Yes, but you have to base the redirection on a different ISA error. Your error is 12202, not 12217. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Thursday, January 19, 2006 11:03 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Right... I get that but I thought the point of the redirect below was to be able to have a user redirected to https://domain.com/exchange if they hit https://domain.com? Is this behavior also different on ISA Server 2004 EE? According to the readme file in the archive, it states to put a "custom" error page that ISA should return to a user that redirects them to the proper URL. That is, I thought the following procedure would have solved the problem. The error being returned is 12202. So... Create a 12202.htm file in the ErrorHtmls directory. Using either Jscript or Meta Headers, redirect the client to the proper URL. Restart the Firewall Service (since there isn't a Web Proxy service). Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, January 19, 2006 1:55 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Until your request matches the data in the rule, you'll continue to get that error. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Thursday, January 19, 2006 10:43 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Ooohkey, then. *8^) Back to the redirect you provided... The error being received was a 12202 error. Since there wasn't a 12202.htm file in the ErrorHtmls directory, I created a new file called such, put the redirect in, updated the URL to point to where I wanted it to go and then restarted the firewall service. I'm still getting that 12202 error and the web proxy filter is throwing it. *8^( Ideas? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, January 19, 2006 1:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org ISA 2004 doesn't have a web proxy service; it's an application filter in the firewall service. Thus, if you feel the need to cycle the web proxy, you have to cycle the firewall service. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Thursday, January 19, 2006 10:21 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Thanks, Jim. Silly question, though. How do you restart the Web Proxy service when it doesn't display in the Services tab of the Monitoring node? I don't even see W3Proxy.exe running as a process, although I do see a W3Prefch.exe process (that related?). Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, January 19, 2006 12:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org That's my point - you shouldn't allow "/*". If you create rules using specific path limitations, don't test them using other (empty, IOW) paths unless you're trying to validate ISA blocking action (you did). If you're trying to support folks that forget to use /exchange in the URL, take a look at http://isatools.org/isa_redirects.zip ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Thursday, January 19, 2006 09:30 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org By default, when creating the rule using the wizard, the paths are set to just the following. I have not changed these. /exchange/* /exchweb/* /public/* Should I add "/"? In the past, when I've attempted to add "/*" ISA complains saying that that is the same as the others already specified. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Thursday, January 19, 2006 12:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Does you rule include the "/" path? My $.02 says "no". My $M5 says it shouldn't, either. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Thursday, January 19, 2006 09:06 To: [ISAserver.org Discussion List] Subject: [isalist] OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org All, I'm having a problem with getting OWA working through ISA as expected. If I point the URL for OWA to https://domain.com/exchange <https://domain.com/exchange> , a connection is made and the OWA page displays. However, if I go to https://domain.com <https://domain.com> , I consistently get denied connections due to the [Enterprise] Default rule kicking in stating that the ISA server denied that URL. The URL field in the logged event shows up as http://domain.com <http://domain.com> instead of http://domain.com:443 <http://domain.com:443> . The same field when going to https://domain.com/exchange <https://domain.com/exchange> shows up in the logs as http://domain.com:443/exchange <http://domain.com:443/exchange> . Anyone know what's causing this behavior? Since this is being logged by the Web Proxy Filter, I'm guessing something related to that configuration but I'll be damned if I can figure it out. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.