[isalist] Re: 0x800733f5 error & order of polices issue

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 14 May 2007 14:26:37 -0700

http://www.ISAserver.org
-------------------------------------------------------
  
Have you considered a caffeine 12-step program?

1. what is the "custom app"?  IOW, where did you get it and what is it
supposed to be doing "on port 57017"?
2. in the "classic SBS config", there is only one rule allowing
"everything"; it does so for "authenticated users" and this requirement
cannot be satisfied by a non-HTTP app running on the ISA itself.
3. what are the details of the rule you created to support this "custom
app"?
4. mind clarifying "svchost/Automatic updates issue"?

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Danny
Sent: Monday, May 14, 2007 2:17 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] 0x800733f5 error & order of polices issue

A custom app running (classic SBS config) on the server that requires
TCP 57017 access through the firewall to an Internet-based IP cannot
connect; the following shows up in the ISA monitoring:

Original Client IP Client Agent Authenticated Client Service Server Name
Referring Server Destination Host Name Transport MIME Type Object Source
Source Proxy Destination Proxy Bidirectional Client Host Name Filter
Information Network Interface Raw IP Header Raw Payload Source Port
Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code
Cache Information Error Information Log Record Type Log Time Destination
IP Destination Port Protocol Action Rule Client IP Client Username
Source Network Destination Network HTTP Method URL 
0.0.0.0    SRV -  TCP -      -    59628 0 0 0 0x800733f5   0x0 0x0
Firewall 5/14/2007 4:41:29 PM 142.123.123.123 57017 VE Update Denied
Connection SBS Internet Access Rule 172.16.100.2  Local Host External -
-
0.0.0.0    SRV -  TCP -      -    59628 0 0 0 0x800733f5   0x0 0x0
Firewall 5/14/2007 4:41:32 PM 142.123.123.213 <http://142.123.123.213>
57017 VE Update Denied Connection SBS Internet Access Rule 172.16.100.2
Local Host External - -

I have this custom protocol-base policy with free reign to the Internet
anonymously to isolate the problem, but I still get denied by the last
policy in the list. 

I have searched ISA help, support.microsoft.com, microsoft.com, and
http://msdn2.microsoft.com/en-us/library/ms812624.aspx . Am I asking too
much from Microsoft? And is this TCP 57017 dependent app $hitware or
what!

Did I mention that I am having lots of fun dealing with the
svchost/Automatic updates issue which Microsoft royally f***** up on for
millions of customers! 

Thanks!

...D



All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: