Re: ISA server newbie question
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 5 Aug 2003 20:52:11 -0500
Hi Adam,
Another reason why you might have the failure is that autentication is
done in an SSL session. If you have now allows all content for the
domain, then the SSL connection will fail because the firewall can't
determine what content is moving through the SSL tunnel.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Adam Hearne [mailto:adam.hearne@xxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 05, 2003 7:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA server newbie question
http://www.ISAserver.org
Thanks for the hasty reply Tom, if I'm not mistaken, I'm think I am
studying one of your books at the moment. It is a pleasure to hear from
someone who has contributed so much to the industry.
Guys, I hope the following paragraph sums up the problem easily, let me
know if the description is clear or not...
The problem I was trying to communicate before was the fact that my web
browser gives a 407 (proxy Auth error) when I try to visit a page like
hotmail.com (just to clarify, I'm not trying to access the hotmail
server through outlook express, but merely trying to browse to the page
'hotmail.com' and others like it). I have defined the appropriate
destination set, but yet the user still gets the 407 error. Another
site that this happens with is 'oztips.com' - for some reason, just
allowing that domain in my destination sets still does not let them
access that site through the ISA server. For simpler sites (like
'whitepages.com.au'), I only have to add the URL into the destination
set AND THEN IT WORKS PERFECTLY. There in lies my problem. Does the
different architecture of a site mean you have to be more specific with
ISA configurations?
Many thanks to you for reading this far. I hope your thoughts can shed
some light on my situation.
Appreciatively,
Adam
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, 6 August 2003 09:34
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA server newbie question
http://www.ISAserver.org
Hi Adam,
If you're talking about logging into Hotmail, the issue is that the
wrong credentials are sent to the Hotmail server.
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.
com:80/support/kb/articles/q287/9/21.ASP&NoWebContent=1
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Adam Hearne [mailto:adam.hearne@xxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 05, 2003 6:18 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA server newbie question
http://www.ISAserver.org
Jim,
You are right! It is in cache made, I only have those four protocol
defs.
So would this explain why I can't give people access to some sites that
I list in the allowed "destination set"? To elaborate on what I mean...
We can give people access to any site by adding it in their list of
allowed destinations, but every now and then, I find a site that I can't
make accessible for the user e.g. ninemsn.com.au , for some reason
appending it to the 'allowed destination' sets still doesn't let the
user access that site. I carried out some packet sniffing on the
connections to these sites and noticed one thing in common: NTLM, an
example... a packet issuing the http GET command also has
NTLMSSP_NEGOTIATE information encapsulated, it is these HTTP requests
that get blocked by my ISA even if I have that domain allowed. Would
this be a protocol issue?
Cheers guys,
Adam
Brisbane, Australia
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, 5 August 2003 12:42
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: ISA server newbie question
http://www.ISAserver.org
How many protocol defs are in the list?
If you only have four (HTTP, HTTPS, FTP, Gopher), then your ISA is
running in Cache mode.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Adam" <adam.hearne@xxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, August 04, 2003 18:46
Subject: [isalist] ISA server newbie question
http://www.ISAserver.org
Hi guys,
Firstly I would like to say that I am happy to have stumbled upon such a
leading edge message board.
This is my first job in IT administration and in using ISA Server. My
question is one which hopefully I can look back on with you guys and
laugh about once it is solved. It goes a little something like this...
I am unable to create a new protocol definition. We had some
contractors in the other day and the ISA Server has a few suttle
differences. E.g. When I go to the action menu for the 'protocol
definitions' item, the drop down list does not give me the option "New >
" . I can only select View or Refresh. In an attempt to provide more
detail on this problem... if I try to edit an existing protocol
definition, all the fields a greyed-out and un-editable. I can edit all
other items within the policy elements section i.e., I can create a new
Schedule, Set, Group or Dial-up entry, but cannot create new Protocol
Definitions.
Has anyone had this problem before? Is this just a matter of a simple
checkbox somewhere in ISA thats gives the option -> "Annoy the new
Network Admin after handover"
Thanks in advance for any time spent on your replies.
Adam
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adam.hearne@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
adam.hearne@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
