Yep - it is, but I just happened to have that site error handy. SalesForce gives the same type of errors. Is it possible my DNS is messed up on the ISA server? The WAN to my ISP did have their DNS IPs in the NIC IP Config. Are we supposed to leave those blank so that the DNS request will go to the Internal DNS server which in turn goes to the ISP DNS? Our ISA server is setup as a DNS forwarder. Tom Rogers Systems Administrator Schneider Packaging Equipment ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Wednesday, September 17, 2008 4:06 PM To: ISA Mailing List Subject: [isalist] Re: Timeout issue driving me nuts... Request: login.facebook.com:443 Facebook does that all the time....anyway, I thought the dodgy site was salesforce.com??? S From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Wednesday, September 17, 2008 4:18 PM To: ISA Mailing List Subject: [isalist] Re: Timeout issue driving me nuts... Here is an example of what I am getting when we get the timeout issues... Failed Connection Attempt ISA 9/17/2008 3:14:37 PM Log type: Web Proxy (Forward) Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Rule: Limited Outbound Access for all other protocols Source: Internal (192.168.1.135) Destination: External (64.15.175.5:443) Request: login.facebook.com:443 Filter information: Req ID: 0e58c928; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: SSL-tunnel User: DOMAIN\trogers Additional information 1. Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2) 2. Object source: Internet (Source is the Internet. Object was added to the cache.) 3. Cache info: 0x0 4. Processing time: 0 ms 5. MIME type: Tom Rogers Systems Administrator Schneider Packaging Equipment ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, September 16, 2008 11:54 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Timeout issue driving me nuts... These are frequently difficult to troubleshoot, but the good news is that 99 times out of 10, the problem is external to ISA. The first thing to note is the IP address ISA reports as failing to accept a connection; 204.14.234.61. - Is this the correct IP address for the destination site (nslookup reports "na5-sjl.salesforce.com")? - Is this one of many IPs used for that site (I only find one)? - What do you find in the ISA logs around this event? - What do you find in the ISA event logs around this event? - What devices separate your ISA from the Internet (modem, router, etc.)? - Can you get a capture at each point along the chain? I've not found RR tier-1 support to be of much use; they're typically of the "let's remove and reinstall TCP/IP" troubleshooting class. If you can get an escalation to their networking team, you may be able to get concurrent captures during the failure state. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Tuesday, September 16, 2008 7:58 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Timeout issue driving me nuts... I have one ISA server (2006 SP-1) on a W2K3 SP-2 box, and we are having a random time out error on only one website. (SalesForce.com) The error message is always this... Technical Information (for Support personnel) Error Code: 504 Proxy Timeout. The connection timed out. (10060) IP Address: 204.14.234...61 Date: 9/16/2008 2:29:24 PM [GMT] Server: isa.local.NET Source: proxy I though I had it figured out, as an employee from Colorado was VPN'ing in and using SalesForce.com through our internal network instead of his own ISP, but he is no longer doing that and we still have the timeout occurring. Salesforce.com's tech support has basically washed their hands of it and said it is our ISA 2006 server. My Web Proxy timeout is set to 1800 seconds - that's 30 minutes so it should never have a timeout issue. We run on RoadRunner's business class service with 7mbps download, 2mbps upload (theoretical speed). I don't know where to turn from here. Can anyone help me troubleshoot this issue? We don't have this issue with any other websites through ISA 2006. Is there a user friendly reader for the ISA web and fw log files? Is there a tool to see who or what is taking how much bandwidth at a time? TIA, Tom Rogers Systems Administrator Schneider Packaging Equipment ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email.