Stratus tunneling over ports 443 and/or 80

Similar Messages

• IE Traffic being forced to tunnel via port 443

  I have a Windodws 2008 R2 server that has been in production for over 2 years.  It is a Hyper-V host running five 2008 R2 guests.  Everything wasw running fine until a couple of weeks ago when I installed the latest HP firmware and drivers. 
  Since then, Internet Explorer cannot open any website except
  www.google.com.  After uninstalled IE9 and then installing IE10 there was no change.  I've scanned the server with malwarebytes and HiJackThis.  No problems found.  I reset IE and reset the TCP/IP stack.  No change.  I removed
  McAfee AV and I'm now able to access google and one other site.  I then installed Fiddler and looked at what is happening and it appears that most websites are trying to tunnel using port 443 rather than using the typical port 80.  I'm not sure how
  to interpret this.  I know name resolution is working and can ping the sites I'm trying to reach.  If I go to a standard site, say
  www.yahoo.com, the IE window stays blank but if I go to Tools/View Source it appears I'm looking at the HTML from the target site.  Below is a summary of the Fiddler output when I tried to go to yahoo.com.  Any help
  is greatly appreciated as I am all out of ideas.
  Thanks,
  Joe
  # Result Protocol Host URL Body Caching Content-Type Process Comments Custom 
  1 301 HTTP fiddler2.com /UpdateCheck.aspx?isBeta=False 0 no-cache  fiddler:4916   
  2 200 HTTP www.telerik.com /updatecheck.aspx?isBeta=False 620 private text/plain; charset=utf-8 fiddler:4916   
  3 301 HTTP www.yahoo.com / 212 no-store text/html iexplore:728   
  4 200 HTTP Tunnel to www.yahoo.com:443 0   iexplore:728   
  5  -  HTTP crl.geotrust.com /crls/secureca.crl -1   iexplore:728   
  6 200 HTTP Tunnel to www.yahoo.com:443 0   iexplore:728   
  7 200 HTTP Tunnel to iecvlist.microsoft.com:443 0   iexplore:5104   

  Found that the problem was somewhere in the Windows firewall.  Although I had stopped the firewall service during testing something remained hooked in.  Another attempt at shutting off the firewall and then starting it again seems to have resolved
  the problem.  This makes no sense but I'm not arguing with the results.  Thanks everyone for your help.

• Port 443 and 80 are blocked in FolderShare

  Hi,
  I'm using FolderShare to sync my iMac with a WinXP laptop, but it only works one-way. The Mac dosn't accept any connections from the laptop.
  In the settings for FolderShare i can see that port 443 and 80 are blocked. I have tried port forwarding these ports to my static ip, but it dosn't work on the mac. FolderShare support says that this a mac problem, so i guess i have to open these ports somehow. Can you help?
  I don't have the OSX firewall enabled.

  No, it really shouldn't be the router, if you're both on the same side. Except...it seems that this foldershare might be using a proxy to work its magic.
  (check router for any firewall settings, and disable them during this testing.)
  I was able to make this work on a mac>PC and PC>mac on the same side of the router, but the folderShare settings test also told me that ports were blocked. (it still worked)
  You know...I would probably start file sharing, and possibly web sharing. I have both those enabled on my little mini-mac. Enable those in the sharing tab, leave the firewall alone for now.

• Ichat is not working.  tried using port 443 and still does not work

  ichat not working.  tried using port 443 and i stay on for about 45 seconds then it disconnects.  Can you help?

  HI,
  Can you tell me the make and model of your routing device.
  The 10 Second error message is caused by a break in the connection.
  This could be the Wifi being dropped (if you are using WiFi) due to interference from other nearby routers.
  It can be dues to setting or features of the router and if the experience has changed that could be due to a speed increase in your internet service.
  If you are using Ethernet and having this issue it is much more likely to be a setting/feature issue.
  Examples.
  Netgears.  These have a separate WAN set up page that lists either DoS or SPI as one of the things that can be Enabled or Disabled.
  Linksys.  If your model has a Security tab and this has  Firewall then DoS and SPI are port of this.
  Netopia devices Tend to have a 4 level Firewall which DoS and SPI are part of the two highest settings.
  DoS = Denial Of Service and is a Threshold based "Protection" Feature.
  it judges whether too much data is being sent to you  (it was designed originally to stop people overloading Web Servers (many people, many refreshes).
  iChat can outstrip the setting with most Internet Connections in most part of the world.  (In fact iChat can send more data than most Video Streaming sites)
  One thing you can do that may get around this is to reduce the Bandwidth used in iChat (iChat Menu > Preferences > Video Section > Bandwidth Limit drop down)
  Try 500kbps
  10:07 PM      Wednesday; November 23, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.2)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• USB redirect over port 443 only

  I've done a little research on this issue, according to VMware (At least what I've read) there are 2 ports on our firewall which need to be opened to allow usb redirect, is there anyway to do this over 443 ONLY?
  cheers,
  -Steve

  If you use PCoIP you need at least 3 ports open, 443/TCP, 4172/TCP, 4172/UDP.
  That will also allow for USB redirection that is tunneled through 443 to the security server.
  If you are using RDP then I think that only 443 is needed.
  // Linjo

• IP Virtual Host w/SSL serving on port 80 and 443

  We have an OS 10.3.8 system and we've configured several virtual hosts using the system admin panel. One IP has several hosts on it. We have a seperate IP with one virtual host on it since it is running SSL. I have it configured for port 443 and I have all the security certificates installed OK. The site operates correctly over HTTPs. If I try to access it with standard HTTP I get a service not available error (which makes sense since server admin sets the config files to port 443 ... not 80).
  The only way I can get it to work is to add another virual host in server admin running on that IP at port 80. Unfortunately, that means it will be logged seperately (which I don't really want it to do). What do I need to change to get a single virtual host on a specific IP to respond correctly to both 443 and 80 using the file layout generated by server admin (I can modify them manually)?
  Thanks in advance ...
  Tom

  >The only way I can get it to work is to add another virual host in server admin running on that IP at port 80.
  That's correct. That's how you run a site as both HTTP and HTTPS - they're two sites.
  > Unfortunately, that means it will be logged seperately
  Why? You can set both sites to use the same log file and their hits will be combined in a single file.
  > What do I need to change to get a single virtual host on a specific IP to respond correctly to both 443 and 80 using the file layout generated by server admin (I can modify them manually)?
  You can't, but if your issue is the logging, my answer above should take care of that.

• Does eprint software communicate with computer it is installed on using port 443?

  I have eprint installed with laserjet 551 dn color printer. My computer has 64 bit windows 7 installed. My firewall had issues with the software when https inspection was turned on (Microsoft Forefront TMG). If I exclude the printer client(IP address of printer) and the domain name of *.hpeprint.com the software will connect. After a number of days the connection is lost and can be restored for a few days again by disabling https inspection and refreshing at the hpeprint center. It is likely the eprint software is trying to communicate with my computer over port 443. Does anyone have information on this? If details are available a listener could be set up for the protocol on the firewall to mantain the connectivity without disabling https inspection.

  The ePrint Software (www.hp.com/go/eprintsoftware) operates on the following
  Print job communication and transfer:
  ● Print jobs are transfered from the HP ePrint Software to the HP cloud eprintcenter.com through HTTPS (Oauth
  authentication).
  NOTE:  if you are sending emailed print jobs (ie- not using ePrint Software) eprintcenter.com would accepts the SMTP print jobs, which depending on your setup might leave your host via POP3, IMAP, etc
  ● The HP cloud sends notification to the HP web enabled ePrint device of the pending print request through XMPP—an
  XML-based messaging procedure.
  ● The Web-connected printer authenticates to HP ePrintcenter cloud to receive the pending ePrint requests in queue. The
  ePrint device establishes an HTTPS connection and downloads the job(s)
  Though I am an HP Employee, my posts express my opinion, and not of HP

• 7.3.2 Default Host and Ports 995 and 587

  Firmware 7.3.1 broke default host completely. This problem only seems to have been partially fixed with firmware 7.3.2.
  In my limited testing, while ports 22, 80, 443, and 5900 seemed to be routed to the specified default host, ports 587 (SMTP using SSL) and 995 (POP using SSL) weren't. They had to be specified under the NAT setting. (The certs are not self-signed.)
  Rather than wonder which of the 65535 ports might not be working as they should under default host I just went back to firmware 7.2.1.
  Has anyone had success with default host over ports 587 and 995 in 7.3.2?

  I think you mean 7.2.3!
  Anyway, you're right, you need UB versions of your plugins to work on Intel Macs.
  I believe that BFD is now UB, you need auto-tune 5 to get a UB version, likewise Guitar Rig 2. Not sure about Analog Factory. Google is your friend here. You might well need to pay for these upgrades, but see them as functional updates as well as a matter of compatability.
  I can see that people might get frustrated about this, but there's no way round it. Still, it's all part of the package. And neither is it a matter of keeping your host software current, it's about keeping your host hardware up to date. Any Intel Macs need UB software. Admittedly, you could try running in Rosetta, but I reckon that the reason why your plugins won't load is because if they bothered, your system would be so slow you wouldn't be able to get anything productive done at all. Consider it an investment, the extra power from the Intel machines is well worth the cost of the upgrades IMHO...

• Non SSL website on port 443

  Hi, I have a non-SSL website running on port 443. When I access this website using Chrome or IE it works just fine, but Firefox can't seem to accept what I have done. All browsers on the same machine and using the same web proxy.
  I access the website as http://xyz:443.
  Just a bit of background info as to why I need this. Where I work I can only access ports 443 and 80 via the web proxy. I have two distinct websites running on a couple of devices at home behind a very config-wise limited router which has ports 80 and 443 redirected to these hosts. There is no way for me to setup two port forward rules on port 80 to two different devices. I cannot setup SSL on either of the websites.
  Regardless of options that could exist to overcome my particular issue, I would like to check if you guys know how to make Firefox work with a website running on port 443 whilst not having a certificate assigned to it.
  Firefox 32.0.3
  Error message:
  The connection was reset
  The connection to the server was reset while the page was loading.
  The site could be temporarily unavailable or too busy. Try again in a few moments.
  If you are unable to load any pages, check your computer's network connection.
  If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

  What type of ssl are you running? [https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/]
  You can somehow remove the Strict-Transport-Security header or if there is a feature that forced encryption but by default https uses 443 for encryption. I do not know if this is possible.

• Port 443 used by another web site

  All was working well with my evaluation of 2012E. I was able to log on the the access anywhere website. Now the service stopped working and if I try to start the "default website" I get an error message that another website may be using port 443
  and it will not start. I checked the bindings on all the stock sites and none used 443 except the default site. I am able to vpn to the server with no issues. I tried messing with the Cert and that did not help. I have probably tweaked things trying to fix
  it that has made it worse. I can see nothing else using 443. I read about the folder share issue but the service is not on the service list. I would like to be able to turn back the clock but that option is not available.
  Thanks, Ckshan

  In PowerShell run this:
  Import-Module WebAdministration
  Get-ChildItem IIS:\Sites
  Post back the result.
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Linksys WRT300N Open port 443, Lease Time

  Hello. Definite Newbie here.
  I have my router's IP address up on my browser and I was wondering how to open port 443 and to make my "Lease time" at its maximum. Can someone help me?
  Thanks in advance.
  Erik

  pen an Internet Explorer browser page on a computer hard wired to the router...In the address bar type - 192.168.1.1...Leave the Username blank & in Password use admin in lower case...
  Once you login to the setup page of your Router, under the setup tab below change the DHCP Client lease time from to 0 to any number to increase the lease time.
  Then click on the "Application and Gaming" tab and below click on the sub tab "Port Forwarding" and below in the Application name type any name and then in the Start Port and End Port type the Port number and select the Protocol and input the IP address on which you want to Forward the Port and check the box and click on save settings..
  You can follow this link and it will help you in forwarding the port on your router.

• Remote Connectivity Analyzer opens port 443 successfully but fails.."Net. conn. not available"

  Trying to set up a client with external access.  I just got their Edge off the domain and in the DMZ, and supposedly the appropriate firewall ports are opened. They have a RP running IIS ARR.
  Microsoft Remote Connectivity Analyzer (testconnectivity.Microsoft.com) does the following for three tests:
  1.  When I do Lync Server Remote Connectivity Test and choose Autodiscover, it is able to open port 443 and it validates the cert.  But it says "Operation failed because the network connection was not available". 
  2.  When I do the same Lync Server Remote Connectivity Test and manually enter the Access Edge service FQDN and choose port 5061, it is able to resolve the name in DNS but it then fails testing TCP port 5061 with "The specified port is either blocked,
  not listening, or not producing the expected response".
  3.  When I do the Lync Autodiscover Web Service Remote Connectivity Test, it fails when trying to open port 443 on the Lyncdiscover URL.
  So, that seems to indicate to me that port 443 might be open on the Edge but not the Reverse Proxy, since that's where the autodiscover URL points.  And it seems 5061 is not open but 443 is on the Edge.  What else could I check on the Edge to get
  443 working?
  Thanks for the help and sorry for any vague information.  Any help is appreciated!
  Brandon

  Okay, I can now telnet to lyncdiscover.mydomain.dom on port 443 successfully, and I can telnet to sip.mydomain.com on 5061 successfully. 
  Now when I do the remote connectivity test:
  Using Autodiscover to detect server settings, I get "Operation failed because the network connection was not available". It opens port 443 fine it looks like.
  Manually choosing lync.mydomain.com as the FQDN and port 5061, I get "The endpoint was unable to register.  See the ErrorCode for specific reason".  Response code is 504 and response message is Server Time-out
  Doing the Lync Autodiscover Web Service Remote Connectivity Test I get "HTTP 403 error was received because ISA server denied the specified URL".
  Looks to me like a rule might not be set right on the firewall if ISA is denying the connection, right?(they are using TMG on a server running Server 2008 as the firewall).  I can't ping the reverse proxy from the firewall (but I can ping the Edge). 
  What else can I check?
  Thanks for all the help so far, I really appreciate it.
  Brandon

• How can I set up a WD My Cloud with my Airport Extreme - I can't get it to open ports 80 and 443?

  For remote internet access to the WD My Cloud Mirror, I have been advised that ports 80 and 443 must be open in order to reach the WDMyCloudMirror.  My Motorola Gateway (Surfboard SB6141) is connected directly to my Airport Extreme (WAN port) which is in turn connected to the WDMyCloudMirror (all by ethernet cables).  I do not have FULL instructions on how to properly manually configure the Airport Extreme to open the ports.  I have tried an earlier posting which provides many of the steps, but not all of the required information is included (how to determinge the IP address to be assigned, etc.).  I did the best I could with the information given, but the test using "YouGetSignal" showed the ports as still closed and attemps to reach the WDMyCloudMirror by the internet failed as well (of course).  The WDMyCloudMirror has enough Apple "stuff" included in it (software, I suspect) that an Apple legal acceptance is required for its set-up, yet Western Digital Tecnical Support is unable (or unwilling?) to help with this aspect of its configuration required to work within the Airport Extreme environment.  I have returned the WD My Cloud Mirror to Amazon as "not able to work", but I have not given up the hope that I can eventually get the ports open so that I can get this cloud device, or one similar, to permit remote internet access.

  Port Forwarding.....or Port Mapping....as Apple calls it is a difficult and complex configuration method for most users. Because there are so many variables involved in this type of setup, it is not possible to provide a step by step guide that will work for everyone with all devices.
  It is possible that a setup guide exists for the the WD drive and AirPort Extreme, but you will have to go looking for it on the Internet. Even if you find one, it may not be tailored to your specific situation or needs.
  Sometimes, you can do everything right....at least according to someone's article or "how to" guide, and things still will not work correctly.
  In situations like this, when you really don't know what to do, you need to enlist the aid of an IT pro, who will know what to do based on your particular products and unique circumstances. Sometimes....they won't be able to get things working either due to particular circumstances.
  But, before you do this, I would strongly recommend that you use a Static IP address for your Internet connection with your ISP. If you do not have this now, contact them to ask them if they offer this type of connection. Expect to pay more for this type of service, of course.

• How can I make the web server work on port 80 and not 443. I can only access my website using https.

  On a Mac Mini server with OS X Lion 10.7.2, I am unalbe to get the web server working on port 80. It switches automatically to port 443 (https).
  This situation complicates the access to FileMaker Web publishing, as I don't want my clients having to use https.
  How can I change that? Does anyone know?
  Thanks for any reply

  in the server: I checked the SSL certificate. Tried several configuration.
  Well, that's a problem for a start.
  Your port 80 connection should NOT use SSL. Port 80 is the standard HTTP port, not HTTPS and most applications that connect to port 80 will not expect to use SSL
  If you want to run a site under both HTTP and HTTPS then you create two sites, one on port 80 without SSL and one on port 443 with SSL

• Windows 2008 Server contacting multiple public IP on port 80 and 443

  Windows 2008 Server contacting multiple public IP on port 80 and 443
  Source : Microsoft Lync 2010
  Port : 80
  Destination : unknown.prolexic.com
  Source : Internet Explorer
  Port : 80
  Destination :a-0001.a-msedge.net
  Source : Internet Explorer
  Port : 443
  Destination :204.79.197.200
  Is this virus? how to stop the same?

  Org name of the IP shows Microsoft Corporation
  Since its hits on firewall , i will have to stop the same 
  but not sure for what its being contacted to these Ips
  OrgName:        Microsoft Corporation