By default ISA Server and Threat Management Gateway (TMG) 2010 Server allow SSL Tunnel over port 443 only. If we try to access HTTPS traffic on other then 443 port, we face following error:
HTTP/1.1 502 Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.)
Following Screenshot shows this error in Real Scenario:
To resolve this error, we need to add custom port in Windows Registry, as ISA and TMG Servers use Windows Settings for port ranges. Download Scripts given below and Edit/Add port in them and execute as follows:
The Add TP Range Script (tpportadd.vbs):
– Edit this script, change ports from “8443” to your desired ones in it:
Dim tpRanges
Dim newRange
Set root = CreateObject(“FPC.Root”)
Set tpRanges = root.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set newRange = tpRanges.AddRange(“SSL 8443“, 8443, 8443)
tpRanges.Save
– In this script:
NOTE: (“The name” , The START port number, the end port number)
– Change port in all three locations highlighted in RED colour.
– Save this script somewhere, Recommended: at C:\
