Hi Adam, Another reason why you might have the failure is that autentication is done in an SSL session. If you have now allows all content for the domain, then the SSL connection will fail because the firewall can't determine what content is moving through the SSL tunnel. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Adam Hearne [mailto:adam.hearne@xxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 05, 2003 7:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA server newbie question http://www.ISAserver.org Thanks for the hasty reply Tom, if I'm not mistaken, I'm think I am studying one of your books at the moment. It is a pleasure to hear from someone who has contributed so much to the industry. Guys, I hope the following paragraph sums up the problem easily, let me know if the description is clear or not... The problem I was trying to communicate before was the fact that my web browser gives a 407 (proxy Auth error) when I try to visit a page like hotmail.com (just to clarify, I'm not trying to access the hotmail server through outlook express, but merely trying to browse to the page 'hotmail.com' and others like it). I have defined the appropriate destination set, but yet the user still gets the 407 error. Another site that this happens with is 'oztips.com' - for some reason, just allowing that domain in my destination sets still does not let them access that site through the ISA server. For simpler sites (like 'whitepages.com.au'), I only have to add the URL into the destination set AND THEN IT WORKS PERFECTLY. There in lies my problem. Does the different architecture of a site mean you have to be more specific with ISA configurations? Many thanks to you for reading this far. I hope your thoughts can shed some light on my situation. Appreciatively, Adam -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, 6 August 2003 09:34 To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA server newbie question http://www.ISAserver.org Hi Adam, If you're talking about logging into Hotmail, the issue is that the wrong credentials are sent to the Hotmail server. http://support.microsoft.com/default.aspx?scid=http://support.microsoft. com:80/support/kb/articles/q287/9/21.ASP&NoWebContent=1 HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Adam Hearne [mailto:adam.hearne@xxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 05, 2003 6:18 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA server newbie question http://www.ISAserver.org Jim, You are right! It is in cache made, I only have those four protocol defs. So would this explain why I can't give people access to some sites that I list in the allowed "destination set"? To elaborate on what I mean... We can give people access to any site by adding it in their list of allowed destinations, but every now and then, I find a site that I can't make accessible for the user e.g. ninemsn.com.au , for some reason appending it to the 'allowed destination' sets still doesn't let the user access that site. I carried out some packet sniffing on the connections to these sites and noticed one thing in common: NTLM, an example... a packet issuing the http GET command also has NTLMSSP_NEGOTIATE information encapsulated, it is these HTTP requests that get blocked by my ISA even if I have that domain allowed. Would this be a protocol issue? Cheers guys, Adam Brisbane, Australia -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, 5 August 2003 12:42 To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA server newbie question http://www.ISAserver.org How many protocol defs are in the list? If you only have four (HTTP, HTTPS, FTP, Gopher), then your ISA is running in Cache mode. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Adam" <adam.hearne@xxxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, August 04, 2003 18:46 Subject: [isalist] ISA server newbie question http://www.ISAserver.org Hi guys, Firstly I would like to say that I am happy to have stumbled upon such a leading edge message board. This is my first job in IT administration and in using ISA Server. My question is one which hopefully I can look back on with you guys and laugh about once it is solved. It goes a little something like this... I am unable to create a new protocol definition. We had some contractors in the other day and the ISA Server has a few suttle differences. E.g. When I go to the action menu for the 'protocol definitions' item, the drop down list does not give me the option "New > " . I can only select View or Refresh. In an attempt to provide more detail on this problem... if I try to edit an existing protocol definition, all the fields a greyed-out and un-editable. I can edit all other items within the policy elements section i.e., I can create a new Schedule, Set, Group or Dial-up entry, but cannot create new Protocol Definitions. Has anyone had this problem before? Is this just a matter of a simple checkbox somewhere in ISA thats gives the option -> "Annoy the new Network Admin after handover" Thanks in advance for any time spent on your replies. Adam ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adam.hearne@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: adam.hearne@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')