Yep - blame the machine for the operator actions. If you want to toss the hardware, I'll gladly pay shipping so long as it doesn't get "sidewalked" first. You're still being too general in your description of the problem. You failed to provide: - the *exact* URL used in testing. As I pointed out in my first response, the "public names" *must* include the host name from the URL you're using. Since you won't tell anyone what the *exact* test URL is, well; you know the rest. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- ________________________________________ From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx] Sent: Tuesday, October 18, 2005 09:45 To: [ISAserver.org Discussion List] Subject: [isalist] RE: 403 Forbidden http://www.ISAserver.org Sorry to reply to my own, but I am going to have a serious humour bypass with this stupid server and jettison out of our 8th floor window soon ;-) Off of the Forum on isaserver.org I found topic 89 I believe, which refers to this problem. I followed jdl's advice in that topic and set the Public name to the external IP Address of the ISA Server, and set it to forward original host header, and to appear to come from original client and no go. What gives with this stupid piece of software? The settings on the rule and listener are now as follows: Action Tab: Set to allow From Tab: set to External To Tab: internal IP Address of tsweb farm Traffic Tab: HTTP only Listener Tab: Listener I created listens on port 80 only and uses no authentication Public Name Tab: public ip address of ISA Server Paths Tab: set to /tsweb (as per the documentation for TSWEB) Bridging Tab: Web server is selected with redirect http to port 80 Users Tab: is currently all users Schedule Tab: always Link Translation Tab: nothing configured Please help, as there is a DL380 with it's life in serious jeopardy here, can you imagine the carnage of one of these babies hitting the sidewalk from 8 stories up? It would be worse than the Coyote in any given Road Runner episode you care to name. Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07932 653787 E:clayton.doige@xxxxxxxxxxx W:www.cetv-net.com ________________________________________ From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx] Sent: 13 October 2005 15:04 To: [ISAserver.org Discussion List] Subject: [isalist] 403 Forbidden http://www.ISAserver.org Hi all, I have set up a network load balanced Terminal Services farm in a test situation (Windows 2003 Standard SP1). I have also installed the TSWEB component. This works great internally, however, when I am attempting to connect to this through the ISA 2004 Firewall I get 403 Forbidden. The server denied the specified URL, blah blah blah (12202) The rule I have set on the ISA Server has the following properties: Action Tab: Set to allow From Tab: set to External To Tab: netbios name of the network loadbalancer, with 'Request appear to come from ISA' selected Traffic Tab: HTTP only Listener Tab: Listener I created listens on port 80 only and uses integrated authentication Public Name Tab: currently set to all requests Paths Tab: set to /tsweb (as per the documentation for TSWEB) Bridging Tab: Web server is selected with redirect http to port 80 Users Tab: is currently all users Schedule Tab: always Link Translation Tab: nothing configured Am looking up things on the mskb, and it looks like an asp error in IIS, but was wondering if anyone might be able to shed some light on what is occurring here? TIA Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07932 653787 E:clayton.doige@xxxxxxxxxxx W:www.cetv-net.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: clayton.doige@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.