Hi Shawn, Great post! Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Friday, August 08, 2003 2:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Pop UP Ads http://www.ISAserver.org To help narrow things down, go get the GNU port of posix tools for Win32 and use tail and grep together to watch your log in realtime. So if the IP of the machine you're testing with is 1.2.3.4, then do this: > tail -f webd20030808.log | grep 1.2.3.4 Then look for the lines that have result codes of something equalling a deny. I do this all the time when I open a site for all-out access, but someone's !$#@% ad site or image host is creating authentication prompts all over the place. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Friday, August 08, 2003 3:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Pop UP Ads http://www.ISAserver.org We're talking about two different things: 1. the fix does remove the name lookup requirement for Web Proxy traffic; BTDTGTTSWIOTIA. If you have some evidence other than this particular issue to indicate otherwise, I'm all ears (looks funny, but I hear really well). 2. the problem you still experience stems from the way ISA is comparing the: - request as presented by the client - the destinations as listed in the problematic destination set As I pointed out, it's very much a hit-and-miss process to isolate the problem entry among 20MB worth of them, since the logs don't tell us what the actual match data was. Consequently, you'll have to try some variation of the standard half-split troubleshooting method to reduce the set to the interesting entry. This is time-consuming, but it's more accurate than the "what's broke?" method... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Frederic Giroux" <fgiroux@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, August 08, 2003 11:48 Subject: [isalist] RE: Pop UP Ads http://www.ISAserver.org Jim Harrison said... _________________________________________ That fix does work in that ISA no longer tries to perform name lookups on client requests (tested it myself). I recommended it to remove the possibility that reverse / fwd name lookups were contributing to the problem. The fact that the rule still fires for this request means that ISA found a data set in the rule that matched the request. Unfortunately, it's VERY difficult to say what specific entry was used to make a decision, since the logs don't include that data. _________________________________________ Well, in my case, for some reason, it didn't work and I know for a fact that the sites that are inaccssible and shouldn't are NOT listed in the destinati on set. Could it be the version of w3proxy.exe? Jim, what version do you have? Fred ______________________________ Frederic Giroux LAN Administrator CyberCap fgiroux@xxxxxxxxxxxxxx http://www.cybercap.qc.ca 33 Prince St. Suite 301 Montreal, Qc H3C 2M7 (514) 861-7700 ext. 303 Fax : (514) 861-7700 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')