RE: ISA 2004 blocking XP local loopback

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 16 Jan 2006 09:45:12 -0800

Ok - was the IE behavior any different? 
You never sent the contents of the wpad - this is also important.
BTW, array.dll and /wpad.dat produce exactly the same information.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] 
Sent: Monday, January 16, 2006 09:24
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org

Correction.  We had a switch upgrade this weekend, ISA lost it's binding to 
internal NIC.  That problem has been corrected and here's some better results.
01/16/2006  09:18 AM            10,434 array[1].Script
                        1 File(s)        10,434 bytes

        Total Files Listed:
                1 File(s)               10,434 bytes
                0 Dir(s)        8,199,860,224 bytes free

_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, January 16, 2006 9:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org

This says that IE is failing to obtain the configuration script. 
It gets dumped into the cache with a 1-hour TTL.

If you would, send me a capture of a "clean" IE start?
1. Open Netmon (Ethereal) & start capturing.
2. Start | Run | cmd
3. type 'ipconfig/flushdns & nbtstat -R & del ..\array*.script /s & start 
http://isatools.org'
4. stop the capture

Send it off...
-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Monday, January 16, 2006 08:49
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org

Ok, here's the results.

The del command got rid of a ton of scripts from the temporary internet files.

After launching IE and running the dir command I get file not found.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, January 14, 2006 12:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org

I might have considered that if the error was not IE-generated as opposed to 
some AX control or user-side script error.

Here's the upshot...
IE attempts to make a proxy connection for any IP address (yes, including 
127/8) when it's configured as either:
1. "auto-detect" or "config url" and either
  - no script is received
  - the script forces this behavior
2. "use a proxy server" and "bypass" is unchecked

Eric also stated that IE was configured to obtain the script from 
http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script.  
This is why I was interested in the contents of the script.

I did lie, though - the file to be searched for and deleted was not 
"array.dll", but "array*.script".

Eric, could you retry with that filename?

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
Sent: Saturday, January 14, 2006 11:17 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: ISA 2004 blocking XP local loopback

Eric stated he was connecting to a database via IE.  While IE is the client, 
there still needs to be some kind of interface with the database, most likely a 
user or system DSN.  And while the command may not have worked it's 1) easy to 
execute and 2) easy to revert from if it doesn't work.
 
Nothing wrong with testing. :)  Afterall, even if it doesn't work, you now know 
WinHTTP isn't a problem, which allows you to remove it with certainty from the 
realm of possible causes.
 
Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

________________________________

From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Sat 1/14/2006 12:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback



http://www.ISAserver.org <http://www.ISAserver.org/> 

IE still uses WinInet and proxycfg only affects WinHTTP.
That commands while useful for WinHTTP-based clients (BITS, OL2K3, etc.) and is 
completely useless for IE-based connections.

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/> Read the help / books / articles!
--------------------------------------------

-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
Sent: Friday, January 13, 2006 1:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

Eric,

Here's one other thing to try.  At the command prompt, execute the following 
command:

proxycfg -p <web proxy ip:port>

If that doesn't work, use the following command to reset it:

proxycfg -d

Cordially yours,
Jerry G. Young II
  MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys

11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 3:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

Hmmm, here's what I get, keep in mind that everything else works like it should.

When I type the del command I get "Could Not Find C:\*array.dll*"

After I reload the script and type the dir command I get "File Not Found"

Same thing if I change it to "Automatically detect proxy server" and type dir, 
I get "File Not Found".

Like I said, everything else is working as it should.  It has to be getting the 
correct script changes.  I can see the traffic change from one ISA to the next 
as I change script settings.


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 13, 2006 12:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

Nope - that won't work in this case.

Eric, do you know for certain that the browser is getting the wpad script?
You can tell by:
1. close all IE sessions
2. open a cmd window
3. type 'del \*array.dll* /s'
4. open IE and retry the connection
In the cmd window type 'dir \*array.dll* /s'

..do you see any new scripts?
-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org <http://isatools.org/> 
   Read the help / books / articles!
-------------------------------------------------------


-----Original Message-----
From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 12:20
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 


http://support.microsoft.com/kb/262981/?sd=RMVP

Thank You
Mark J Morgan
Palm Drive Hospital
501 Petaluma Ave. Sebastopol, Ca. 95472
Email:    mmorgan@xxxxxxxxxxxxxxxxxxxxx
Voice:    (707) 829-4242
Fax:       (707) 829-4112
Mobile    (707) 849-5576

IMPORTANT Notice: The information contained in this e-mail, including any 
attachments or other embedded messages, is legally privileged and confidential 
and is intended only for the use of the individual or entity to whom it is 
addressed. If the reader of this message is not the intended recipient or an 
agent responsible for delivering it to the intended recipient, you are hereby 
notified that any viewing, dissemination, distribution, retransmitting, or 
copying of this e-mail message is strictly prohibited. If you have received 
and/or are viewing this e-mail in error, please notify the sender immediately 
by reply e-mail, and delete this and all copies of this communication from your 
systems. Thank you.


-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 12:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

Oops, sorry.
"Use automatic configuration script" is checked and the default address that 
ISA creates is in for the address.
Example - ISA 2004 -
http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 13, 2006 11:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

..and the proxy settings?


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org <http://isatools.org/> 
   Read the help / books / articles!
-------------------------------------------------------


-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 11:32
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

It's a local database that is accessed via http://127.0.0.1:8080 
<http://127.0.0.1:8080/>  in IE.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)


-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 13, 2006 11:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 

What is the application; IE, Firefox, etc.?
What are the proxy settings on that app?


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org <http://isatools.org/> 
   Read the help / books / articles!
-------------------------------------------------------


-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 10:15
To: [ISAserver.org Discussion List]
Subject: [islist] ISA 2004 blocking XP local loopback

http://www.ISAserver.org <http://www.ISAserver.org/> 


Ok, I've been looking for the answer to this for about 45min.  Why would ISA 
2004 block a workstation from getting to 127.0.0.1?  Same workstation going 
through ISA 2000 is able to access it's local loopback.  Someone enlighten me 
please!

_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers <http://communitymedical.org/> 1140 "T"
Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)




All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gerald.young@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
epoole@xxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
-------------------------------------------------------
WARNING/CONFIDENTIAL: 
-------------------------------------------------------
This email, including attachments, may contain information that is privileged, 
confidential, and/or exempt from disclosure under applicable law (including, 
but not limited to, protected health information).  It is not intended for 
transmission to, or receipt by, any unauthorized persons.  If the reader of 
this message is not the intended recipient you are hereby notified that any 
dissemination, distribution or copying of this communication is strictly 
prohibited.  If you believe this email
was sent to you in error, do not read it.   Reply to the sender
informing them of the error and then destroy all copies and attachments
of the message from your system.   Thank you.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
epoole@xxxxxxxxxxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
-------------------------------------------------------
WARNING/CONFIDENTIAL: 
-------------------------------------------------------
This email, including attachments, may contain information that is privileged, 
confidential, and/or exempt from disclosure under applicable law (including, 
but not limited to, protected health information).  It is not intended for 
transmission to, or receipt by, any unauthorized persons.  If the reader of 
this message is not the intended recipient you are hereby notified that any 
dissemination, distribution or copying of this communication is strictly 
prohibited.  If you believe this email was sent to you in error, do not read 
it.   Reply to the sender informing them of the error and then destroy all 
copies and attachments of the message from your system.   Thank you.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.



Other related posts: