logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
cwturner2  
#1 Posted : Wednesday, January 25, 2017 7:50:51 PM(UTC)
cwturner2


Rank: Guest

Joined: 1/25/2017(UTC)
Posts: 1
Location: Kansas

Confused
We have a server located in our DMZ. This server hosts our web server and services. We are attempting to make our Screen Connect available externally for support issues; however, I do not wish to operate of 8040, and 8041. I want to use 443 for web, and 80 for relay.

When I attempt to run the SSL Configuration I receive the following error when I attempt to add our SSL

"There was a problem binding the certificate to port 443. A certificate has already been bound to 0.0.0.0:443"

I am assuming that this is because on this server I also host IIS, which has several sites that use 443, with a wildcard certificate. They are able to resolve which site goes where by header information for SSL.

After talking with support, apparently this is something they do not support. Mad
Not sure why this isn't built and deployed with 443 / 80 by default, but oh well.

Has anyone been able to set this up running on a server that also hosts IIS, and other SSL Sites?

I would rather not have to setup a completely different External IP, Internal IP, Server, Etc. Just to host one application.

Thanks,
Michael L  
#2 Posted : Wednesday, January 25, 2017 9:33:50 PM(UTC)
Michael L


Rank: Administration

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 8/18/2015(UTC)
Posts: 56
Man
United States

Thanks: 4 times
Was thanked: 11 time(s) in 9 post(s)
Hi cwturner2,

Just a quick word of warning, I have a good high-level understanding of IIS' functions, but am by no means an expert. Please make sure you make a backup of your system (web.config file at the very least) so that changes can be reverted in case this causes problems.

1) I believe that forwarding the web and relay traffic can be accomplished in IIS with the Url Rewrite extension. You'll need 2 separate rules for this, one for web and one for relay.
https://www.iis.net/down...ds/microsoft/url-rewrite

Here's a guide I found on MSDN that goes through the setup process for it:
https://blogs.msdn.micro...oxy-for-real-world-apps/

You would keep SC listening on ports 8040 and 8041 in this scenario so that IIS has some place to forward the traffic to. You would then set IIS to listen on both ports 80 and 443 for traffic that's headed to your SC URL, and forward it internally to port 8040 for web traffic and 8041 for the relay traffic.

2) You will need to modify the following key in the web.config file to read the following way:

<add key="WebServerListenUri" value="https://yourservername.com:8040/" />

3) You'd also need to add the following 2 keys into your web.config file within the same section as the WebServerListenUri key to ensure that downloads and sessions continue to work:

<add key="WebServerAddressableUri" value="https://yourservername.com/" />
<add key="RelayAddressableUri" value="relay://yourservername.com:80/" />

4) I'm not sure that step 4 is actually required, so test before you do step 4 to see if it works. If you get SSL/security errors when testing, try the following:

Manually bind the SSL certificate to port 8040.
https://help.screenconne...L_certificate_on_Windows

Your cert is already installed, so binding on a different/non-standard port is easy. You can run the following command in an elevated command prompt to get the certificate hash:
netsh http show sslcert

Then, bind the cert to 8040 using the command:
netsh http add sslcert ipport=0.0.0.0:8040 certhash=replace_with_the_hash appid={00000000-0000-0000-0000-000000000000}

5) Final note - the relay service listens separately and doesn't interact with the web service. Relay traffic is entirely TCP based, which may need to factor into your rules when setting up the application routing in IIS, while the web traffic uses the https protocol (of course).
ConnectWise Control (ScreenConnect) Support Team
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.