RE: Java problems.
- From: <AHendriks@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 31 Dec 2004 11:53:18 +0100
I'm not using the "Require all users to authenticate" setting in the
Internal network web proxy listner.
I'm not able to take a look in the web proxy logs, cause off performance
issues i have turned off the logging for ISA completly, i know it's
diffucult to analyze the problem this way, i will turn it back on, and
hope the problem apears again.
> Can you forward me your ISAInYou also stated:
I do not understand the meaning of the line above.
> "Normaly behavoir is that all users who have access to the
> internet needs to authenticate before they can use the
> internet, so my default setup was that alle users from a
> specific domain group have internet access."
> Are you also using the "Require all users to authenticate"
> setting in the Internal network web proxy listener?
>
> You haven't said; what do you find in the web proxy logs for
> the failing connections?
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
>
>
>
> -----Original Message-----
> From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> Sent: Wednesday, December 29, 2004 11:16 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Java problems.
>
> http://www.ISAserver.org
>
> My order of rules is :
>
> Name Action Protocols From To
> Condition
> Windows Update Allow HTTP/HTTPS
> Internal Windows
> update All Users
> Overheid.nl Allow HTTP/HTTPS Internal
> Overheid.Nl All Users
> HTTP/HTTPS Allow HTTP/HTTPS Internal
> External Domain Users
>
> The rule is on the second place, and there are no
> authorisation rules before.
>
> Arjan
>
> > Nothing you've offered changes my observations or the questions I
> > asked.
> > Yes, it's likely an ISA configuration issue; this is why I
> asked where
> > the rule sits in the rule order.
> > Have you examined the ISA logs to see what the ISA response
> to those
> > connections was?
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > Sent: Wednesday, December 29, 2004 02:45
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Java problems.
> >
> > http://www.ISAserver.org
> >
> > Normaly behavoir is that all users who have access to the internet
> > needs to authenticate before they can use the internet, so
> my default
> > setup was that alle users from a specific domain group have
> internet
> > access.
> >
> > This behavoir happens on a NT workstation, with a XP
> workstation, the
> > problem doesn't exist.
> >
> > The site the users connecting to is a external site, so i'm
> unable to
> > change the external site, and when i connect with a xp
> workstation, i
> > don't have to authenticate on the external web site, so i
> think they
> > don't use NTLM authentication.
> >
> > Cause of an other problem which i have posted here, i have disabled
> > the rule for anonymous access to the site, so the problem raised
> > again.
> >
> > With the proxy 2.0 server which we used before, we have no problems
> > with the site, so i think it's a configuration problem within ISA
> > 2004.
> >
> > An other expirence which i had with the migration from
> proxy to isa,
> > was that i alway coud make use of the ftp protocol, but
> when chaning
> > the settings to the isa server, i was unable to use it,
> after adding
> > my self to the domain ftp group (which includes all users with ftp
> > access), i was able to ftp again.
> >
> > Arjan
> >
> > > 99 times out of 10, this is an authentication issue.
> > > Where does this rule sit in the overall order?
> > > If you have any authenticated rules before this, your
> Java app will
> > > likely fail.
> > > As you can see from your rule, allowing anonymous (all
> users) makes
> > > this traffic work.
> > > Check with your Java runtime authors to see if they have
> an update
> > > that supports Integrated (NTLM) authentication.
> > >
> > > -----Original Message-----
> > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > > Sent: Monday, December 27, 2004 01:25
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Java problems.
> > >
> > > http://www.ISAserver.org
> > >
> > > When a user tries to connect to a site witch uses java, not
> > the whole
> > > screen is displays, the user is using Windows NT with IE
> > 5.5, when i
> > > try to reach the site everything goes well, i'm using XP
> > with IE 6, i
> > > need to turn off pop-ups for the site.
> > >
> > > I have created a rule for the site, so that the site can
> be reached
> > > anonymous, all the other sites needs to be authenticated.
> When the
> > > user tries again, there are no problems with the site, i
> have wrote
> > > the following rule:
> > >
> > > Name Overheid.nl
> > > Action Allow
> > > Protocols HTTP/HTTPS
> > > From Local,Internal
> > > To overheid.nl (domain name set)
> > > Users All Users
> > > Schedule Always
> > >
> > > I'm running ISA 2004 as a proxy server only.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
> http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site:
> http://www.msexchange.org Windows
> > Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
> http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site:
> http://www.msexchange.org Windows
> > Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > ahendriks@xxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: ahendriks@xxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
Other related posts:
