So, if you try to access pages via https on port different than 443 via TMG with https inspection enabled and you check logs on TMG you can see the following error "12204 The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests".
As a solution to this error I have bumped on the following article http://technet.microsoft.com/en-us/library/cc302450.aspx . There are three scripts for managing tunnel port ranges (view,add,delete). In my case I should access 8443 for ssl. So, I have added new tunnel port range with single port 8443. Started the script like : "cscript addrange.vbs ssl8443 8443" . And, TMG started proxyng ssl requests to requested destination on 8443.
Blank page when accessing streamed pdf file over https
If you receive a blank page on your Internet Explorer when you try to open streamed pdf document, and you have tried almost anything including resetting the browser, re-installing Adobe Reader (pre-registering active-x plug-in), installing the latest version of Adobe Reader ...and still you're receiving white blank page, try opening the same streamed pdf document via http (if you're hosting the web server, or someone can provide that for you). In my case I could successfully open streamed pdf document when the document was provided via http. So, I started digging deeper and bumped on the following article http://support.microsoft.com/kb/323308 "Internet Explorer file downloads over SSL do not work with the cache control headers". In my scenario the client is running on XP with IE 8 and Adobe reader 8, and the web server IIS 7.5. In Microsoft's KB there is a solution for IE 8, where I have added the following key "BypassSSLNoCacheCheck"=Dword:00000001 and the IE has finally showed the streamed pdf file ! But you must be aware that the server is using "cache-control:no-store", check with your developers !
In order not to change (add registry settings) on all workstations, I have pushed developers to change their code to response.setHeader("Cache-Control","private") , and the case was successfully closed.
In order not to change (add registry settings) on all workstations, I have pushed developers to change their code to response.setHeader("Cache-Control","private") , and the case was successfully closed.
Subscribe to:
Posts (Atom)
How to check EMBG (Unique Master Citizen Number) using regex
In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...
-
In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo... -
In this case Hyper V failover cluster was installed on Windows Server 2012, and on one of the nodes that was hosting the "Cluster Grou...
-
In my case few client XP machines were having problems with applying group policy settings. Following events were logged in Application eve...
-
In this case Warning Event 9327 from source: MSExchangeSA was logged in Application Event log on Exchange 2010 server responsible for OAB g...
-
In this post I will share my PowerShell code for querying the availability of new updates for Cisco WSA (Web Security Virtual Appliance). U...