Re: AW: Online Banking Issues
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 26 Jun 2003 07:10:44 -0700
Does this SSL site use non-standard SSL ports?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Jeff Sloan" <jsloan@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 26, 2003 06:50
Subject: [isalist] Re: AW: Online Banking Issues
http://www.ISAserver.org
Sorry guys, not the answer.
I have no load balancing, I have only one route to the internet, and that is
through one ISA server ONLY.
As for the MTU size, if that were to work, it would not be a acceptable
solution for companies to have to go mess with the registry to get certain
sites to work.
Either the sites need to change to work with default machine settings or ISA
needs to provide a fix.
Now that you know I have no load balancing, any other ideas?
I have never made any changes to the ISA server concerning SSL, but other
sites work.
Jeff Sloan
Network Administrator
Cross Oil Refining & Marketing, Inc.
484 E. 6th St.
Smackover, AR 71762
Phone 870-864-8688
Fax 870-864-8689
Cell 870-866-9941
-----Original Message-----
From: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx]
Sent: Thursday, June 26, 2003 8:13 AM
To: ISALists
Subject: [isalist] Re: AW: Online Banking Issues
http://www.ISAserver.org
Funny I came to the same solution without reading that article ;-)
Additionaly my proxy configuration script even provides a kind of failover
which is not given by the script from the KB article. The KB article script
delivers ONE proxy. My version provides a LIST of proxies, including all
array members and the backup route causing the browser to try the whole list
if one proxy times out. See the example below:
// Exceptions to deactivate CARP
if (shExpMatch(host, "*.bankingdomain.de")||
shExpMatch(host, "*.bankingdomain.com"))
{
list = "";
for (i = 0; i < cNodes; i++) {
list = list + "PROXY " + Proxies[i].name + "; ";
}
list = list + BackupRoute;
return list;
}
You could also disable CARP for all SSL-Sites which causes less
administrative work and more friendly users ;-)
// Deactivate CARP for all HTTPS sites
if (url.substring(0, 6) == "https:") {
list = "";
for (i = 0; i < cNodes; i++) {
list = list + "PROXY " + Proxies[i].name + "; ";
}
list = list + BackupRoute;
return list;
}
Note that you have to insert above sections inside the FindProxyForURL
function...
Greets,
Christian
> -----Ursprüngliche Nachricht-----
> Von: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Gesendet: Donnerstag, 26. Juni 2003 14:55
> An: [ISAserver.org Discussion List]
> Betreff: [isalist] Re: AW: Online Banking Issues
>
>
> http://www.ISAserver.org
>
>
> That's absolutely correct; CARP screws up those kinds of
> sites. A workaround is documented at:
> http://support.microsoft.com/default.aspx?scid=328428
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
>
>
>
> http://www.ISAserver.org
>
>
> Hi there,
>
> I had a similar problem. Seems that the banking software does
> some kind of ip addreess verification per session. So if you
> use CARP for Web proxy clients, there can be the case that
> within one session the banking application sees different
> source ip addresses. To verify this, try to set a specific
> ISA server as the proxy and test it again... Remember to
> close your browser after changing the value from "use
> automatic configuration script" to "use a proxy server"..
>
> Greets
>
> Christian
>
> > -----Ursprüngliche Nachricht-----
> > Von: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx]
> > Gesendet: Mittwoch, 25. Juni 2003 21:22
> > An: [ISAserver.org Discussion List]
> > Betreff: [isalist] Online Banking Issues
> >
> >
> > http://www.ISAserver.org
> >
> >
> > We have problems with two Online Banking sites, TheOneNet by BankOne
> > and StuckeyNet.
> >
> > TheOneNet started about a month ago and StuckeyNet about two weeks
> > ago.
> >
> > Sometimes we can't log in, other times we can but can only get to
> > one page of data before the browser kinda locks up.
> >
> > One program logs in and opens a second window, but the window is
> > 'clear', it never gets any data on it.
> >
> > The other will get to one page of data, and if you click another
> > link on the page, it 'just sits there and looks at
> you funny'.
> >
> > I have cases open with both banks, and they have duplicated the
> > issue on their ISA servers, but they have not fixed it yet. They say
> > they are working with Microsoft on the issue, but it seems way slow
> > to me.
> >
> > I have tried the firewall client, and it doesn't help.
> > I have made rules to not cache those sites;
> > *.bankone.com
> > *.citonline.com
> > *.theonenet.com
> > But it made no diffrence.
> > Should I include something after those entries to make sure any page
> > on those domains are not cached, or is this another issue?
> >
> > Anybody heard anything simular?
> > I am starting to think that iether the banks are using something on
> > their pages that is not accepted standard, or we are going to see a
> > hotfix for ISA.
> >
> > If anyone can, please help.
> > Thanks,
> > Jeff Sloan
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com No.1
> > Exchange > Server Resource
> > Site: http://www.msexchange.org Windows Security Resource
> > Site: http://www.windowsecurity.com/ Network Security
> > Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: christian.schramm@xxxxxxxxxxxxxx To unsubscribe send
> > a blank email to $subst('Email.Unsub')
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: christian.schramm@xxxxxxxxxxxxxx
> To unsubscribe send a blank email to
> $subst('Email.Unsub')
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
