RE: ISA 2004 blocking XP local loopback
- From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 16 Jan 2006 09:23:34 -0800
Correction. We had a switch upgrade this weekend, ISA lost it's binding
to internal NIC. That problem has been corrected and here's some better
results.
01/16/2006 09:18 AM 10,434 array[1].Script
1 File(s) 10,434 bytes
Total Files Listed:
1 File(s) 10,434 bytes
0 Dir(s) 8,199,860,224 bytes free
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, January 16, 2006 9:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org
This says that IE is failing to obtain the configuration script.
It gets dumped into the cache with a 1-hour TTL.
If you would, send me a capture of a "clean" IE start?
1. Open Netmon (Ethereal) & start capturing.
2. Start | Run | cmd
3. type 'ipconfig/flushdns & nbtstat -R & del ..\array*.script /s &
start http://isatools.org'
4. stop the capture
Send it off...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Monday, January 16, 2006 08:49
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org
Ok, here's the results.
The del command got rid of a ton of scripts from the temporary internet
files.
After launching IE and running the dir command I get file not found.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, January 14, 2006 12:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org
I might have considered that if the error was not IE-generated as
opposed to some AX control or user-side script error.
Here's the upshot...
IE attempts to make a proxy connection for any IP address (yes,
including 127/8) when it's configured as either:
1. "auto-detect" or "config url" and either
- no script is received
- the script forces this behavior
2. "use a proxy server" and "bypass" is unchecked
Eric also stated that IE was configured to obtain the script from
http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script.
This is why I was interested in the contents of the script.
I did lie, though - the file to be searched for and deleted was not
"array.dll", but "array*.script".
Eric, could you retry with that filename?
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------
-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
Sent: Saturday, January 14, 2006 11:17 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: ISA 2004 blocking XP local loopback
Eric stated he was connecting to a database via IE. While IE is the
client, there still needs to be some kind of interface with the
database, most likely a user or system DSN. And while the command may
not have worked it's 1) easy to execute and 2) easy to revert from if it
doesn't work.
Nothing wrong with testing. :) Afterall, even if it doesn't work, you
now know WinHTTP isn't a problem, which allows you to remove it with
certainty from the realm of possible causes.
Cordially yours,
Jerry G. Young II
MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
________________________________
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Sat 1/14/2006 12:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
IE still uses WinInet and proxycfg only affects WinHTTP.
That commands while useful for WinHTTP-based clients (BITS, OL2K3, etc.)
and is completely useless for IE-based connections.
--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/> Read the help / books /
articles!
--------------------------------------------
-----Original Message-----
From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx]
Sent: Friday, January 13, 2006 1:06 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
Eric,
Here's one other thing to try. At the command prompt, execute the
following command:
proxycfg -p <web proxy ip:port>
If that doesn't work, use the following command to reset it:
proxycfg -d
Cordially yours,
Jerry G. Young II
MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
HHS Engineering
Unisys
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 3:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
Hmmm, here's what I get, keep in mind that everything else works like it
should.
When I type the del command I get "Could Not Find C:\*array.dll*"
After I reload the script and type the dir command I get "File Not
Found"
Same thing if I change it to "Automatically detect proxy server" and
type dir, I get "File Not Found".
Like I said, everything else is working as it should. It has to be
getting the correct script changes. I can see the traffic change from
one ISA to the next as I change script settings.
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 13, 2006 12:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
Nope - that won't work in this case.
Eric, do you know for certain that the browser is getting the wpad
script?
You can tell by:
1. close all IE sessions
2. open a cmd window
3. type 'del \*array.dll* /s'
4. open IE and retry the connection
In the cmd window type 'dir \*array.dll* /s'
..do you see any new scripts?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 12:20
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
http://support.microsoft.com/kb/262981/?sd=RMVP
Thank You
Mark J Morgan
Palm Drive Hospital
501 Petaluma Ave. Sebastopol, Ca. 95472
Email: mmorgan@xxxxxxxxxxxxxxxxxxxxx
Voice: (707) 829-4242
Fax: (707) 829-4112
Mobile (707) 849-5576
IMPORTANT Notice: The information contained in this e-mail, including
any attachments or other embedded messages, is legally privileged and
confidential and is intended only for the use of the individual or
entity to whom it is addressed. If the reader of this message is not the
intended recipient or an agent responsible for delivering it to the
intended recipient, you are hereby notified that any viewing,
dissemination, distribution, retransmitting, or copying of this e-mail
message is strictly prohibited. If you have received and/or are viewing
this e-mail in error, please notify the sender immediately by reply
e-mail, and delete this and all copies of this communication from your
systems. Thank you.
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 12:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
Oops, sorry.
"Use automatic configuration script" is checked and the default address
that ISA creates is in for the address.
Example - ISA 2004 -
http://fchap082.cmcinet.org:8080/array.dll?Get.Routing.Script
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 13, 2006 11:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
..and the proxy settings?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 11:32
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
It's a local database that is accessed via http://127.0.0.1:8080
<http://127.0.0.1:8080/> in IE.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Friday, January 13, 2006 11:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
What is the application; IE, Firefox, etc.?
What are the proxy settings on that app?
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org <http://isatools.org/>
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Friday, January 13, 2006 10:15
To: [ISAserver.org Discussion List]
Subject: [islist] ISA 2004 blocking XP local loopback
http://www.ISAserver.org <http://www.ISAserver.org/>
Ok, I've been looking for the answer to this for about 45min. Why would
ISA 2004 block a workstation from getting to 127.0.0.1? Same
workstation going through ISA 2000 is able to access it's local
loopback. Someone enlighten me please!
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Medical Centers <http://communitymedical.org/> 1140 "T"
Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com <http://www.techgenix.com/>
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gerald.young@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
epoole@xxxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
-------------------------------------------------------
WARNING/CONFIDENTIAL:
-------------------------------------------------------
This email, including attachments, may contain information that is
privileged, confidential, and/or exempt from disclosure under applicable
law (including, but not limited to, protected health information). It
is not intended for transmission to, or receipt by, any unauthorized
persons. If the reader of this message is not the intended recipient
you are hereby notified that any dissemination, distribution or copying
of this communication is strictly prohibited. If you believe this email
was sent to you in error, do not read it. Reply to the sender
informing them of the error and then destroy all copies and attachments
of the message from your system. Thank you.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
epoole@xxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
-------------------------------------------------------
WARNING/CONFIDENTIAL:
-------------------------------------------------------
This email, including attachments, may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law (including,
but not limited to, protected health information). It is not intended for
transmission to, or receipt by, any unauthorized persons. If the reader of
this message is not the intended recipient you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you believe this email was sent to you in error, do not read
it. Reply to the sender informing them of the error and then destroy all
copies and attachments of the message from your system. Thank you.
Other related posts:
