Cannot setup work email using SSL on non standard port

Similar Messages

• Mail.app does not like ssl on non-standard port

  Simple set up with imaps via ssh tunnel on another machine.
  I am connecting via a tunnel and expect to have certificate errors on connection.
  Connecting from mail.app with the server on port 10933 does not work. Thunderbird works with the same configuration.
  Changing only the port number on the tunnel machine (to 993) then Mail.app performs as expected. No difference to Thunderbird.

  Sorry, this is not a solution, but I had the same problem and did extensive troubleshooting on it today. It seems that if the port# is non-standard, Mail will connect in the clear, regardless whether the SSL box is checked.
  I was trying to run an SSL-enabled IMAP server (dovecot) on port 1009. I verified that Mail was connecting to that port using netstat. However, it did not succeed in connecting, it reported a timeout error. Yet I can connect manually with openssl s_client.
  Next I tried running the non-SSL IMAP server on the same port, WITHOUT changing any of the Mail settings: still port 1009, SSL box checked. This time it did connect properly.
  Must be a bug in Mail.app
  PowerBook G4   Mac OS X (10.4.3)  

• Using the CSM to setup a HTTPS session on non-standard ports?

  Hi Guys,
  One of our clients wants to setup an SSL connection on a non-standard SSL port i.e. 4444 to begin with. Here the sever handles the SSL encryption / deccryption) instead of the SSL module.
  I've found the following config to work well:
  serverfarm FARM-MOBS-4444
  nat server
  no nat client
  predictor leastconns
  failaction purge
  real 130.194.12.81 4444
  inservice
  real 130.194.12.84 4444
  inservice
  probe MOBS-4444
  sticky 108 netmask 255.255.255.255 timeout 60
  vserver VMOBS-PROD-4444
  virtual 130.194.11.51 tcp https
  serverfarm FARM-MOBS-4444
  sticky 60 group 108
  persistent rebalance
  inservice
  With the above setup the CSM redirects the SSL connections (recieved on 443) to port 4444 on the sever and maintains this for the duration of the session.
  While the above setup works, is it possible to configure the VIP to use a HTTPS port other than 443 (which is default)? This would then allow for separate HTTPS paths to be setup on non-standard ports. I ask this since the client also wants to setup a HTTPS path on port 4443 as well.
  Any ideas would be useful.
  thanks
  Sheldon

  Hi Martin,
  Do you mean using the SSL module to perform the encryption / decryption? If so i've tried this and it does work without an issue.
  I was just wondering if it were possible to have a VIP setup where the HTTPS port is not 443 but say 4443, where the encryption / decryption is done by the real servers themselves.
  thanks
  Sheldon

• CSS 11501 ftp server setup problem using non-standard port

  Dear Expert,
  we would like to setup FTP server over CSS where our member sever use non-std-port to open both control/data channel (i.e. 6370 as ctrl and 6369 as data this case.) but seems we only get Passive mode FTP mode work only but not for Active mode FTP case for data channel establishement for server back to client...is there any professional advise can help on this case...? here is our setup info FYI
  #  sh ver
  Version:               sg0820501 (08.20.5.01)
  Flash (Locked):        08.10.1.06
  Flash (Operational):   08.20.5.01
  Type:                  PRIMARY
  Licensed Cmd Set(s):   Standard Feature Set
                         Secure Management
  CVDM Version:          cvdm-css-1.0_K9
  !*************** Global
  ftp data-channel-timeout 10
    ftp non-standard-ports
  !************************** SERVICE **************************
  service ftp_ftpgtw
    keepalive maxfailure 2
    keepalive frequency 15
    keepalive retryperiod 2
    keepalive type tcp
    ip address 192.168.52.170
    protocol tcp
    keepalive port 6370
    port 6370
    active
  # sh run group drfusegtwftp_grp 
  !*************************** GROUP ***************************
  group gtwftp_grp
    vip address 192.168.52.28
    add service ftp_ftpgtw
    active
    content ftp_gtwpkg-ftpgtw
      add service ftp_ftpgtw
      vip address 192.168.52.28
      port 21
      protocol tcp
      application ftp-control
      active

  Thanks for your confirmation on no prob found in config level 1st..:P..as to save us a lot of time in isolating problem at this level.
  What we can notice is seems the data port connection is fail to open  for server back to client....for our general sense..... the flow expected should be:
  TCP session A -- Client:1234 --> VIP:21 --> member svr:6370
  TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 6379 [on demand generated between server/client]
  but we can only see session B fail  to setup when client side access VIP site on CSS..even we try to put the most standard case as below
  TCP session A -- Client:1234 --> VIP:21 --> member svr:21
  TCP session B -- Client: 5678 <--> VIP:20 <--> member Svr: 20
  we still unable to make the Active mode FTP access work either...hence we got no idea on how CSS handle FTP access when it involve services over multiple tcp ports..
  and from CSS xlate view...the problem is we can only see what NAT IP that used in CSS connect to client...but no way to confirm for which port for VIP using outgoing to client. neither it is dropped by CSS..nor it is never setup from VIP to Client side.

• Won't be able to setup Work email on my Blackberry z10

  Hi Everyone,
  I am using z10, trying to setup work email so that i can use blackberry balance,
  I am using my work email through exchange active sync without any issue.
  If possible can you guys give me the details how to setup work email directly through advance setup without errors.
  I tried with my server details and username and password, no luck.
  Thanks in advance.

  Your company would need to have a BES 10 server in order to have BlackBerry Balance.
  1. Please thank those who help you by clicking the "Like" button at the bottom of the post that helped you.
  2. If your issue has been solved, please resolve it by marking the post "Solution?" which solved it for you!

• Reply to my work email using my blackberry email?

  Hello, new to BB here and somewhat technologically challenged...  For whatever reason my Pearl 8130 will recieve emails from my work acct. but when I reply or try to send an email it gives me a failed delivery notice.  So I got a blackberry email and was wondering if it is possible to reply to my work emails using the bb email but without people replying to the bb email?  Did that question make any sense at all?
  Also, was wondering how to make my Outlook and my organizer on my bb sync?  When I loaded the software and tried to configure that, Outlook was not an option?  Again, technologically challenged here....

  Zeinstra wrote:
  Hi...
  Little question. I also had the option "Reply-to" at my previous telecom provider. Since our change to a new provider and upgrade of new BIS software... the new provider say that they don't have rights on the Reply-to anymore... So, this cannot be changed anymore. Is this actualy true, or is it policy of my new provider?
  Hi and Welcome to the Forums!
  Interesting! I've not heard of anyone restricting access to the Reply-To field in BIS. So, just to be sure, are you logging into, via a PC and web browser, the BIS site of the new provider? And, on the "General Settings" tab of the configured account, there is no "Reply to:" field at all? Or is the field visible but just grayed out and inaccessible? And, via your BB BIS interface, you get the same result?
  And, when you switched providers, did they switch your BIS conduits over? Or were they deleted on the old providers BIS site and you had to then create them brand new on the new providers BIS site?
  This is curious indeed!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• How to use non-standard port for vnc?

  Our Windows users who use RDC to connect to their desktops from off-site come in on a non-standard port number. Part of our security setup.
  I'd like to do the same with Mac users who use screen sharing and vnc to connect remotely.
  How can I specify another port number at both ends to accomplish this?
  I can find nothing in the Network Utility app, or in the KB.
  Surely there's a short sequence of Terminal commands that will do this?

  I haven't tried this so don't know whether it will work. But I think it will. Presuming the target machine is a Mac, see if editing its /etc/services file will do it. Find the two lines that start with "vnc-server" and change the port number there. Launch Terminal.app as an administratively privileged user, sudo pico /etc/services, ^w to search for vnc-server, make the changes, ^x to exit, y to save and overwrite. Also, you will need to have screen sharing enabled in the target machine's System Preferences' Sharing, and the authorized users defined there, too. Reboot. Now, on the remote client, assuming it is also a Mac, the user would type ⌘k in the Finder (or mouse to Finder > Go > Connect to Server), and enter something like vnc://123.45.67.89:55900 where you substitute the actual IP address or host name for where I have entered 123.45.67.89, and where you substitute the actual alternate port number where I have entered 55900. Of course, in the clients' Screen Sharing's Preferences, they should choose to encrypt the entire session, not just the login. Like I said, I haven't tried this because I just tunnel my vnc stuff through ssh, but I'm thinking that this should work.

• Accessing websites running on non-standard ports or with self-signed ssl certs?

  I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
  Anyone else noticed this?

  If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
  That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
  If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
  In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
  In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

• Isakmp peers using non-standard port 4500

  Hello,
  I have a remote site using the Internet to access corporate networks over IPSEC. Set-up is as below:
  Remote Router uses public IP across internet --> hits corporate untrusted nework FW --> NAT'ed to private 10.x.x.x IP --> reaches trusted network router.
  The problem is that the peer keeps hanging and the only way to reset it is to issue 'clear crypto session' on the central trusted router. I have added isakmp keepalives with the aim of forcing some keepalive traffic:
  crypto isakmp keepalive 90 30 periodic
  ...and this works to some degree (with DPD are u there keepalives). However I have noticed that the far end router uses non-standard ports when trying to set up phase-1 tunnel:
  BEVRLY_D_CR184_01#sh crypto isa pee
  Peer: 161.x.x.x Port: 4500 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10456 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10554 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10557 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10580 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10589 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10596 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  Peer: 161.x.x.x Port: 10600 Local: 77.x.x.x
  Phase1 id: 10.2.0.92
  These ports (non-4500) will be blocked by our firewalls. Why does it use these, and is there a way of stopping the router using anything other than port 4500?
  Thanks
  Phil

  Hello,
  Yes - there's NAT at the trusted central router end our side of the firewall... the config used is below:
  Remote Router end:
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 180
  crypto isakmp key address
  crypto isakmp invalid-spi-recovery
  crypto isakmp keepalive 90 30 periodic
  crypto ipsec security-association idle-time 300
  crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
  crypto ipsec profile VTI
  set security-association lifetime seconds 1800
  set transform-set BEVERLEY_Transform
  interface Tunnel1
  description BEVRLY_CC296_01 F0/8 (10.30.45.29)
  ip address x.x.x.x 255.255.255.252
  ip helper-address 10.91.6.30
  ip helper-address 10.4.162.92
  ip mtu 1400
  ip ospf message-digest-key 1 md5
  load-interval 30
  tunnel source Dialer1
  tunnel destination
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile VTI
  Central Router:
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  lifetime 180
  crypto isakmp key address
  crypto isakmp invalid-spi-recovery
  crypto isakmp keepalive 90 30 periodic
  crypto ipsec security-association idle-time 300
  crypto ipsec transform-set BEVERLEY_Transform esp-3des esp-md5-hmac
  crypto ipsec profile VTI
  set security-association lifetime seconds 1800
  set transform-set BEVERLEY_Transform
  interface Tunnel1
  description link to Beverley via internet (BEVERLY_CR184_01 Tun1)
  ip address x.x.x.x 255.255.255.252
  ip mtu 1400
  ip ospf message-digest-key 1 md5
  load-interval 30
  tunnel source FastEthernet0/1
  tunnel destination
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile VTI
  I believe the DPD keepalives ensure NAT is known and compatible (crypto isakmp keepalive 90 30 periodic) between the peers....
  Any help gladly appreciated....
  thanks
  Phil

• CFHTTP GET using non-standard ports

  I have an application which goes out and checks links on
  various servers to verify that the link still exists, however I
  have a few links on servers that use non-standard ports (ie 8001,
  7072, 8080, etc). When I dump CFHTTP I get the following:
  struct
  Charset [empty string]
  ErrorDetail I/O Exception: Premature EOF encountered
  Filecontent Connection Failure
  Header [undefined struct element]
  Mimetype Unable to determine MIME type of file.
  Responseheader struct [empty]
  Statuscode Connection Failure. Status code unavailable.
  Text YES
  Any ideas?
  Thanks.
  Mike

  Yup, FaceTime was set up on all devices using my home network. It functions correctly pretty much everywhere except on my internal network at the office.
  I'm pretty sure this is a firewall issue, not a basic FaceTime problem.

• How can ftp service on non-standard port be load balanced using Cisco ACE.

  How can ftp service on non-standard port be load balanced using Cisco ACE.For example ftp service required on tcp 2000 port

  Hi Samarjit,
  you can do this by specifying the port number in the class map that you create . Please find the below mentioend config guide where you can specify the tcp/udp port , range or ports or even the wild card to match the port.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html#wp1318826
  Regards
  Abijith

• In FireFox 9, loading secure web pages running on non-standard ports works just fine. In FireFox 10, those same pages do not load and a "The connection was reset" message is displayed.

  How can this be fixed so functionality returns as per FF9 and below?
  This occurs on any secured website running on a non-standard port, with FF10.

  < X-Post from https://support.mozilla.org/en-US/questions/917315#answer-315144 >
  I don't think this is restricted to Firefox. I've noted this behaviour with IE9, Firefox 10.0.2, Opera Mobile (on my phone) and Chrome(latest version) with my Linksys E3000 router (I access it from https://<IP>) and my 3ware RAID card management suite, 3DM2 (I access it from https://localhost:888 ).
  Notably, the only thing amiss that I've been able to see in the certificates (I'm no expert) is that the one from Linksys has issue and expiry dates in 1969 and 1970 respectively. However, I don't think this is the cause since 3DM2 has proper looking issue dates and has the identical problem.
  Coincidentally, I noticed this happening after a fresh reinstall of Windows 7 x64 with virtually nothing installed on it (FF, Office 2007), so I don't think it's something wrong with the other software on the machine.

• Running the BO servers on non standard ports XIR2

  Hi all,
  I need to know how to get the bo servers to register with the cms when it is running on a non-standard port. The port I'm using is 6409, so I have tried adding -port 6409 to the command line string, but that didn't work.
  I'm running two instanceson BO on the box hence the need for non standard ports.
  Any thoughts?
  TIA,
  Jeff

  -port switch is the correct way to accomplish this.
  So your CMS will have -port 6409, the rest of servers will have -ns cmsname:6409 in their comand line.
  You might want to look at adding -requestport switches as well....
  Please review Admin guide for more details on usage of those switches.

• Version 8 blocks http on non standard ports i.e. 8080

  Version 7 handled http on both port 8080,8081 and 8082 but only text is passed after version 8 update. Is there a way to re-enable http on non standard ports? If you save the text file to the desktop and load it from there the html is processed correctly? Is there a directive besides "html" that could be place on the web pages to force html rendering on the odd ports. Version 8 works with port 4135 from Jefferson labs speed test.

  See:
  *http://www.mozilla.org/projects/netlib/PortBanning.html
  *http://kb.mozillazine.org/network.security.ports.banned.override

• Cisco Secure ACS 5.6 Backup to FTP server listening on non-standard ports

  When defining a software repository from CLI or GUI, I have not been able to define the custom port that our FTP server is listening on.  Does ACS support the use of custom ports for FTP?

  Hi Anthony,
  I don't thing so it will support non-standard ports as the options are only Disk,FTP,SFTP,TFTP and NFS.
  Regards,
  Chris