DOCUMENT:Q218471 05-AUG-2000 [iis] TITLE :ISM/MMC Does Not Work Through a Firewall PRODUCT :Internet Information Server PROD/VER:winnt:4.0 OPER/SYS: KEYWORDS:kbfaq ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server 4.0 ------------------------------------------------------------------------------- SYMPTOMS ======== The Internet Service Manager (ISM), which loads the Internet Information Server snap-in for the Microsoft Management Console (MMC) does not work through a firewall. CAUSE ===== This is by design. If the MMC ISM was configured to operate through a firewall using TCP port-based security alone, particularly by opening additional TCP ports, it could potentially expose sensitive configuration information to the Internet. The HTMLA uses TCP port 80, which is open on most firewalls for Web traffic and sites. HTTP and FTP are well defined by firewalls, which make these protocols more secure. RESOLUTION ========== To resolve this issue, do one of the following: Use HTMLA over SSL ------------------ Use the HTML version of the Internet Service Manager (also known as the HTML Administration or HTMLA) over SSL. This uses HTTP-based security, which will require additional configurations mentioned in the online documentation for the Windows NT Option Pack. -OR- Use the ISM MMC over PPTP ------------------------- Use Point-to-Point Tunneling Protocol (PPTP) to tunnel through the firewall. The ISM MMC can be used on the secure PPTP connection. This will also require additional configurations. MORE INFORMATION ================ The following error messages may occur when you attempt to specify TCP ports for the ISM MMC to use through a firewall: The World Wide Web Publishing Service service is starting. The World Wide Web Publishing Service service could not be started. A system error has occurred. System error 1721 has occurred. Not enough resources are available to complete this operation. (c) Microsoft Corporation 2000, All Rights Reserved. Contributions by Kevin Zollman, Microsoft Corporation. Additional query words: ====================================================================== Keywords : kbfaq Technology : kbiisSearch kbiis400 Version : winnt:4.0 Issue type : kbprb Solution Type : kbnofix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.