Michael, To get UPS worldship to work you need to configure it for direct access. Under : Tools> Comunications setup, Make sure internet connction is set to Direct access. Next> Direct Access Make Connect through a proxy server Checked, Under Proxy information, Address, FQDN (of your isa host), port (whatever port is in your ISA outgoing web requests, TCP port - 8080), If you require authentication check off the next section and add in your user details. At this point you can use the "Test" button to confirm that the connection is working.. If not, check your ISA server for the correct protocol rules again.. Hope that helps, Fares Rihani -----Original Message----- From: Michael Weber [mailto:mweber@xxxxxxxxxxxx] Sent: Tuesday, January 20, 2004 11:39 AM To: [ISAserver.org Discussion List] Subject: [isalist] UPS Worldship http://www.ISAserver.org Hi all, I know that this has been reviewed before; however, I still cannot connect with the UPS Worldship software through my ISA Server. I'm not an expert on ISA but I think I have set up everything correctly for the software to have direct access to www.uoss.ups.com. And when I examine the ISA logs I don't get an entry in the web proxy file, and I do get one in the Firewall log. The firewall log file and the ups trace file are given below, hopefully, somebody can see something that will help me out. I have connected successfully with Worldship on a computer without ISA. The only difference in the log files is that I don't get the "Peer's certificate has an invalid signature" error on the SSL_ForceHandshake, and everything connects correctly. My only guess is that ISA is still somehow messing with the SSL certificate, but I don't know why. Thanks, Michael Weber mweber@xxxxxxxxxxxx --------------------------------- FIREWALL log --------------------------------- 192.168.0.26, <user>, getHostIP.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv, XTSERVER, -, www.uoss.ups.com, 153.2.72.100, 0, -, 0, 0, -, -, GHBN, -, -, -, 0, 0, -, Allow rule, 39, 0 192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv, XTSERVER, -, -, 153.2.72.100, 443, 31, 0, 0, 443, TCP, Connect, -, -, -, 0, 0, Internal access, Allow rule, 31, 109 192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv, XTSERVER, -, -, 153.2.72.100, 443, 94, 52, 1752, 443, TCP, Connect, -, -, -, 20000, 0, Internal access, Allow rule, 31, 109 --------------------------------- UPS log --------------------------------- Transact Version 2.0.12.0 NSS 2.7.1 Thread 1764 01/20/2004 11:15:34.944 appMsgId=TNT_REQ clientType=1 nPort=443 dwFlags=1 01/20/2004 11:15:34.944 reqInfoLen=251 reqAppDataLen=0 rcvTimeout=120, SndTimeout=30,DNSTimeout=5 01/20/2004 11:15:34.944 Connect: locked. 01/20/2004 11:15:34.944 Socket SetUp entered. 01/20/2004 11:15:34.944 Initializing NSS. 01/20/2004 11:15:34.944 Verifying security databases located at C:\WINDOWS\System32. 01/20/2004 11:15:34.991 SSL_ClearSessionCache completed. 01/20/2004 11:15:34.991 Connecting to : www.uoss.ups.com at port 443 01/20/2004 11:15:34.991 certdir = (C:\WINDOWS\System32) 01/20/2004 11:15:34.991 pszCommandLine = (www.uoss.ups.com 443 C:\WINDOWS\System32 99 GetHostIP1764.dat) ; pszImageModule = (C:\WINDOWS\System32/getHostIP.exe). 01/20/2004 11:15:35.412 Process getHostIP Successfully. 01/20/2004 11:15:35.412 PR_GetHostByName() succeed. 01/20/2004 11:15:35.412 Host IP address = (153.2.72.100) 01/20/2004 11:15:35.553 Error in function SSL_ForceHandshake: -8182 - Peer's certificate has an invalid signature. 01/20/2004 11:15:35.553 Connect: Unlocked. 01/20/2004 11:15:35.553 Total Elapsed Time=640,Time to process transaction=0,Time to resolve HOST IP =421,Time to make connection to HOST=484,Time to make handsake=78,Time to send HTTP request=0,Time to wait for HOST response=0,Time to receiving response message=0 01/20/2004 11:15:35.553 Transact API exited with return code 610, status code 3010. Elapsed time = 0:01