Ok - was the IE behavior any different? You never sent the contents of the wpad - this is also important. BTW, array.dll and /wpad.dat produce exactly the same information. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 16, 2006 09:24 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org Correction. We had a switch upgrade this weekend, ISA lost it's binding to internal NIC. That problem has been corrected and here's some better results. 01/16/2006 09:18 AM 10,434 array[1].Script 1 File(s) 10,434 bytes Total Files Listed: 1 File(s) 10,434 bytes 0 Dir(s) 8,199,860,224 bytes free _______________________________________________ Eric Poole, CISSP Senior Information Security Analyst Community Medical Centers 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, January 16, 2006 9:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org This says that IE is failing to obtain the configuration script. It gets dumped into the cache with a 1-hour TTL. If you would, send me a capture of a "clean" IE start? 1. Open Netmon (Ethereal) & start capturing. 2. Start | Run | cmd 3. type 'ipconfig/flushdns & nbtstat -R & del ..\array*.script /s & start http://isatools.org' 4. stop the capture Send it off... ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, January 16, 2006 08:49 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org Ok, here's the results. The del command got rid of a ton of scripts from the temporary internet files. After launching IE and running the dir command I get file not found. _______________________________________________ Eric Poole, CISSP Senior Information Security Analyst Community Medical Centers 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Saturday, January 14, 2006 12:36 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org I might have considered that if the error was not IE-generated as opposed to some AX control or user-side script error. Here's the upshot... IE attempts to make a proxy connection for any IP address (yes, including 127/8) when it's configured as either: 1. "auto-detect" or "config url" and either - no script is received - the script forces this behavior 2. "use a proxy server" and "bypass" is unchecked Eric also stated that IE was configured to obtain the script from http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script. This is why I was interested in the contents of the script. I did lie, though - the file to be searched for and deleted was not "array.dll", but "array*.script". Eric, could you retry with that filename? -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Saturday, January 14, 2006 11:17 AM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: ISA 2004 blocking XP local loopback Eric stated he was connecting to a database via IE. While IE is the client, there still needs to be some kind of interface with the database, most likely a user or system DSN. And while the command may not have worked it's 1) easy to execute and 2) easy to revert from if it doesn't work. Nothing wrong with testing. :) Afterall, even if it doesn't work, you now know WinHTTP isn't a problem, which allows you to remove it with certainty from the realm of possible causes. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Sat 1/14/2006 12:11 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> IE still uses WinInet and proxycfg only affects WinHTTP. That commands while useful for WinHTTP-based clients (BITS, OL2K3, etc.) and is completely useless for IE-based connections. -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Friday, January 13, 2006 1:06 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> Eric, Here's one other thing to try. At the command prompt, execute the following command: proxycfg -p <web proxy ip:port> If that doesn't work, use the following command to reset it: proxycfg -d Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, January 13, 2006 3:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> Hmmm, here's what I get, keep in mind that everything else works like it should. When I type the del command I get "Could Not Find C:\*array.dll*" After I reload the script and type the dir command I get "File Not Found" Same thing if I change it to "Automatically detect proxy server" and type dir, I get "File Not Found". Like I said, everything else is working as it should. It has to be getting the correct script changes. I can see the traffic change from one ISA to the next as I change script settings. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, January 13, 2006 12:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> Nope - that won't work in this case. Eric, do you know for certain that the browser is getting the wpad script? You can tell by: 1. close all IE sessions 2. open a cmd window 3. type 'del \*array.dll* /s' 4. open IE and retry the connection In the cmd window type 'dir \*array.dll* /s' ..do you see any new scripts? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx] Sent: Friday, January 13, 2006 12:20 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> http://support.microsoft.com/kb/262981/?sd=RMVP Thank You Mark J Morgan Palm Drive Hospital 501 Petaluma Ave. Sebastopol, Ca. 95472 Email: mmorgan@xxxxxxxxxxxxxxxxxxxxx Voice: (707) 829-4242 Fax: (707) 829-4112 Mobile (707) 849-5576 IMPORTANT Notice: The information contained in this e-mail, including any attachments or other embedded messages, is legally privileged and confidential and is intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that any viewing, dissemination, distribution, retransmitting, or copying of this e-mail message is strictly prohibited. If you have received and/or are viewing this e-mail in error, please notify the sender immediately by reply e-mail, and delete this and all copies of this communication from your systems. Thank you. -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, January 13, 2006 12:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> Oops, sorry. "Use automatic configuration script" is checked and the default address that ISA creates is in for the address. Example - ISA 2004 - http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, January 13, 2006 11:57 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> ..and the proxy settings? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, January 13, 2006 11:32 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> It's a local database that is accessed via http://127.0.0.1:8080 <http://127.0.0.1:8080/> in IE. _______________________________________________ Eric Poole, CISSP Senior Information Security Analyst Community Medical Centers 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Friday, January 13, 2006 11:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> What is the application; IE, Firefox, etc.? What are the proxy settings on that app? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, January 13, 2006 10:15 To: [ISAserver.org Discussion List] Subject: [islist] ISA 2004 blocking XP local loopback http://www.ISAserver.org <http://www.ISAserver.org/> Ok, I've been looking for the answer to this for about 45min. Why would ISA 2004 block a workstation from getting to 127.0.0.1? Same workstation going through ISA 2000 is able to access it's local loopback. Someone enlighten me please! _______________________________________________ Eric Poole, CISSP Senior Information Security Analyst Community Medical Centers <http://communitymedical.org/> 1140 "T" Street, Fresno, California 93721 559-459-6784 (phone) 559-459-2045 (fax) All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com <http://www.techgenix.com/> ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------- WARNING/CONFIDENTIAL: ------------------------------------------------------- This email, including attachments, may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law (including, but not limited to, protected health information). It is not intended for transmission to, or receipt by, any unauthorized persons. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you believe this email was sent to you in error, do not read it. Reply to the sender informing them of the error and then destroy all copies and attachments of the message from your system. Thank you. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------- WARNING/CONFIDENTIAL: ------------------------------------------------------- This email, including attachments, may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law (including, but not limited to, protected health information). It is not intended for transmission to, or receipt by, any unauthorized persons. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you believe this email was sent to you in error, do not read it. Reply to the sender informing them of the error and then destroy all copies and attachments of the message from your system. Thank you. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.