http://www.ISAserver.org ------------------------------------------------------- Have you considered a caffeine 12-step program? 1. what is the "custom app"? IOW, where did you get it and what is it supposed to be doing "on port 57017"? 2. in the "classic SBS config", there is only one rule allowing "everything"; it does so for "authenticated users" and this requirement cannot be satisfied by a non-HTTP app running on the ISA itself. 3. what are the details of the rule you created to support this "custom app"? 4. mind clarifying "svchost/Automatic updates issue"? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny Sent: Monday, May 14, 2007 2:17 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] 0x800733f5 error & order of polices issue A custom app running (classic SBS config) on the server that requires TCP 57017 access through the firewall to an Internet-based IP cannot connect; the following shows up in the ISA monitoring: Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 0.0.0.0 SRV - TCP - - 59628 0 0 0 0x800733f5 0x0 0x0 Firewall 5/14/2007 4:41:29 PM 142.123.123.123 57017 VE Update Denied Connection SBS Internet Access Rule 172.16.100.2 Local Host External - - 0.0.0.0 SRV - TCP - - 59628 0 0 0 0x800733f5 0x0 0x0 Firewall 5/14/2007 4:41:32 PM 142.123.123.213 <http://142.123.123.213> 57017 VE Update Denied Connection SBS Internet Access Rule 172.16.100.2 Local Host External - - I have this custom protocol-base policy with free reign to the Internet anonymously to isolate the problem, but I still get denied by the last policy in the list. I have searched ISA help, support.microsoft.com, microsoft.com, and http://msdn2.microsoft.com/en-us/library/ms812624.aspx . Am I asking too much from Microsoft? And is this TCP 57017 dependent app $hitware or what! Did I mention that I am having lots of fun dealing with the svchost/Automatic updates issue which Microsoft royally f***** up on for millions of customers! Thanks! ...D All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx