Hi Jim, Can I have a list of the sc-result codes like 407 = proxy auth required, 12209 = denied by ISA policies. This has really helped me a lot while I was going thru the ISA LOGS. Thanks a lot, Athif -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, 13 April 2004 7:29 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org Your first responsibility is to provide solid name resolution for your ISA. If this presents problems for you, there are plenty of articles and documents at www.isaserver.org for you to read. Actual name to IP mappings are the responsibility of the folks hosting the site. Since you can't rely on them to do this properly, this hotfix is the only way of dealing with them. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: <mathif@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, April 13, 2004 07:36 Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org Hi Jim, Thanks a million for the info. In my case, Is hot fix the only work around for this bad name resolution? Thanks a lot. Athif -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, 13 April 2004 4:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org The sc-result codes are: 407 = proxy auth required 12209 = denied by ISA policies. Regarding your slowdown, ISA will try to resolve all destinations to IP and back to a name to make sure that a client isn't trying to "get around" a policy. If your ISA has crappy name resolution, then this will take a long time. See if this helps you: http://support.microsoft.com/?id=292018 Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: <mathif@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, April 13, 2004 02:51 Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org Hi Jim, Thanks a lot for the info. This is what I found in Logs http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll <http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 407, -, -, - 172.20.50.140, RIYADH\mabdulrahim, Mozilla/4.0 (compatible; MSIE 5.01; HostIE 4.4.2.0), -, 4/9/2004, 0:00:54, -, IT-ISA01, -, -, -, 0, 0, 696, 0, -, -, POST, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll <http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 12209, -, -, - 172.20.25.175, RIYADH\abin-siddique, Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1), -, 4/9/2004, 0:00:54, -, IT-ISA01, -, 212.93.193.87, 212.93.193.87, 8080, 2734, 604, 47584, http, -, GET, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll <http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 407, -, -, - 172.20.35.73, RIYADH\smohammed, Mozilla/4.0 (compatible; MSIE 5.01; HostOL 4.4.2.0), -, 4/9/2004, 0:00:39, -, IT-ISA01, -, -, -, 0, 0, 1092, 0, -, -, POST, http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll <http://reports.hotbar.com/reports/hotbar/4.0/HbRpt.dll> , -, -, 12209, -, -, - -, -, Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Fetch API Request, -, 4/9/2004, 0:00:41, -, IT-ISA01, -, 212.93.193.87, 212.93.193.87, 8080, 15828, 139, 60635, http, -, GET, http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe <http://gatorcme.gator.com/gatorcme/autoupdate/installdatemanager.exe> , -, -, 12209, -, -, - 172.20.25.175, anonymous, Mozilla/4.01 [en] (Win95; I), -, 4/9/2004, 0:00:48, -, IT-IS I am facing a new problem, when I try to create a destination set for reports.hotbar.com and gatorcme.gator.com and apply it in site and content rule and the internet gets damm slow. When I try to disable this rule, then internet goes fast. What is this behaviour and why is it happening?? Jim is ther a way to overcome or did I miss something. Thanks a lott for the help AThif -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ] Sent: Monday, 12 April 2004 9:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org <http://www.ISAserver.org> The ISA reports are VERY basic. ISA logs, on the other hand are VERY detailed. When ISA receives traffic from a client , it logs how much data was transferred between them. This includes any auth request/response, or request/refusal traffic. just because traffic was logged for a request, doesn't mean it actually made it across ISA. As I said, if you want to know whether or not a particular request was allowed or refused, read the logs, not the reports. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver <http://www.microsoft.com/isaserver> http://isaserver.org/Jim_Harrison <http://isaserver.org/Jim_Harrison> http://isatools.org <http://isatools.org> Read the help, books and articles! ----- Original Message ----- From: <mathif@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, April 12, 2004 06:38 Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org <http://www.ISAserver.org> Hi Jim, I agree with you. But, how can you justify with the bandwidth in colum from ISA REPORT. It shows a lot of bandwidth coming in from reports.hotbar.com. Yes, I didn't use "http:// <http://> " for the destination set. What do you say? Thanks, Athif -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ] Sent: Sunday, 11 April 2004 4:50 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org <http://www.ISAserver.org> It shows in the reports because you made the request of ISA. Read the LOGS, not the REPORTS. Take a read in the ISA help; the log fields are explained there. If you want to block a certain site, then include that site (wihtout the "http:// <http://> " part) in a destination set and use that destination set in a "deny" site and content rule. It's all in the help. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org> Read the help / books / articles! On Sun, 11 Apr 2004 10:38:16 +0300 mathif@xxxxxxxxxxxxxxx wrote: http://www.ISAserver.org <http://www.ISAserver.org> Hi Jim, Can you tell me what is sc-result code? Like, when I try to browse www.hotbar.com <www.hotbar.com> I cant then why is it showing in ISA REPORTS. I want to get rid of this becoz the internet is going down. What shuld I do?? Please help me Regards, Athif -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx <mailto:jim@xxxxxxxxxxxx> ] Sent: Saturday, 10 April 2004 6:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Unable to block Websites http://www.ISAserver.org <http://www.ISAserver.org> ISA Reports are not good validation tools, as they report on ALL traffic, blocked or allowed. Use your logs to see what the sc-result code was. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver <http://www.microsoft.com/isaserver> http://isaserver.org/Jim_Harrison <http://isaserver.org/Jim_Harrison> http://isatools.org <http://isatools.org> Read the help, books and articles! ----- Original Message ----- From: <mathif@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, April 10, 2004 05:50 Subject: [isalist] Unable to block Websites http://www.ISAserver.org <http://www.ISAserver.org> Dear Experts, Actually, I am trying to block report.hotbar.com and gatorcme.gator.com as its using lot of my bandwidth which I can see in ISA Reports. To block this, I have created a Destination Set seperately for both this sites and applied Site&Content Rule. But, still I can see that in the ISA REPORTS. I create the reports on daily basis. Is there something I am missing or is there any other way I shuld do it?? Your thoughts please. Regards, Athif ----------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email. -----------------------------------------------------