RE: Java problems.
- From: <AHendriks@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 30 Dec 2004 08:16:03 +0100
My order of rules is :
Name Action Protocols From To
Condition
Windows Update Allow HTTP/HTTPS Internal Windows
update All Users
Overheid.nl Allow HTTP/HTTPS Internal
Overheid.Nl All Users
HTTP/HTTPS Allow HTTP/HTTPS Internal
External Domain Users
The rule is on the second place, and there are no authorisation rules
before.
Arjan
> Nothing you've offered changes my observations or the
> questions I asked.
> Yes, it's likely an ISA configuration issue; this is why I
> asked where the rule sits in the rule order.
> Have you examined the ISA logs to see what the ISA response
> to those connections was?
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> Sent: Wednesday, December 29, 2004 02:45
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Java problems.
>
> http://www.ISAserver.org
>
> Normaly behavoir is that all users who have access to the
> internet needs to authenticate before they can use the
> internet, so my default setup was that alle users from a
> specific domain group have internet access.
>
> This behavoir happens on a NT workstation, with a XP
> workstation, the problem doesn't exist.
>
> The site the users connecting to is a external site, so i'm
> unable to change the external site, and when i connect with a
> xp workstation, i don't have to authenticate on the external
> web site, so i think they don't use NTLM authentication.
>
> Cause of an other problem which i have posted here, i have
> disabled the rule for anonymous access to the site, so the
> problem raised again.
>
> With the proxy 2.0 server which we used before, we have no
> problems with the site, so i think it's a configuration
> problem within ISA 2004.
>
> An other expirence which i had with the migration from proxy
> to isa, was that i alway coud make use of the ftp protocol,
> but when chaning the settings to the isa server, i was unable
> to use it, after adding my self to the domain ftp group
> (which includes all users with ftp access), i was able to ftp again.
>
> Arjan
>
> > 99 times out of 10, this is an authentication issue.
> > Where does this rule sit in the overall order?
> > If you have any authenticated rules before this, your Java app will
> > likely fail.
> > As you can see from your rule, allowing anonymous (all users) makes
> > this traffic work.
> > Check with your Java runtime authors to see if they have an update
> > that supports Integrated (NTLM) authentication.
> >
> > -----Original Message-----
> > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > Sent: Monday, December 27, 2004 01:25
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Java problems.
> >
> > http://www.ISAserver.org
> >
> > When a user tries to connect to a site witch uses java, not
> the whole
> > screen is displays, the user is using Windows NT with IE
> 5.5, when i
> > try to reach the site everything goes well, i'm using XP
> with IE 6, i
> > need to turn off pop-ups for the site.
> >
> > I have created a rule for the site, so that the site can be reached
> > anonymous, all the other sites needs to be authenticated. When the
> > user tries again, there are no problems with the site, i have wrote
> > the following rule:
> >
> > Name Overheid.nl
> > Action Allow
> > Protocols HTTP/HTTPS
> > From Local,Internal
> > To overheid.nl (domain name set)
> > Users All Users
> > Schedule Always
> >
> > I'm running ISA 2004 as a proxy server only.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: ahendriks@xxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
Other related posts:
