http://www.ISAserver.org ------------------------------------------------------- Nope; if you want the whole thing, you have to run Netmon at the ISA on both interfaces. No single endpoint can capture a conversation across intermediate device. You can send to me or the list... Jim -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young Sent: Wednesday, September 10, 2008 10:29 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: HTTPS Connectivity Issue Jim, Fair enough. If I run the capture on the client, that should catch the full conversation, yes? Should I enable conversations in the capture? Also, once captured, do I just attach the file and send back to the list? I know others have exchanged captures before but I don't recall seeing those attachments on the messages sent to the list. Sorry for the silly questions. On Wed, Sep 10, 2008 at 1:12 PM, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: The logs don't say that the server aborted the connection; it says "someone" did. Only a network capture will help you determine which of the three entities aborted the connection. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young Sent: Wednesday, September 10, 2008 8:25 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] HTTPS Connectivity Issue I created a simple server publishing rule in ISA Server 2006 that is configured to allow HTTPS traffic that hits the ISA Server's external IP address to access a server providing Secure FTP services (configured to use port 443, at any rate - and yes I know about 990 and 22). However, when I attempt to connect, I get the following results. Original Client IP Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Cache Information Error Information Authentication Server Log Time Client IP Destination IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name Log Record Type 172.16.9.69 - TCP - - - 9/10/2008 3:16:11 PM 33867 0 0 0 0x0 0x0 - 9/10/2008 11:16:11 AM 172.16.9.69 10.3.0.40 443 HTTPS Server Initiated Connection Corporate Secure FTP Access 0x0 ERROR_SUCCESS External Perimeter - HVW2K3ISA01 Firewall 172.16.9.69 - TCP - - - 9/10/2008 3:16:11 PM 33867 31 206 88 0x0 0x0 - 9/10/2008 11:16:11 AM 172.16.9.69 10.3.0.40 443 HTTPS Server Closed Connection Corporate Secure FTP Access 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN External Perimeter - HVW2K3ISA01 Firewall Might anyone know why the firewall is aborting the connection? I have a similar server publishing rule (uses FTP instead of HTTPS) that works. The only difference between the two is the protocol that's allowed. Also, the ERROR_SUCCESS issue perplexes me because of the paradox those two words together present. :) -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx