RE: ISA 2004 blocking XP local loopback

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 16 Jan 2006 10:53:56 -0600

Hi Eric,

Try what I said.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] 
> Sent: Monday, January 16, 2006 10:49 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org
> 
> Ok, here's the results.
> 
> The del command got rid of a ton of scripts from the 
> temporary internet
> files.
> 
> After launching IE and running the dir command I get file not found.
> _______________________________________________
> Eric Poole, CISSP
> Senior Information Security Analyst
> Community Medical Centers
> 1140 "T" Street, Fresno, California 93721
> 559-459-6784 (phone) 559-459-2045 (fax)
>  
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
> Sent: Saturday, January 14, 2006 12:36 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org
> 
> I might have considered that if the error was not IE-generated as
> opposed to some AX control or user-side script error.
> 
> Here's the upshot...
> IE attempts to make a proxy connection for any IP address (yes,
> including 127/8) when it's configured as either:
> 1. "auto-detect" or "config url" and either
>   - no script is received
>   - the script forces this behavior
> 2. "use a proxy server" and "bypass" is unchecked
> 
> Eric also stated that IE was configured to obtain the script from
> http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script.  
> This is why I was interested in the contents of the script.
> 
> I did lie, though - the file to be searched for and deleted was not
> "array.dll", but "array*.script".
> 
> Eric, could you retry with that filename?
> 
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
> -----Original Message-----
> From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
> Sent: Saturday, January 14, 2006 11:17 AM
> To: [ISAserver.org Discussion List]
> Subject: RE: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> Eric stated he was connecting to a database via IE.  While IE is the
> client, there still needs to be some kind of interface with the
> database, most likely a user or system DSN.  And while the command may
> not have worked it's 1) easy to execute and 2) easy to revert 
> from if it
> doesn't work.
>  
> Nothing wrong with testing. :)  Afterall, even if it doesn't work, you
> now know WinHTTP isn't a problem, which allows you to remove it with
> certainty from the realm of possible causes.
>  
> Cordially yours,
> Jerry G. Young II
>   MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> HHS Engineering
> Unisys
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete 
> the e-mail
> and its attachments from all computers.
> 
> ________________________________
> 
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Sat 1/14/2006 12:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> 
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> IE still uses WinInet and proxycfg only affects WinHTTP.
> That commands while useful for WinHTTP-based clients (BITS, 
> OL2K3, etc.)
> and is completely useless for IE-based connections.
> 
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org <http://isatools.org/> Read the help / books /
> articles!
> --------------------------------------------
> 
> -----Original Message-----
> From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
> Sent: Friday, January 13, 2006 1:06 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> Eric,
> 
> Here's one other thing to try.  At the command prompt, execute the
> following command:
> 
> proxycfg -p <web proxy ip:port>
> 
> If that doesn't work, use the following command to reset it:
> 
> proxycfg -d
> 
> Cordially yours,
> Jerry G. Young II
>   MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> HHS Engineering
> Unisys
> 
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
> 
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE 
> PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete 
> the e-mail
> and its attachments from all computers.
> -----Original Message-----
> From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 3:53 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> Hmmm, here's what I get, keep in mind that everything else 
> works like it
> should.
> 
> When I type the del command I get "Could Not Find C:\*array.dll*"
> 
> After I reload the script and type the dir command I get "File Not
> Found"
> 
> Same thing if I change it to "Automatically detect proxy server" and
> type dir, I get "File Not Found".
> 
> Like I said, everything else is working as it should.  It has to be
> getting the correct script changes.  I can see the traffic change from
> one ISA to the next as I change script settings.
> 
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 12:27 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> Nope - that won't work in this case.
> 
> Eric, do you know for certain that the browser is getting the wpad
> script?
> You can tell by:
> 1. close all IE sessions
> 2. open a cmd window
> 3. type 'del \*array.dll* /s'
> 4. open IE and retry the connection
> In the cmd window type 'dir \*array.dll* /s'
> 
> ..do you see any new scripts?
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org <http://isatools.org/> 
>    Read the help / books / articles!
> -------------------------------------------------------
> 
> 
> -----Original Message-----
> From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 12:20
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> 
> http://support.microsoft.com/kb/262981/?sd=RMVP
> 
> Thank You
> Mark J Morgan
> Palm Drive Hospital
> 501 Petaluma Ave. Sebastopol, Ca. 95472
> Email:    mmorgan@xxxxxxxxxxxxxxxxxxxxx
> Voice:    (707) 829-4242
> Fax:       (707) 829-4112
> Mobile    (707) 849-5576
> 
> IMPORTANT Notice: The information contained in this e-mail, including
> any attachments or other embedded messages, is legally privileged and
> confidential and is intended only for the use of the individual or
> entity to whom it is addressed. If the reader of this message 
> is not the
> intended recipient or an agent responsible for delivering it to the
> intended recipient, you are hereby notified that any viewing,
> dissemination, distribution, retransmitting, or copying of this e-mail
> message is strictly prohibited. If you have received and/or 
> are viewing
> this e-mail in error, please notify the sender immediately by reply
> e-mail, and delete this and all copies of this communication from your
> systems. Thank you.
> 
> 
> -----Original Message-----
> From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 12:02 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> Oops, sorry.
> "Use automatic configuration script" is checked and the 
> default address
> that ISA creates is in for the address.
> Example - ISA 2004 -
> http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 11:57 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> ..and the proxy settings?
> 
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org <http://isatools.org/> 
>    Read the help / books / articles!
> -------------------------------------------------------
> 
> 
> -----Original Message-----
> From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 11:32
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> It's a local database that is accessed via http://127.0.0.1:8080
> <http://127.0.0.1:8080/>  in IE.
> _______________________________________________
> Eric Poole, CISSP
> Senior Information Security Analyst
> Community Medical Centers
> 1140 "T" Street, Fresno, California 93721
> 559-459-6784 (phone) 559-459-2045 (fax)
> 
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 11:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> What is the application; IE, Firefox, etc.?
> What are the proxy settings on that app?
> 
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org <http://isatools.org/> 
>    Read the help / books / articles!
> -------------------------------------------------------
> 
> 
> -----Original Message-----
> From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, January 13, 2006 10:15
> To: [ISAserver.org Discussion List]
> Subject: [islist] ISA 2004 blocking XP local loopback
> 
> http://www.ISAserver.org <http://www.ISAserver.org/> 
> 
> 
> Ok, I've been looking for the answer to this for about 45min. 
>  Why would
> ISA 2004 block a workstation from getting to 127.0.0.1?  Same
> workstation going through ISA 2000 is able to access it's local
> loopback.  Someone enlighten me please!
> 
> _______________________________________________
> Eric Poole, CISSP
> Senior Information Security Analyst
> Community Medical Centers <http://communitymedical.org/> 1140 "T"
> Street, Fresno, California 93721
> 559-459-6784 (phone) 559-459-2045 (fax)
> 
> 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com <http://www.techgenix.com/>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> gerald.young@xxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> epoole@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> -------------------------------------------------------
> WARNING/CONFIDENTIAL: 
> -------------------------------------------------------
> This email, including attachments, may contain information 
> that is privileged, confidential, and/or exempt from 
> disclosure under applicable law (including, but not limited 
> to, protected health information).  It is not intended for 
> transmission to, or receipt by, any unauthorized persons.  If 
> the reader of this message is not the intended recipient you 
> are hereby notified that any dissemination, distribution or 
> copying of this communication is strictly prohibited.  If you 
> believe this email was sent to you in error, do not read it.  
>  Reply to the sender informing them of the error and then 
> destroy all copies and attachments of the message from your 
> system.   Thank you.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

• » ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback
• » RE: ISA 2004 blocking XP local loopback

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription