O My Freakin' FSM Congratulations - you've officially moved Tony Su up a rung on the ISA ladder. Critique of your process: "B> I login with Local Computer Account wich happened to have same username and password like a domain account." - this is bright - it makes account-based attacks that much easier. Anyone want to take a shot? "B> this command was not working but I navigate in dos mode to the right folder." - "this command" included two separate commands; care to elaborate on which one failed? "Following the instructions was simple since I have nothing to do only pres Space to begin capturing and End Capturing but between this two points I done nothing, since no one tell me what do to between this two points." - Based on your responses so far, your lips must also be turning dark blue. You must generate traffic that produces the error response. ISABPapack told you this *if* you paid the slightest attention to the screen messages. "http://web.bizarnet.ro/PrivStmt.doc"; - That file is the ISABPAPack privacy statement. We'll try it one more time and I'll be as specific as possible: 1. Log on to your problematic ISA Server using an account which has local administrator privileges 2. Breathe in; breathe out 3. Start | Run | cmd 4. Breathe in; breathe out 5. Navigate to the ISABPA installation folder 6. Breathe in; breathe out 7. Type 'isabpapack +repro' (no quotes) 8. Breathe in; breathe out 9. When ISABPAPack prompts you, hit <space> 10. Breathe in; breathe out 11. Move to the test client machine 12. Breathe in; breathe out 13. Perform the action at a client machine which produces the "Error Code: 502 Proxy Error. Logon failure: unknown user name or bad password. (1326) " error. 14. Breathe in; breathe out 15. Return to the ISA Server 16. Breathe in; breathe out 17. In the cmd window where ISABPA is patiently waiting for your return, hit <space> 18. Breathe in; breathe out 19. Observe the messaging in the command window 20. Breathe in; breathe out (repeat while ISABPAPack finishes its tasks) 21. Observe the .cab file that appears on the desktop when the process completes (ISABPAPack also tells you this) 22. Breathe in; breathe out 23. Copy that .cab file to your web site 24. Breathe in; breathe out 25. Respond with a link to the resulting data 26. Breathe in; breathe out Any further respiration is your own responsibility. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Bogdan Florin Sent: Tuesday, February 13, 2007 11:07 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA Intra Array Authentification We'll break it down into steps: 27. Log on to your problematic ISA Server using an account which has local administrator privileges B> I login with Local Computer Account wich happened to have same username and password like a domain account. 28. Start | Run | cmd 29. Type 'Cd "%ProgramFiles%\microsoft isabpa"' (use the double-quotes since the path has spaces) B> this command was not working but I navigate in dos mode to the right folder. 30. Type 'isabpapack +repro' (no quotes) B> yes. 31. Follow the instructions Following the instructions was simple since I have nothing to do only pres Space to begin capturing and End Capturing but between this two points I done nothing, since no one tell me what do to between this two points. 32. Respond with a link to the resulting data http://web.bizarnet.ro/PrivStmt.doc Note: Do NOT clear out your event logs prior to running this utility; there is important data that can help solve this issue. Event log was not cleared on this server since few days. Please provide further guidance. All mail to and from this domain is GFI-scanned.