Exchange 2010 - EWS and disabling TLS 1.0
Hi all,
Due to the POODLE vulnerability and TLS 1.0 showing as enabled on one of our external scans, we were informed that we would need to disable SSL 3.0 and TLS 1.0 on our Exchange server.
Apparently, this wouldn't even be possible until Update Rollup 9 was released on 3/16/15:
Rollup resolves:
KB 3029667 SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2010 environment
After installing this update, SSL 3.0 and TLS 1.0 were disabled and the servers rebooted (cross site, same domain, two Exchange servers). After resolving some issues with certificates that apparently broke as a result of the changes, we found
that EWS was not working - the log full of these errors:
Process 5776: ProxyWebRequest CrossSite from S-1-5-21-3895483984-2032760896-3917300074-1259 to
https://mail.exchange.com:443/ews/exchange.asmx failed. Caller SIDs: NetworkCredentials. The exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.ProxyWebRequestProcessingException:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
The EWS directory in IIS on both servers are set to use Anonymous and Windows Authentication. The main issues observed outside of the above errors was that free/busy information could not be viewed.
After rebuilding the EWS virtual directory and a couple reboots later, we tried enabling TLS 1.0 on both servers, rebooted, and there were no more EWS errors to be found - free/busy was also working.
So it appears that although this rollup allows SMTP to use TLS 1.1 or 1.2, EWS is still attempting to use TLS 1.0, and I don't see that it is possible to change this
You need to include the To and From properties in the property set your using in the Bind statement change
var response = _ExchangeService.BindToItems(newMails,
new PropertySet(BasePropertySet.IdOnly, ItemSchema.DateTimeReceived,
ItemSchema.UniqueBody, ItemSchema.Subject,
ItemSchema.DisplayTo, ItemSchema.InternetMessageHeaders,
ItemSchema.Body, EmailMessageSchema.ToRecipients, EmailMessageSchema.From));
Exchange will only return the properties that you ask it to.
Cheers
Glen
Similar Messages
-
Exchange 2010 EWS and retrieving To and From Addresses
I'm using Microsoft EWS notification streaming to monitor a mailbox for new messages. It is doing exactly what I need it to do except i'm having trouble pulling out the new email addresses from the message for To and From. I'm using Microsoft's
sample application they gave me here
http://www.microsoft.com/en-us/download/details.aspx?id=27154 but can't figure it out. Any help is appreciated.
private
static
void OnNotificationEvent(object
sender, NotificationEventArgs args)
// Extract the item ids for all NewMail Events in the list.
var newMails =
from e
in args.Events.OfType<ItemEvent>()
where e.EventType ==
EventType.NewMail
select e.ItemId;
// Note: For the sake of simplicity, error handling is ommited here.
// Just assume everything went fine
var response = _ExchangeService.BindToItems(newMails,
new
PropertySet(BasePropertySet.IdOnly,
ItemSchema.DateTimeReceived,
ItemSchema.UniqueBody,
ItemSchema.Subject,
ItemSchema.DisplayTo,
ItemSchema.InternetMessageHeaders,
ItemSchema.Body));
var items = response.Select(itemResponse => itemResponse.Item);
//ExtendedPropertyDefinition transportMsgHdr = new ExtendedPropertyDefinition(0x007D, MapiPropertyType.String);
foreach (var
item in items)
Console.Out.WriteLine("A
new mail has been created. Received on {0}", item.DateTimeReceived);
Console.Out.WriteLine("Subject:
{0}", item.Subject);
Console.Out.WriteLine("To:
{0}", item.DisplayTo);
Console.Out.WriteLine("Body:
{0}", item.Body);
Console.Out.WriteLine("ID:
{0}", item.Id);
Console.Out.WriteLine("Headers:
{0}", item.InternetMessageHeaders);
Michael DuhonYou need to include the To and From properties in the property set your using in the Bind statement change
var response = _ExchangeService.BindToItems(newMails,
new PropertySet(BasePropertySet.IdOnly, ItemSchema.DateTimeReceived,
ItemSchema.UniqueBody, ItemSchema.Subject,
ItemSchema.DisplayTo, ItemSchema.InternetMessageHeaders,
ItemSchema.Body, EmailMessageSchema.ToRecipients, EmailMessageSchema.From));
Exchange will only return the properties that you ask it to.
Cheers
Glen -
Exchange 2010 EWS - app_global.asax-error.
Im setting up an Exchange Online deployment on a costumers server enviroment. They have a single Exchange 2010 SP3 with Rollup 6 installed.
The users started complaining that they couldnt set out-of-office messages in Outlook, and that they were prompted for Exchange password in Lync repeatedly.
Now, im not sure if these errors came because of the Hybrid setup of its a coincidence, but here is what Ive done:
I started the Hybrid Wizard, but this one got some errors, so it didnt complete on the first run. The error was the following:
http://support.microsoft.com/kb/2626696
and I ran
ServiceModelReg.exe –r
on the server to fix it. This solved this problem, but a new one occurred with publishing of Autodiscover and EWS online. I called it a day, and was busy the next day so this was left like this for a few days.
The next day a few users complained that they couldnt set out of office. The next day after that, the lync error occured (there was a reboot that night. Im not sure if thats relevat). The errors in the Hybrid-wizard had then been solved, and the Hybrid-wizard
ran through, but the EWS-problem remained.
Now, on the server I get this error every second or so:
+
System
Provider
[ Name]
System.ServiceModel 3.0.0.0
EventID
3
[ Qualifiers]
49154
Level
2
Task
5
Keywords
0x80000000000000
TimeCreated
[ SystemTime]
2014-09-25T15:36:32.000000000Z
EventRecordID
933734
Channel
Application
Computer
<Server Name>
Security
[ UserID]
S-1-5-18
EventData
System.ServiceModel.ServiceHostingEnvironment+HostingManager/20974680
System.ServiceModel.ServiceActivationException: The service '/EWS/Exchange.asmx' cannot be activated due to an exception during compilation. The exception message is: Could not load file or assembly 'App_global.asax.hid_mutt,
Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.. ---> System.IO.FileNotFoundException: Could not load file or assembly 'App_global.asax.hid_mutt, Version=0.0.0.0, Culture=neutral,
PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified. File name: 'App_global.asax.hid_mutt, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase,
Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark,
Boolean forIntrospection) at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) at System.Reflection.Assembly.Load(String assemblyString) at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String
constructorString, Uri[] baseAddresses) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog]
(DWORD) to 1. Note: There is some performance penalty associated with assembly bind failure logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog]. --- End of inner exception stack trace --- at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String
normalizedVirtualPath) at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
w3wp
4440
Any ideas is appreciated.Hi,
I am glad to hear that issue solved by yourself.
Event 3 indicated that Exchange missed Anonymous authentication on autodiscover/EWS Virtual directories.
To solve this issue, please enable Anonymous authentication on autodiscover/EWS Virtual directories through IIS manager by the following steps:
Open IIS manager.
Navigate to Sites>Default Web Site>Autodiscover.
Refer to the following picture to choose Authentication, then double-click it. Try to enable Anonymous Authentication.
Repeat steps 1-3 to enable Anonymous authentication on EWS.
Best Regards. -
Hi all,
4 Exchange Servers (2 DB + 2 CAS NLB Cluster) all Exchange 2010 SP1
Outlook work fine.
If I delete a message in OWA i became the following errors:
Internet Explorer:
Die Netzwerkverbindung ist nicht verfügbar. Wenn das Problem weiterhin auftritt, wenden Sie sich mit folgendem HTTP-Statuscode an den Helpdesk: 0.
Translation: The networkconnection is not available. If it happens again, contact the helpdesk with HTTP statuscode 0
Firefox:
Die Netzwerkverbindung ist nicht verfügbar. Wenn das Problem weiterhin auftritt, wenden Sie sich mit folgendem HTTP-Statuscode an den Helpdesk: 302.
Translation: The networkconnection is not available. If it happens again, contact the helpdesk with HTTP statuscode 302
Event ID 1006 MSExchange Mailbox Replication
Fehler: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Before SP1 it worked fine.
Can somebody help me ?
Kind regards AndyHi,
First, I would like to confirm the following questions:
1. Does the issue occur on certain user mailbox via OWA or each user mailbox?
2. Which OWA folder’s email cannot be deleted, Inbox, Sent Items or each folder?
3. Which version of operating system is installed on the client machine, Windows XP, Windows Vista or Windows 7?
At this stage, I suggest you temporarily disable firewall and anti-spam for a test. If the emails still cannot be removed via OWA, please refer to the following article
and use isinteg tool to check and repair Information Store.
Description of the Isinteg utility
Thanks.
Novak Wu-MSFT -
Integration b/w Exchange 2010 SP2 and Exchange 9.1.1.7 connector
Has any succesfully integrated exchange 2010 sp2 with 9.1.1.7 conncetor ..
Sp2 is not in the certifcation list in the connector documentation .. just want to check if any one has done this before ..
ThanksHi Sembee,
We did this already.
We got it working now after doing above but with the shell.
First we confirmed if the mailbox is disabled with the following command: Get-MailboxStatistics -Database MBD01 | Where { $_.DisconnectReason -eq "Disabled" } | Format-List LegacyDN, DisplayName, MailboxGUID, DisconnectReason
It did show as disabled but when we try to enable it we got the following: This task does not support recipients of this type.
So we disabled the mailbox in the shell, enable it again and it was fine.
Get-MailboxStatistics -Database MBD01 | Where { $_.DisconnectReason -eq "Disabled" } | Format-List LegacyDN, DisplayName, MailboxGUID, DisconnectReason helped us, cause in the EMC exchange showed the user as enabled.
Thanks -
Exchange 2010 SP3 and meeting forward notification options
I'm having an issue with meeting forward notifications in Exchange 2010 SP3. I'm working on an integration project with an existing system using the EWS Managed API. Part of this system is handling forward notifications and responses. However, we've hit
an issue regarding the way forwards are generated by Exchange.
In short, when a meeting request is forwarded to an external address (could be an Exchange server outside of our domain, gmail, or anything, really), the notification they receive places the meeting owner in the "sent representing" field, not the
person who actually sent the forward. As a result, any responses from the forward recipient will go directly back to the organizer, and the user who forwarded the request may not even be visible. We do not want this to happen. We'd prefer that the forward
show the person who actually sent it as the sender, and as a result, the response should go directly back to them, not the organizer.
Is this possible, either through settings or flags on the Appointment object itself or through some additional configuration options in Exchange? Installing a third-party transport agent (even one that we write) is probably out of the question.What if you "Forward as iCalendar"
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on www.exchangequery.com -
Exchange 2010 SP1 and SP2 are no longer supported.
Exchange 2010 SP3 is the minimal version that should be installed on your Exchange Servers and just may contain the fixes you need to solve your issue.
Support for 2010 SP1 and SP2 has ended.
Before posting a question, please ensure you are running at least 2010 SP3.
For more details:
http://blogs.technet.com/b/rmilne/archive/2014/04/09/end-of-exchange-2010-sp2-support.aspx
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.Exchange 2010 SP3 is the minimal version that should be installed on your Exchange Servers and just may contain the fixes you need to solve your issue.
Support for 2010 SP1 and SP2 has ended.
Before posting a question, please ensure you are running at least 2010 SP3.
For more details:
http://blogs.technet.com/b/rmilne/archive/2014/04/09/end-of-exchange-2010-sp2-support.aspx
Twitter!:
Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Hi,
after updating to exchange 2010 sp 3 from sp 2 and also updating to rollup 4, users who use conditional formatting cannot see new message unless they close and reopen Outlook.
If you decide to change the font colour for unread messages, the messages do not appear in Outlook but a pop up indicates that a new message has arrived.
If you reopen Outlook, the unread messasge appears.
remove the conditional formatting and no issue with viewing unread messages as they arrive.
running Outook version 14.0.7106.5003
is this a known issue? a user who never used conditional formatting will experience this right away.
Thanks,
rudifHi rudif,
If the issue only happens to users who use conditional formatting and OWA can work well for all mailbox, I think the issue should be in client side.
Please try to reset View then set the conditional formatting back to have a try. If the issue continues, please try to recreate the Outlook profile to check whether the issue persists. Also try restarting Outlook in Safe mode by running
Outlook /safe switch.
Thanks,
Winnie Liang
TechNet Community Support -
Exchange 2010 EMC and EMS errors - BLOCKED by software restriction
EMC has this message:
Initialization failed "Execution calling 'GetSteppablePipeline" with "1" arguement: File D:\program files\Microsoft\Exchange Server\V14\RemoteScripts\ConsoleInitialize.ps1 cannot be loaded because its execution is blocked
by software restriction policies"
EMS has this error:
"There were errors in loading the format data file: D:\Program Files\Microsoft\Exchange 2010\V14\Bin\exchange.format.ps1x
ml, , D:\Program Files\Microsoft\Exchange 2010\V14\Bin\exchange.format.ps1xml : File skipped because of the following validation exception: File D:\Program Files\Microsoft\Exchange 2010\V14\Bin\exchange.format.ps1xml cannot be loaded because its execution is
blocked by software restriction policies. For more information, contact your system administrator."
All other powershell scripts work just fine. It is not the execution policy. That is set properly. Authenticode returns valid on the files. There are no settings it GPO to control or cause this. Email working fine. It just started
after a reboot for updates. Any other thoughts before I spend $500 for a call?
Server2008 Standard SP2
Update Rollup 4 v2 for Exchange Server 2010 SP2
Thank youThe long and short of it was Microsoft Certificates didn't update and were expired. I was not given a reason why this happened but the final solution after Microsoft spent 2 weeks on this was to first reinstall Exchange Service Pack 3, reboot. Install
update rollup 8, and reboot. This fixed the EMC but not the shell. Then they reinstalled the rollup 8 again and one more reboot. Everything now works. I'd say with all the other little tweaks they looked at as possible suspect and "other
things" they fixed in their efforts to solve this, I defiantly got my money's worth. Despite not really knowing what really caused the issue in the first place -
Hi...
Our company is running Exchange Server 2010 SP3 Standart would like to have Shared calendar with organisation running with Exchange online.
We made a Federation trust between organisations and I checked that one certificate was installed and the rule for their domain was created. but when I try to share my calendar I always receive.
"Calendar sharing is not available with the following contacts because of permission settings on your network."
Name I took from GAL or input manually and always same. Forgot to mention that we migrated from Exchange 2003 to 2010 SP3 and all old exchange servers I removed. I tried everything that I know and read and nothing helped.
Hope for your support.
Thank you.1)I deleted everything and made step by step as indicated in your articles.
2) recreated organisation relationship:
RunspaceId : xxxxxxxxxx
DomainNames : {xxxxxxx.microsoftonline.com, xxxxxxxxx.onmicrosoft.com, xxxxxxx.com}
FreeBusyAccessEnabled : True
FreeBusyAccessLevel : LimitedDetails
FreeBusyAccessScope :
MailboxMoveEnabled : False
DeliveryReportEnabled : False
MailTipsAccessEnabled : False
MailTipsAccessLevel : None
MailTipsAccessScope :
TargetApplicationUri : outlook.com
TargetSharingEpr :
TargetOwaURL :
TargetAutodiscoverEpr : https://pod12312.outlook.com/autodiscover/autodiscover.svc/WSSecurity
OrganizationContact :
Enabled : True
ArchiveAccessEnabled : False
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
Name : xxx
DistinguishedName : CN=xxx,CN=Federation,CN=uxx,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=uxxx,DC=com
Identity : Lxx
Guid : a8xxx
ObjectCategory : upxxs.com/Configuration/Schema/ms-Exch-Fed-Sharing-Relationship
ObjectClass : {top, msExchFedSharingRelationship}
WhenChanged : 27/01/2015 3:23:47 PM
WhenCreated : 26/01/2015 9:41:39 AM
WhenChangedUTC : 27/01/2015 8:23:47 PM
WhenCreatedUTC : 26/01/2015 2:41:39 PM
OrganizationId :
OriginatingServer : xxx.upxxxns.com
IsValid : True
3. Configured Sharing Policies:
[PS] C:\Windows\system32>Get-SharingPolicy
Name Domains Enabled Default
Default Sharing Policy {*:CalendarSharingFreeBusySimple} True False
Lxxx {lxxx.com:CalendarSharingFreeBusy... True True
added my mail box to sharing policy but in the end receive same error
Calendar sharing is not available with the following contacts because of permission settings on your network.
In EventViewer everything seems to be fine....
No errors on policy creation... How can be checked this permission
settings on your network they are on exchange on in DC ? -
Exchange 2010 SP3 and UR6 Query - Order of Install
hi,
I need to update my Exchange 2010 SP2 Servers to SP3 and Update Rollup 6.
Can someone confirm the update order for me?
I have 5 servers;
Live Data Centre:
2 x HUB / CAB (Using Windows NLB)
2 x Mailbox (DAG)
Disaster Recovery:
1 x Multi-Role Server (CAS / HUB and Mailbox) - this is also Part of the DAG
Two Questions:
1.) What is the Order in which I install SP3 on these Servers? Should it be Live Data Centre: HUB / CAS, Mailbox Servers and THEN the Multi-Role Server at DR?
2.) When Upgrading each server, should I do SP3, reboot, check and THEN install Update Rollup 6 - or should I upgrade all Servers to SP3 and then start the process again to get to Update Rollup 6?
Thanks in advance for your help with this query.
Regards,
Adam1) Internet facing CAS first in each AD site. Order: CAS> HUB> UM> MBX
2) Personally, I would install SP3, reboot, then install SP6, but its really up to you.
http://technet.microsoft.com/en-us/library/bb629560(v=exchg.141).aspx
Upgrade Exchange 2010 to Exchange 2010 SP1, Exchange 2010 SP2, or Exchange 2010 SP3
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Renew SSL Certificate for for two Exchange 2010 Server and the new rules.
I find DigitCert's website always helpful with cert questions.They've got a pretty helpful page here: https://www.digicert.com/internal-names.htmIt looks like they've got a tool for Exchange, but I've not used it myself, so can't say if it works or how well: https://www.digicert.com/internal-domain-name-tool.htmI bet Microsoft have something on their website too that helps with this sort of question.I'd say you register a completely new domain and use that for public facing and internal servers. Or you could just create a sub domain of an existing one, i.e. subdomain.mydomain.com and use that, i.e. public_exchange.subdomain.mydomain.com and internal_exchange.subdomain.mydomain.com.
Hi there ,
My exchange 2010 Server Certificate is about to expire and i am going to renew it but according to the new rules for SSL Certificate Issuing we can not include our Local Servers Names and Local FQDN such as myserver.contoso.local, my issue is that i have 2 exchange servers one is internet-facing Server (where the certificate is initiated and installed) and one is non-internet-facing Exchange server.
if i am going to renew my certificate with public only name, I have to create a split Domain that reflects my external links to the internal Users, what shall i do for the non-internet-facing server? do i need to create another record in my split DNS Server and add it to my Certificate Request ?
This topic first appeared in the Spiceworks Community -
I have a DAG environment with Exchange 2010. last week I moved from sp2 RU6 to sp3 rtm. I then manually installed RU6 for sp3. the correct verison numbers are being displayed in the EMC under Help>About Exchange Server 2010 (it shows version 14.03.0195.001) I
verified the version numbers on this site -
http://social.technet.microsoft.com/wiki/contents/articles/240.exchange-server-and-update-rollups-build-numbers.aspx
My question is, in WSUS, it shows that all my servers with exchange on them, (a management server with the EMC only, 2 exchange servers for the DB, a CAS server and a DR exchange server) need SP3 RU2.
1) Will this disrupt the current SP3 RU6 installation?
2) Would it be better to just decline the SP3 RU2 update in WSUS?
3)Should I just proceed with the installation and see what happens?
If I am on the wrong forum, please let me know.
thanks
Ian
IanHi
I prefer doing rollups by downloading the file and installing it on the server from an elevated prompt.
Deploying it with WSUS always leaves room for error.
Rather manually download the file and plan the installation.
Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Securing publishing exchange 2010 OWA and ActiveSync with WAP 2012
Hello,
my client have the following environment:
Exchange 2010 sp3
AD 2003
we want to secure activesync and owa by using reverse proxy. TMG/UAG life ends 2015, then we study WAP 2012 and ADFS 3.0. the difficulties is there is not enough experience feedback, specially for this environnement.
Is there any incompatibility ?
do you know good articles and blogs which address this issue ?
Thanks in advanceAre any other options available since posting in June 2014? Specifically for securing ActiveSync connections from smartphones on the Internet. We are running Exchange 2010 in AD 2008
TMG has already transitioned from mainstream to extended support. Not only is there less support now, to my understanding there is still a licensing cost for this product. Paying for a product at EOL seems inadvisable.
Web Access Protocol (WAP) looked like the right choice, but to secure communications from domain users on unknown devices over the Internet requires Exchange 2013 which is "claims aware". Exchange 2010 is not and what we are left with is
configuring WAP in pass-thru mode, allowing unauthenticated Internet traffic into our internal network where the Exchange CAS server is.
Is there any Microsoft solution to authenticate the user before allowing the user's device to connect to our CAS server on our internal network. -
Exchange 2010 OWA and ASA5510 - Wrong URL?
I'm in the final steps of migrating my customer's Exchange server from Exchange 2003 to Exchange 2010. I've got all the mailboxes moved and am testing the OWA access. Under Exchange 2003, the internal/external users were able to access OWA thru the following URL:
http://mail.mycustomer.org/exchange
It would pop up a login box, they'd put in their domain info and get connected to their mailbox.
After migrating to Exchange 2010, the user had to change the URL to httpS://mail.mycustomer.org/exchange or httpS://mail.mycustomer.org/owa, but it worked internally. When I test it externally, I get the following page:
https://mail.mycustomer.org/+CSCOE+/wrong_url.html
I have next to no experience with Cisco devices, management, and/or maintenance, but what I've found in my research points to an issue w/ our ASA5510 and the port 443 required by the SSL connection to the Exchange server. Any help to resolve this issue so that my external users will be able to access OWA would be greatly appreciated. Thanks.Hi,
Can you check the output of the following commands
show run http
show run webvpn
These are basically the 2 services that utilize the port TCP/443 port on the ASA.
The first commands output will show some settings related to the ASDM which is the GUI for the ASA management. The second command output will show settings related to the SSL VPN.
Both of these services can be modified to use some other port than TCP/443 which would leave the port free for your server.
I assume that you only have one public IP address at your disposal which is configured on the ASA interface and you have no extra public IP address? Otherwise this should be no problem at all.
Naturally if you change the port on ASDM or SSL VPN it will cause some inconvinience for users of those services. Ofcourse you have the option to map the local TCP/443 port of the server to some other public port like TCP/444 but again this might cause inconvinience to the users also.
- Jouni
Maybe you are looking for
-
Hi, I love Bberries--ever since I got to use one at work; I don't recall that model but it was about 7 or so years ago. I never had to charge it so much; and the keys were much larger. I am very disappointed. Any input greatly appreciated. I am pay
-
Does Lightroom 4 support RAW files from the Sony RX 100 camera? ( Important as my wife is considering buying me one of these cameras for my birthday! )
-
How to remove F4 Help index from BWA
I have a problem where a very large master data object is indexed onto BWA. It appears that whenever a user selects the F4 Help for this master data object that the BWA blade that the query is running on runs out of memory and the blade needs to be
-
After restoring my 4S to unlock it, when I insert a new sim card is asking me for the pin number. Where do I find this number
-
First. Gen appletv won't sync with my computer. Since I upgraded to loin
Since I upgraded to lion my first gen apple tv will not always snyc with iTunes on my computer