Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

SCIII and Windows ISA Server

SC <-> Proxy <-> Repeater <-> Proxy <-> Viewer
Post Reply
viktorp
Posts: 5
Joined: 2006-01-17 15:17

SCIII and Windows ISA Server

Post by viktorp »

Hello,

we are using SCIII for a month, with really great success, no linux or router firewalls makes problem now. We have a public IP, where the distributer5.exe runs as service.

But now has a client with ISA server, where the sciii simply exits. They have proxy http on 8080 and the 443 port is opened. I contacted their admin, who made a half day investigation and said, that the sciii tries to connect with local port 1055 - remote port 443, and that is the problem. (what the heck is this?)

He opened the 443 port and other investigations, and said to me that where the ISA server is running, sciii does not connect. Everywhere else it works.

Does anyone knows why? Have some tips? What is this internal 1055 port? What else opened port does the sciii needs above the 443?

thanks for any info,

viktor
viktorp
Posts: 5
Joined: 2006-01-17 15:17

Post by viktorp »

Additionally the admin said, that by the logs: the application (sciii) needs authentication, what it dont get, therefore the ISA server closes the connection.

why checks the ISA the sciii's authentication, when it tries to connect to a remote ip?

something needed to be changed on the ISA?

viktor
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

SCIII can use an https proxy, a http proxy will normal not allow data transfer.
Is 8080 an https or http proxy ?

SCIII use local ports as interconnect between the different parts.

SCIII---->localhost to second thread of SCIII(1055)
second trhread is responsible for the proxy stuff (443)
Port 1055 (possible just something random and free) is only used on the local PC, and have no influence on the external communication.

SCIII use the settings specified in the iexplorer.
If he try to connect to port 443, a https proxy server is specified for iexplorer.

I guess the admin say, that the ISA server require auth for a connection.
For being able to use the ISA server you need to enter a user/passwd, this has nothing to do with vnc auth.
Possible, if the user first make a connection via the ISA (entering user/passwd), he will cache it for SCIII.

I'm not an ISA expert, perhaps some other people can give other hints.
viktorp
Posts: 5
Joined: 2006-01-17 15:17

Post by viktorp »

I have learnt some things about ISA at http://www.microsoft.com/technet/techne ... fault.aspx

I thought that ISA filters out winvnc, because it tries to connect to an ip, not to an url. then i modified the sciii to connect to url, but the result is the same.

the page above describes some different authentication and other method, how ISA filters the SSL connetcion. Which could interfere with vnc? What should i tell the admin to disable?

thx fo any info,

viktor
viktorp
Posts: 5
Joined: 2006-01-17 15:17

Post by viktorp »

Resolution is the following: we had to setup 3 exceptions to the ISA server:

1) had to allow the destionation IP
2) protocol route to allow the https protocol
3) site ip (where the sciii is launched) exception setup

sorry, this is the info from the admin, so i dont know more details, the important thing is that the ISA server needs additional exceptions to allow the sciii to work. I think it is because of the ssl bridging what the isa uses.


brgds,
viktor
davechivers
Posts: 3
Joined: 2005-03-29 03:08
Location: Brisbane, Australia

ISA client loaded?

Post by davechivers »

ISA has a software client sometimes loaded onto workstations. It was required in earlier versions, the recent ones have it as optional, so most administrators probably don't bother with it. I believe that loading the client software on the relevant workstation sometimes helps getting some Internet applications working, so it may be another workaround.
Post Reply