Is there any reason why LDAP would be refused now between this machine and my SBS with ISA? This Apps server is part of the Internal network range. Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> ________________________________ From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: January 12, 2006 1:52 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org Yah :-( didn't think it was that big of a deal ; sorry Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: January 12, 2006 1:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org WHOA. Are you saying this is ISA on SBS? That's quite different and a "oh by the way, how was the play Mrs. Lincoln" moment :) Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: Thursday, January 12, 2006 2:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org I dunno, that's why I'm asking. My machine uses Kerberos of course to talk to the DC (same server as ISA; SBS 2003), and the UDP packets go through just fine, so thats why im wondering why the TCP ones are being denied. Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: January 12, 2006 1:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org Why would it be allowed in the first place? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: Thursday, January 12, 2006 1:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org For some reason, Kerberos-Sec (TCP) is being denied between ISA Server and my internal server. Would this have something to do with it? I deleted my rule I made earlier for the connection between the external server and my internal server for port 80/443 and the SSL-tunnel seems to be connecting. Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> ________________________________ From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: January 12, 2006 12:21 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org Wouldn't the " Do NOT configure the client as a Web proxy client. UNBIND the Web proxy filter from the HTTP protocol. " affect all traffic passing through my ISA? Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: January 12, 2006 12:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org Hi Jonathon, OK, if we're going to play a guessing game, I would do this: Create an SSL Server Publishing Rule Create an Acess Rule allowing outbound SSL connections. Do NOT configure the client as a Web proxy client. UNBIND the Web proxy filter from the HTTP protocol. HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Jonathon J. Howey [mailto:Jonathon@xxxxxxx] Sent: Thursday, January 12, 2006 1:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: "Failed Connection Attempt" for SSL-tunnel (443) protocol http://www.ISAserver.org Tom, I'm wondering if I created a Perimeter network consisting of my internal server and the server I'm trying to access over 443, if it will work? Jonathon J. Howey KPSA Compliance Management Inc. P 780.409.5620 F 780.409.5621 D 780.409.5628 C 780.965.8363 Jonathon@xxxxxxx Guiding the Future of Transportation www.KPSA.ca <http://www.kpsa.ca/> to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Jonathon@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: Jonathon@xxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx