Forum Discussion
Solved
SFB Webticket Service - wrong tcp port (4443)
Hi
A login form external with the SFB Client takes a very long time. Also we can not use the SFB Web App from external. That is caused of a wrong tcp port 4443, which get published via the webticket Service
To get a webticket from external we can start with the following url
- https://lwsex02.contoso.com/webticket/webticketservice.svc/mex
- we get an xml File
And then the client tries to reach the webticket Service by tcp port 4443, which obviously does not work. How can I change this tcp port. I have checked the topoloy for the external webservice. The listening ports are 8080 / 4443 and the published ports are 80 / 443
I have checked this behavior with netmon and fiddler and have no idea why port 4443 gets used.
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="WebTicketService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://tempuri.org/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><wsp:Policy wsu:Id="WebTicketServiceMachineCert_policy"><wsp:ExactlyOne><wsp:All><sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/></wsp:Policy></sp:TransportBinding><sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:RequireThumbprintReference/><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token><sp:SignedParts><sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/></sp:SignedParts></wsp:Policy></sp:EndorsingSupportingTokens><sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:MustSupportRefThumbprint/></wsp:Policy></sp:Wss11><sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:MustSupportIssuedTokens/><sp:RequireClientEntropy/><sp:RequireServerEntropy/></wsp:Policy></sp:Trust10><wsaw:UsingAddressing/></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="OAuth_policy"><wsp:ExactlyOne><wsp:All><af:OAuth xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><af:Binding xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout></wsp:Policy></sp:TransportBinding></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="WebTicketServiceAnon_policy"><wsp:ExactlyOne><wsp:All><af:AnonAuthentication xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><af:Binding xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Lax/></wsp:Policy></sp:Layout></wsp:Policy></sp:TransportBinding><sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssUsernameToken10/></wsp:Policy></sp:UsernameToken></wsp:Policy></sp:SignedSupportingTokens><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy/></sp:Wss10></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="WebTicketServiceWinNegotiate_policy"><wsp:ExactlyOne><wsp:All><http:NegotiateAuthentication xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"/><af:Binding xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout></wsp:Policy></sp:TransportBinding></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="WebTicketServiceCert_policy"><wsp:ExactlyOne><wsp:All><af:Binding xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Strict/></wsp:Policy></sp:Layout><sp:IncludeTimestamp/></wsp:Policy></sp:TransportBinding><sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:RequireThumbprintReference/><sp:WssX509V3Token10/></wsp:Policy></sp:X509Token><sp:SignedParts><sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/></sp:SignedParts></wsp:Policy></sp:EndorsingSupportingTokens><sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:MustSupportRefThumbprint/></wsp:Policy></sp:Wss11><sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:MustSupportIssuedTokens/><sp:RequireClientEntropy/><sp:RequireServerEntropy/></wsp:Policy></sp:Trust10><wsaw:UsingAddressing/></wsp:All></wsp:ExactlyOne></wsp:Policy><wsp:Policy wsu:Id="WebTicketServiceAuth_policy"><wsp:ExactlyOne><wsp:All><af:FormsAuthentication xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><af:Binding xmlns:af="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:TransportToken><wsp:Policy><sp:HttpsToken RequireClientCertificate="false"/></wsp:Policy></sp:TransportToken><sp:AlgorithmSuite><wsp:Policy><sp:Basic256/></wsp:Policy></sp:AlgorithmSuite><sp:Layout><wsp:Policy><sp:Lax/></wsp:Policy></sp:Layout></wsp:Policy></sp:TransportBinding><sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy><sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"><wsp:Policy><sp:WssUsernameToken10/></wsp:Policy></sp:UsernameToken></wsp:Policy></sp:SignedSupportingTokens><sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"><wsp:Policy/></sp:Wss10></wsp:All></wsp:ExactlyOne></wsp:Policy><wsdl:types><xsd:schema targetNamespace="http://tempuri.org/Imports"><xsd:import schemaLocation="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/mex?xsd=xsd0" namespace="http://schemas.microsoft.com/Message"/><xsd:import schemaLocation="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/mex?xsd=xsd2" namespace="urn:component:Microsoft.Rtc.WebAuthentication.2010"/><xsd:import schemaLocation="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/mex?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/><xsd:import schemaLocation="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/mex?xsd=xsd3" namespace="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/></xsd:schema></wsdl:types><wsdl:message name="IWebTicketService_IssueToken_InputMessage"><wsdl:part name="rst" type="q1:MessageBody" xmlns:q1="http://schemas.microsoft.com/Message"/></wsdl:message><wsdl:message name="IWebTicketService_IssueToken_OutputMessage"><wsdl:part name="IssueTokenResult" type="q2:MessageBody" xmlns:q2="http://schemas.microsoft.com/Message"/></wsdl:message><wsdl:message name="IWebTicketService_IssueToken_OCSDiagnosticsFaultFault_FaultMessage"><wsdl:part name="detail" element="q3:OCSDiagnosticsFault" xmlns:q3="urn:component:Microsoft.Rtc.WebAuthentication.2010"/></wsdl:message><wsdl:portType name="IWebTicketService"><wsdl:operation name="IssueToken"><wsdl:input wsaw:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" message="tns:IWebTicketService_IssueToken_InputMessage"/><wsdl:output wsaw:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal" message="tns:IWebTicketService_IssueToken_OutputMessage"/><wsdl:fault wsaw:Action="http://tempuri.org/IWebTicketService/IssueTokenOCSDiagnosticsFaultFault" name="OCSDiagnosticsFaultFault" message="tns:IWebTicketService_IssueToken_OCSDiagnosticsFaultFault_FaultMessage"/></wsdl:operation></wsdl:portType><wsdl:binding name="WebTicketServiceMachineCert" type="tns:IWebTicketService"><wsp:PolicyReference URI="#WebTicketServiceMachineCert_policy"/><soap:binding transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="IssueToken"><soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output><wsdl:fault name="OCSDiagnosticsFaultFault"><soap:fault name="OCSDiagnosticsFaultFault" use="literal"/></wsdl:fault></wsdl:operation></wsdl:binding><wsdl:binding name="OAuth" type="tns:IWebTicketService"><wsp:PolicyReference URI="#OAuth_policy"/><soap:binding transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="IssueToken"><soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output><wsdl:fault name="OCSDiagnosticsFaultFault"><soap:fault name="OCSDiagnosticsFaultFault" use="literal"/></wsdl:fault></wsdl:operation></wsdl:binding><wsdl:binding name="WebTicketServiceAnon" type="tns:IWebTicketService"><wsp:PolicyReference URI="#WebTicketServiceAnon_policy"/><soap:binding transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="IssueToken"><soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output><wsdl:fault name="OCSDiagnosticsFaultFault"><soap:fault name="OCSDiagnosticsFaultFault" use="literal"/></wsdl:fault></wsdl:operation></wsdl:binding><wsdl:binding name="WebTicketServiceWinNegotiate" type="tns:IWebTicketService"><wsp:PolicyReference URI="#WebTicketServiceWinNegotiate_policy"/><soap:binding transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="IssueToken"><soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output><wsdl:fault name="OCSDiagnosticsFaultFault"><soap:fault name="OCSDiagnosticsFaultFault" use="literal"/></wsdl:fault></wsdl:operation></wsdl:binding><wsdl:binding name="WebTicketServiceCert" type="tns:IWebTicketService"><wsp:PolicyReference URI="#WebTicketServiceCert_policy"/><soap:binding transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="IssueToken"><soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output><wsdl:fault name="OCSDiagnosticsFaultFault"><soap:fault name="OCSDiagnosticsFaultFault" use="literal"/></wsdl:fault></wsdl:operation></wsdl:binding><wsdl:binding name="WebTicketServiceAuth" type="tns:IWebTicketService"><wsp:PolicyReference URI="#WebTicketServiceAuth_policy"/><soap:binding transport="http://schemas.xmlsoap.org/soap/http"/><wsdl:operation name="IssueToken"><soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" style="document"/><wsdl:input><soap:body use="literal"/></wsdl:input><wsdl:output><soap:body use="literal"/></wsdl:output><wsdl:fault name="OCSDiagnosticsFaultFault"><soap:fault name="OCSDiagnosticsFaultFault" use="literal"/></wsdl:fault></wsdl:operation></wsdl:binding><wsdl:service name="WebTicketService"><wsdl:port name="WebTicketServiceMachineCert" binding="tns:WebTicketServiceMachineCert"><soap:address location="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/MachineCert"/><wsa10:EndpointReference><wsa10:Address>https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/MachineCert</wsa10:Address></wsa10:EndpointReference></wsdl:port><wsdl:port name="OAuth" binding="tns:OAuth"><soap:address location="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/OAuth"/></wsdl:port><wsdl:port name="WebTicketServiceAnon" binding="tns:WebTicketServiceAnon"><soap:address location="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/Anon"/></wsdl:port><wsdl:port name="WebTicketServiceWinNegotiate" binding="tns:WebTicketServiceWinNegotiate"><soap:address location="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc"/></wsdl:port><wsdl:port name="WebTicketServiceCert" binding="tns:WebTicketServiceCert"><soap:address location="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/cert"/><wsa10:EndpointReference><wsa10:Address>https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/cert</wsa10:Address></wsa10:EndpointReference></wsdl:port><wsdl:port name="WebTicketServiceAuth" binding="tns:WebTicketServiceAuth"><soap:address location="https://lwsex02.contoso.com:4443/WebTicket/WebTicketService.svc/Auth"/></wsdl:port></wsdl:service></wsdl:definitions>
Michael Tressler Many thanks - We had to reconfigure the WAP Reverse Proxy. Especially the
Set-WebApplicationProxyApplication -id <application_ID> -DisableTranslateUrlInRequestHeaders:$true helped us.
Best Regards
- Michael Tressler
Microsoft
It sounds like you don't have a reverse Proxy. Port 4443 is the expected port when accessing Web features externally.
https://blogs.perficient.com/2015/06/19/skype-for-business-reverse-proxy-101/
https://devcentral.f5.com/s/articles/troubleshooting-lyncskype-for-business-reverse-proxy
http://blog.chrislehr.com/2015/06/skype-for-business-lync-2013-skype.html
Michael Tressler Many thanks - We had to reconfigure the WAP Reverse Proxy. Especially the
Set-WebApplicationProxyApplication -id <application_ID> -DisableTranslateUrlInRequestHeaders:$true helped us.
Best Regards
Michael Tressler thank you for the answer.
We use Micrsofot WAP as a proxy servern and all URL's are configured for pass-through and Port redirction from 443 to 4443
- https://lwsex02.contosco.com -> https://lwsex02.contoso.com:4443
We will check the configuration again to see If we can find a missconfiguration.
Best Regards - Bueschu
