RE: Interesting fix in WS03 SP1
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 14 May 2005 11:25:07 -0700
Hi Tom,
Dunno - it never occurred to me to see if WMP was trying to "mix its
proxy tenses" when accessing content. This is just stupid - "may use
WinInet or WinHTTP, depending on the phase of the moon at certain
latitudes on alternate Thursdays..."
It does, however remind me of a problem for all applications that depend
on the WinHTTP interpretation of the wpad.dat or
array.dll?Get.Routing.Script mechanism when you're operating behind an
ISA array.
If you're operating in a standalone ISA environment, breathe a sigh of
relief and move on to the next thread.
For everyone else, there are three things at work here:
- AutoConfig script (pac file)- there are two functions that are used in
determining the "proxy of the moment" when making a request:
MakeNodes(), which creates a collection of array members and
their basic relationship to the request (details upon request) to be
used by
FindProxyForURL(), which combines the requested URL and another
value (called a "hash") to determine which proxy is the best one to make
the request to.
- WinHTTP
WinHttpGetProxyForUrl(), which should return the proxy based on
the wpad FindProxyForURL() function, but instead returns the first
server from the MakeNodes() list. The reason is spelled out here:
http://tinyurl.com/8bfpd and here: http://tinyurl.com/bvuze.
What this all boils down to is that any application using WinHTTP
auto-discovery or the the WinHttpGetProxyForUrl function will only see
the first server in the list provided by the MakeNodes() function in the
wpad script.
One such application is Outlook 2003 (Windows RPC, really, but that's
deeper than we want to go right now). In a word, if you find Outlook
(or any other WinHTTP-based application) unable to make outbound HTTP
proxy requests, make sure the first server listed in the MakeNodes()
function (not necessarily the first -listed server in the array) is
responding. You can't depend on the wpad script being accurate (as your
array members come and go) because both IE and WinHTTP cache this
content for no less than 1 hour (per the delivery headers).
The only way to tell that this is occurring is a combination of NetMon
(or Ethereal) sniffs and the WinHTTP tracing tool
(http://tinyurl.com/7lmh5), available in the Windows 2003 Resource Kit
(http://tinyurl.com/b4zsb).
Ain't life grand...?
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Saturday, May 14, 2005 10:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Interesting fix in WS03 SP1
http://www.ISAserver.org
Hey Jim,
Interesting! I wonder if the issue is there for WMP 10?
Thanks!
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Saturday, May 14, 2005 12:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Interesting fix in WS03 SP1
http://www.ISAserver.org
http://support.microsoft.com/?id=839340
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
