RE: Direct Access Issues w/SurfControl

  • From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 1 Dec 2005 21:15:49 +0100

Hi Jim, 

Will answer you offline...

Stefaan 

-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] 
Sent: donderdag 1 december 2005 21:01
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Direct Access Issues w/SurfControl

http://www.ISAserver.org

Worse yet - that KB isn't listed internally either.
Where did you get that #? 


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
Sent: Thursday, December 01, 2005 11:02
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Direct Access Issues w/SurfControl

http://www.ISAserver.org

Hi Tom, 

unfortunately the KB906055 fix is not yet published. I've tested the
official release of the patch and it solves the problem for Windows XP SP2.
Microsoft assured me that if you call PSS they will give you the fix. 

Also, the WinInet fix Jim was talking about has not yet been released. I've
tested an interim version of the KB907455 fix but it didn't solve the
problem completely yet. However, this fix should be valid for Windows XP SP1
and SP2.   

HTH,
Stefaan

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: donderdag 1 december 2005 16:52
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Direct Access Issues w/SurfControl

http://www.ISAserver.org

Hi Stefaan,

Thank you very much for pointing out that information! I am really remiss
for not remembering this fact that you mentioned in your article :(

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> Sent: Thursday, December 01, 2005 9:08 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Direct Access Issues w/SurfControl
> 
> http://www.ISAserver.org
> 
> Hi Jim,
> 
> That's what described in my article
> http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.htm
> l and related
> topic http://forums.isaserver.org/m_350016600/mpage_1/tm.htm. 
> 
> A fix for Windows XP SP2 is officialy released on November 11, 2005. 
> The related knowledge base article is KB906055 and should be available 
> soon on the web. IE uses an obsolete DHCP API but this API has been 
> fixed (DHCPCSVC) for Windows XP SP2 only.
> 
> HTH,
> Stefaan
> 
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: donderdag 1 december 2005 15:54
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Direct Access Issues w/SurfControl
> 
> http://www.ISAserver.org
> 
> Don't use DHCP wpad - it's crap.
> We've found that WinInet (what IE uses) can take up to 10 seconds to 
> "digest" the DHCP data it gets.
> 
> Use only DNS or WINS (if you must).
> 
> -----Original Message-----
> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> Sent: Thursday, December 01, 2005 6:20 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Direct Access Issues w/SurfControl
> 
> http://www.ISAserver.org
> 
> I had to take those setting off again this morning, so I'm not sure 
> what the heck is going on...
> 
> When opening up IE, it would take 2-3 minutes for the "Detecting Proxy 
> Settings" in the status bar to go away, and then things would run 
> sluggish.
> By un-checking the "Automatically detect settings" and "Use automatic 
> configuration script" in IE things sped up dramatically, so I took 
> them back off the ISA server.
> 
> 
> -----Original Message-----
> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> Sent: Wednesday, November 30, 2005 11:06 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Direct Access Issues w/SurfControl
> 
> http://www.ISAserver.org
> 
> I've been through those articles many-many times trying to work this 
> out, and just went through them again.  My eyes must be getting old, 
> although I read the last paragraph on the last page many times, I 
> still missed it until this last re-reading...
> 
> Your clue in the e-mail helped though, I had the "Automatically detect 
> settings" and "Use automatic configuration script" turned off on the 
> "Firewall Client" tab from when we had the SurfControl proxy bypass 
> problem several months ago.  With the solution you thought up, that 
> might not be an issue anymore.  In any case, I'll leave them enabled 
> and see if people start having troubles.
> 
> I don't see where it updated the setting in IE on the client, but I 
> also don't see it passing through the ISA server anymore, so it must 
> be using a different method.
> 
> Thanks!
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, November 30, 2005 9:59 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Direct Access Issues w/SurfControl
> 
> http://www.ISAserver.org
> 
> Hi Dan,
> 
> Check the articles again. It'll show you how to configure the Direct 
> Access list on the ISA firewall and how to configure the clients to 
> use the autoconfig script so that they can use the Direct Access list.
> 
> Also, make sure the Direct Access clients are configured with a DNS 
> server that allows them to resolve the name of the site to the site's 
> Internal address.
> 
> HTH,
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> > Sent: Wednesday, November 30, 2005 8:54 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Direct Access Issues w/SurfControl
> > 
> > http://www.ISAserver.org
> > 
> > This Direct Access issue is rearing its ugly head again here.  
> > 
> > I'm running ISA2004, with the newest version of SurfControl.  Or at 
> > least I "think" it's the newest version, as I cannot locate
> any newer
> > hotfixes for it...
> > 
> > I've tried and tried to not loop the local webserver
> through the ISA
> > server, but have been unable to figure out a way to do it.  Tom 
> > mentioned a couple of weeks ago that SurfControl basically disables 
> > the Direct Access abilities of the ISA server, so that
> explains that
> > part.
> > 
> > Normally, I wouldn't mind the traffic passing through the
> ISA server,
> > as it has a 1Gbps network connect.  But, the problem I'm
> running into
> > is that whenever we get a really heavy web traffic period,
> accessing
> > our local webserver is pathetically slow, i.e. it'll take over a 
> > minute to display the first page.  It probably has to do with 800+ 
> > people all clicking like mad at the same time...
> > 
> > When I disable the Proxy settings in IE, I can browse our local 
> > webserver at full-speed, but cannot access the Internet.
> If I go into
> > the IE->Tools->Internet Options->LAN Settings->Advanced
> menu and add
> > "*.mapsnet.org" as addresses to bypass proxy, this also works.
> > 
> > However, all the proxy settings are coming from the ISA
> server, so any
> > entries into that area are overwritten whenever the FWC
> refreshes its
> > info.  I cannot push these settings out via GPO either, because the 
> > FWC would override them.
> > 
> > Is there a way to get these settings pushed out from the ISA server?
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> dball@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> stefaan.pouseele@xxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
stefaan.pouseele@xxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



Other related posts: