RE: Host Server Unreachable
- From: "Wayne Berry" <wayne@xxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Apr 2005 11:00:28 -0700
Ok, here is a little more information:
1) If I ping 10.0.0.22 from my internal machine it can reach the destination
2) If I ping 10.0.0.22 from my ISA 2004 firewall it says "Negotiating IP
Security"
3) If I make the request via SSL to the web server it works, only non-SSL
doesn't work.
4) My client is using the ISA 2004 firewall as a gateway (no proxy configured
in IE)
Is it right to assume that the ISA 2004 firewall is establishing it's own
connection to the web server to honor the inside request? What network does it
use? The Local? The Internal? The External?
Is it right to assume that if I can't access the web server from the ISA 2004
server then my internal machines can't access the web server.
The ISA 2004 server is not part of the Domain in the Rack, however I am making
anonymous requests to the server.
-Wayne
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Thursday, April 14, 2005 7:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Host Server Unreachable
http://www.ISAserver.org
That's a failure attempt - the error code is 10065 (Winsock error), indicating
that the upstream server was unreachable.
-----Original Message-----
From: Wayne Berry [mailto:wayne@xxxxxxxxxx]
Sent: Wednesday, April 13, 2005 11:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Host Server Unreachable
http://www.ISAserver.org
Good Idea, Here is what I got:
#Fields: c-ip cs-username c-agent date time s-computername
cs-referred r-host r-ip r-port time-taken
cs-bytes sc-bytes cs-protocol s-operation
cs-uri s-object-source sc-status rule FilterInfo
cs-Network sc-Network error-info action
10.2.1.1 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 1.0.3705) 2005-04-13 18:24:55
GATEWAY - 10.0.0.22 10.0.0.22 80
20922 438 2185 http GET http://10.0.0.22/ Inet
10065 All Access - Crown Plaza To FiberCloud - Internal
FiberCloud 0x40 Failed
I notice that the URI is not what I entered (i.e. it is missing the domain
name). This might be the issue since we require a host header. Is there a
check box somewhere in ISA that sends the host header? Or am I reading the log
file wrong. One thing to note: is the cs-uri is not a URI at all it is a URL,
which is very different then IIS which writes the URI as the URI in this case /
I also noticed here that action is Failed â not to positive, should I be
checking my rule (Access - Crown Plaza To FiberCloud)
Thanks,
Wayne
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Wednesday, April 13, 2005 10:37 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Host Server Unreachable
http://www.ISAserver.org
Use the logs, Wayne.
Logsâ
I see the article title now:
âLog Rolling for ISA Administratorsââ
<ââ>
Itâs loooog, itâs loooogâ
</ââ>
Three anti-social points if you correctly identify that reference
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/>
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
________________________________
From: Wayne Berry [mailto:wayne@xxxxxxxxxx]
Sent: Wednesday, April 13, 2005 10:23
To: [ISAserver.org Discussion List]
Subject: [isalist] Host Server Unreachable
http://www.ISAserver.org
In my remote office I have an ISA 2004 firewall that VPNâs to a Rack in our
Co-location center. In the rack is our web servers, and file servers. I have
configured the networks on my ISA server and enabled every both directions all
users to communicate over the VPN back and forth from the remote office and the
rack. This all works great for UNC, terminal server, SQL Server and everything
but web server. When calling the web servers I get:
Error Code: 500 Internal Server Error. The host server is unreachable. (10065)
Pinging the web server from the remote office gives me the Internal IP address
of the web server, the IP in the rack. So ISA 2004 should âknowâ to route
over the VPN and I can accessing this web server UNC path via that IP, and the
WINs name.
Can someone give me a clue to what is going on? Is this error from ISA or IIS?
-Wayne
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wayne@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wayne@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
