I guess if that's going to be published I'll give more of an explanation. SSL requests can appear to hang when checking for certificate revocations if the corresponding CA is overly busy or otherwise unreachable. The timeout on this seems to either not exist or be quite long. Typical symptoms that I see are "broken images" while IE is still cranking and reaalllyy long page loads. The Do not save encrypted pages to disk "feature" messes mainly with file downloads. This is saying "don't cache ssl requests". This is problematic with files that require third party apps to view as the file does not get passed to the other application correctly. IE apparently sends the external app the name of a temp file and if you aren't saving these files to disk there's nothing for the app to open, throwing an error back to IE. Typical error is "Internet Explorer cannot download <insertURLhere>. Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later." Yet more features that are good ideas on paper but didn't translate well into bits. Bozo cookie. Sound's good. Does the button say "Best Damn Firewall Guy Period"? :) -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Thursday, October 16, 2003 9:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTPS websites locks up..... http://www.ISAserver.org Hi Shawn, You just supplied the "tips of the month" for the next ISAServer.org newsletter! Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Quillman Shawn (RBNA/CIT1.1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: Thursday, October 16, 2003 8:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTPS websites locks up..... http://www.ISAserver.org Also check these IE settings in Tools | Internet Options | Advanced Tab, Security section at the bottom: - Check for publisher's certificate revocation - Check for server certificate revocation - Do not save encrypted pages to disk I have seen all 3 of these appear to hang an SSL request when checked. The third option above is especially for downloads of files not natively handled by IE. -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CIT1.1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-2855 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Wednesday, October 15, 2003 4:56 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTPS websites locks up..... AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ From internet browser; Go to tools, > Options > Connections (TAB) > Lan Settings At this point make sure that bypass proxy for local servers is selected. Select Advanced and under exceptions enter the IP Address of your internal sites If you know the FQN then enter those such as MYSITE, MYDOMAIN; etc. -----Original Message----- From: Zygmin Patel [mailto:zpatel@xxxxxxxxxxxxx] Sent: Wednesday, October 15, 2003 1:12 PM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: HTTPS websites locks up..... What does that mean and how can I do? -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Wed 10/15/2003 3:05 PM To: [ISAserver.org Discussion List] Cc: Subject: [isalist] RE: HTTPS websites locks up..... AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ Like I said it could be many issues. Try setting the internal proxy to not use proxy for internal settings. Joseph -----Original Message----- From: Zygmin Patel [mailto:zpatel@xxxxxxxxxxxxx] Sent: Wednesday, October 15, 2003 12:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTPS websites locks up..... AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ If I use same computer outside the ISA network it works fine. Zygmin Bantam Interactive Technologies, Inc. "Audio with Vision" T: (314) 802-0132 F: (314) 802-0133 www.bantamusa.com -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: Wednesday, October 15, 2003 1:50 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: HTTPS websites locks up..... AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ This could be a number of reasons 1. Check to make sure activex controls are allowed to run. 2. Check to make sure scripting is turned on. 3. Check to make sure All parts of the web page are coming from an https:// images, pages etc. Sometimes mixed content will not be available Etc, etc, Joseph -----Original Message----- From: Zygmin Patel [mailto:zpatel@xxxxxxxxxxxxx] Sent: Wednesday, October 15, 2003 11:18 AM To: [ISAserver.org Discussion List] Subject: [isalist] HTTPS websites locks up..... AD: Get Thawte's New Step-by-Step SSL Guide for MSIIS: http://www.isaserver.org/thawte/ Hello, We got employees, who wants to do online transactions/banking (for customers), and they are using .com">https://www2.<XXXXXXx>.com <https://www2.> Here is the problem, all clients are Web Clients now, they can log in, but when they want to use menus/tabs from the website, they never get through that menus. What I'm missing here? Zygmin Bantam Interactive Technologies, Inc. "Audio with Vision" T: (314) 802-0132 F: (314) 802-0133 www.bantamusa.com <file:///C:/Documents%20and%20Settings/zpatel/Application%20Data/Microso ft/Signatures/www.bantamusa.com> Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: zpatel@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: zpatel@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') Get Thawte's New Step-by-Step SSL Guide for MSIIS Find out how to test, purchase, and install a Thawte Digital Certificate on your MSIIS web server: http://www.isaserver.org/thawte/ ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')