[isalist] Re: ISA Intra Array Authentification
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 13 Feb 2007 12:00:30 -0800
O
My
Freakin'
FSM
Congratulations - you've officially moved Tony Su up a rung on the ISA
ladder.
Critique of your process:
"B> I login with Local Computer Account wich happened to have same
username and password like a domain account." - this is bright - it
makes account-based attacks that much easier. Anyone want to take a
shot?
"B> this command was not working but I navigate in dos mode to the right
folder." - "this command" included two separate commands; care to
elaborate on which one failed?
"Following the instructions was simple since I have nothing to do only
pres Space to begin capturing and End Capturing but between this two
points I done nothing, since no one tell me what do to between this two
points." - Based on your responses so far, your lips must also be
turning dark blue. You must generate traffic that produces the error
response. ISABPapack told you this *if* you paid the slightest
attention to the screen messages.
"http://web.bizarnet.ro/PrivStmt.doc"; - That file is the ISABPAPack
privacy statement.
We'll try it one more time and I'll be as specific as possible:
1. Log on to your problematic ISA Server using an account which
has local administrator privileges
2. Breathe in; breathe out
3. Start | Run | cmd
4. Breathe in; breathe out
5. Navigate to the ISABPA installation folder
6. Breathe in; breathe out
7. Type 'isabpapack +repro' (no quotes)
8. Breathe in; breathe out
9. When ISABPAPack prompts you, hit <space>
10. Breathe in; breathe out
11. Move to the test client machine
12. Breathe in; breathe out
13. Perform the action at a client machine which produces the "Error
Code: 502 Proxy Error. Logon failure: unknown user name or bad password.
(1326) " error.
14. Breathe in; breathe out
15. Return to the ISA Server
16. Breathe in; breathe out
17. In the cmd window where ISABPA is patiently waiting for your
return, hit <space>
18. Breathe in; breathe out
19. Observe the messaging in the command window
20. Breathe in; breathe out (repeat while ISABPAPack finishes its
tasks)
21. Observe the .cab file that appears on the desktop when the process
completes (ISABPAPack also tells you this)
22. Breathe in; breathe out
23. Copy that .cab file to your web site
24. Breathe in; breathe out
25. Respond with a link to the resulting data
26. Breathe in; breathe out
Any further respiration is your own responsibility.
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Bogdan Florin
Sent: Tuesday, February 13, 2007 11:07 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA Intra Array Authentification
We'll break it down into steps:
27. Log on to your problematic ISA Server using an account which has
local administrator privileges
B> I login with Local Computer Account wich happened to have same
username and password like a domain account.
28. Start | Run | cmd
29. Type 'Cd "%ProgramFiles%\microsoft isabpa"' (use the double-quotes
since the path has spaces)
B> this command was not working but I navigate in dos mode to the right
folder.
30. Type 'isabpapack +repro' (no quotes)
B> yes.
31. Follow the instructions
Following the instructions was simple since I have nothing to do only
pres Space to begin capturing and End Capturing but between this two
points I done nothing, since no one tell me what do to between this two
points.
32. Respond with a link to the resulting data
http://web.bizarnet.ro/PrivStmt.doc
Note: Do NOT clear out your event logs prior to running this utility;
there is important data that can help solve this issue.
Event log was not cleared on this server since few days.
Please provide further guidance.
All mail to and from this domain is GFI-scanned.
Other related posts:
