[Topic Last Modified: 12/16/2008]