RE: ISA 2004 & SurfControl

• From: <AHendriks@xxxxxx>
• To: <Jim@xxxxxxxxxxxx>
• Date: Tue, 4 Jan 2005 11:19:03 +0100

The rules are fine, cause i don't see this behavoir all the time, but it
happens sometimes, the folks off SC are already working on it (i hope),
in the mean time i wanted to do some research and ask something around.

I think that ISA have some kind of bug where ISA only uses the first
rule, and all the sessions are un-authenticated pased through SC, which
blockes the sessions cause SC doesn' allow any ip adresses, and only
user names.

Arjan Hendriks

> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> Sent: maandag 3 januari 2005 16:17
> To: Hendriks, Arjan
> Subject: RE: [isalist] RE: ISA 2004 & SurfControl
> 
> That screenshot clearly shows Surf Control blocking the sites 
> you're interested in.
> Get with the SC folks to help you create proper rules.
> 
> 
>   Jim Harrison
>   MCP(NT4, W2K), A+, Network+, PCG
>   http://isaserver.org/Jim_Harrison/
>   http://isatools.org
>   Read the help / books / articles!
>  
>  
> -----Original Message-----
> From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> Sent: Monday, January 03, 2005 5:35 AM
> To: Jim Harrison
> Subject: FW: [isalist] RE: ISA 2004 & SurfControl
> 
> The attachement.
> 
> Arjan
> 
> 
> > -----Original Message-----
> > From: Hendriks, Arjan
> > Sent: maandag 3 januari 2005 14:34
> > To: '[ISAserver.org Discussion List]'
> > Subject: RE: [isalist] RE: ISA 2004 & SurfControl
> > 
> > OK, i don't send any attachments with this message, i will 
> forward the 
> > attachment to your e-mail adres.
> > 
> > 1 - I have checked the logs, but haven't find any thing.
> > 2 - Cause off performance issues, i have turnd off the logging from 
> > isa, from a kb article from MS.
> > 
> > Arjan
> > 
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: vrijdag 31 december 2004 17:09
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 & SurfControl
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Ho, don't add attachments; they'll likely cause the message be 
> > > rejected as too big and don't usually show what's needed anyway.
> > > 
> > > What you should do instead is:
> > > 1 - examine the Surf Control logs
> > >   you may have a SC rule that's causing your pain
> > > 2 - examine the ISA web proxy logs
> > >   you may have an ISA rule that's causing your pain
> > > 
> > >   Jim Harrison
> > >   MCP(NT4, W2K), A+, Network+, PCG
> > >   http://isaserver.org/Jim_Harrison/
> > >   http://isatools.org
> > >   Read the help / books / articles!
> > >  
> > >  
> > > -----Original Message-----
> > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > > Sent: Friday, December 31, 2004 2:43 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 & SurfControl
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Nope, it's not the WU site only, sites like google.nl are
> > blocked to,
> > > i don't know if i may ad a attachment, at the time the problem 
> > > arrised, i made a screen dump of SurfControl, which my 
> declare the 
> > > problem.
> > > 
> > > Arjan
> > > 
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > > Sent: donderdag 30 december 2004 15:57
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA 2004 & SurfControl
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > If the only problem is that WU sites are being blocked, 
> this is a 
> > > > known issue that isn't resolvable with Surf Control, 
> Web Sense or 
> > > > BurstTek.
> > > > 
> > > > 
> > > >   Jim Harrison
> > > >   MCP(NT4, W2K), A+, Network+, PCG
> > > >   http://isaserver.org/Jim_Harrison/
> > > >   http://isatools.org
> > > >   Read the help / books / articles!
> > > >  
> > > >  
> > > > 
> > > > -----Original Message-----
> > > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > > > Sent: Wednesday, December 29, 2004 11:12 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA 2004 & SurfControl
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > The only things i can find in the event log are messages about 
> > > > starting and stopping the surfcontrol services, nothing else.
> > > > 
> > > > Arjan
> > > > 
> > > > > Use your Event logs.
> > > > > What error or warning events do you find in there?
> > > > 
> > > > > -----Original Message-----
> > > > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > > > > Sent: Wednesday, December 29, 2004 02:15
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] ISA 2004 & SurfControl
> > > > > 
> > > > > http://www.ISAserver.org
> > > > > 
> > > > > I'm using ISA 2004 and SurfControl 5.0 for controlling the
> > > > access to
> > > > > the internet, from time to time i see in the real time
> > > > logging window
> > > > > from SurfControl blocked sites, which 5 minutes before
> > > was working
> > > > > correctly.
> > > > > 
> > > > > When the sites are blocked, it seems that the sessions off
> > > > the users
> > > > > are timed out, and they have to refresh there sessions, and
> > > > they start
> > > > > to complain.
> > > > > 
> > > > > Within ISA i have configured a rule which allowed
> > workstation to
> > > > > connect anonymous to the windows update site, which
> > > > discussed in the
> > > > > following
> > > > > article:
> > > > > http://www.microsoft.com/technet/prodtechnol/winxppro/support/
> > > > > updateauth
> > > > > en.mspx
> > > > > 
> > > > > After disabling the rule, and watching at the real 
> time logging 
> > > > > window, i haven't seen this behavior again.
> > > > > 
> > > > > A other behavoir is that when a user types a URL for a
> > > > site, IE times
> > > > > out, when an other user types the same URL, the content is
> > > > displayd in
> > > > > his browser.
> > > > > The first user have to hit refresh before the content
> > is displayd.
> > > > > 
> > > > > One of the tuning tips was disabling logging, we where
> > > > logging the ISA
> > > > > logs to an external SQL box, SurfControl uses the 
> same for his 
> > > > > logging.
> > > > > 
> > > > > What could be the problem.
> > > > > 
> > > > > Arjan
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: 
> > > > http://www.windowsnetworking.com Leading
> > > > > Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: 
> > > > http://www.msexchange.org Windows
> > > > > Security Resource Site:
> > > > > http://www.windowsecurity.com/ Network Security Library: 
> > > > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> > > > > http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as: 
> > > > > jim@xxxxxxxxxxxx To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > > All mail to and from this domain is GFI-scanned.
> > > > > 
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: 
> > > > http://www.windowsnetworking.com Leading
> > > > > Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: 
> > > > http://www.msexchange.org Windows
> > > > > Security Resource Site:
> > > > > http://www.windowsecurity.com/ Network Security Library: 
> > > > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> > > > > http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as: 
> > > > > ahendriks@xxxxxx To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: 
> > > http://www.windowsnetworking.com Leading
> > > > Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: 
> > > http://www.msexchange.org Windows
> > > > Security Resource Site: http://www.windowsecurity.com/ Network 
> > > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > > > Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > All mail to and from this domain is GFI-scanned.
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: 
> > > http://www.windowsnetworking.com Leading
> > > > Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: 
> > > http://www.msexchange.org Windows
> > > > Security Resource Site: http://www.windowsecurity.com/ Network 
> > > > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > > > Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as: 
> > > > ahendriks@xxxxxx To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: 
> > http://www.windowsnetworking.com Leading
> > > Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: 
> > http://www.msexchange.org Windows
> > > Security Resource Site:
> > > http://www.windowsecurity.com/ Network Security Library: 
> > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> > > http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > All mail to and from this domain is GFI-scanned.
> > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: 
> > http://www.windowsnetworking.com Leading
> > > Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: 
> > http://www.msexchange.org Windows
> > > Security Resource Site:
> > > http://www.windowsecurity.com/ Network Security Library: 
> > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> > > http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as: 
> > > ahendriks@xxxxxx To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> 
> All mail to and from this domain is GFI-scanned.
> 
> 

Other related posts:

• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl
• » RE: ISA 2004 & SurfControl

1. Home
2. isalist
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---