Tom/Jim, Neither of you will probably like this, but this is what I did to deal with the redirect. In ISA on the OWA rule, I allowed "/" in the path. On the OWA server itself, I put in a default.asp page with a redirect to the /exchange path. I then updated the Documents tab on the OWA site so that default.asp was the only file in the list. For testing purposes, I stuck testhello.html (hello, world!) in the same root directory. ISA allows the root to pass back, at which point the default.asp redirect kicks in and redirects as designed. If I attempt to hit https://domain.com/testhello.html directly, ISA blocks it with the same 12202 error. Thoughts? Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] Sent: Thursday, January 19, 2006 2:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Tom, Thanks... I had just reviewed those. *8^) The / to /exchange\ worked but didn't. I get a user challenge (probably configuration on the OWA server itself). I got the protocol redirect taken care of. Now it's just the path. I lost where Jim was going with his last response. I have to base the redirection on a different ISA error. Mine is 12202, not 12217. If the error is 12202, doesn't that mean I create a file in the ErrorHtmls directory named 12202.htm and populate that file with the redirect? I'm not sure where the 12217 number came from. *8^( My apologies for my denseness here. *8^( Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, January 19, 2006 2:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial http://www.ISAserver.org Hi Jerry, http://www.isaserver.org/tutorials/Redirecting-OWA-Users-Part1.html And http://www.isaserver.org/tutorials/Redirecting-OWA-Users-Part2.html HTH, Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 1:03 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Right... I get that but I thought the point of the redirect > below was to > be able to have a user redirected to > https://domain.com/exchange if they > hit https://domain.com? > > Is this behavior also different on ISA Server 2004 EE? > According to the > readme file in the archive, it states to put a "custom" error > page that > ISA should return to a user that redirects them to the proper URL. > > That is, I thought the following procedure would have solved the > problem. > > The error being returned is 12202. So... > > Create a 12202.htm file in the ErrorHtmls directory. > Using either Jscript or Meta Headers, redirect the client to > the proper > URL. > Restart the Firewall Service (since there isn't a Web Proxy service). > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > HHS Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, January 19, 2006 1:55 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Until your request matches the data in the rule, you'll > continue to get > that error. > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 10:43 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Ooohkey, then. *8^) > > Back to the redirect you provided... > > The error being received was a 12202 error. Since there wasn't a > 12202.htm file in the ErrorHtmls directory, I created a new > file called > such, put the redirect in, updated the URL to point to where > I wanted it > to go and then restarted the firewall service. > > I'm still getting that 12202 error and the web proxy filter > is throwing > it. *8^( > > Ideas? > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > HHS Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, January 19, 2006 1:27 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > ISA 2004 doesn't have a web proxy service; it's an > application filter in > the firewall service. > Thus, if you feel the need to cycle the web proxy, you have > to cycle the > firewall service. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 10:21 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Thanks, Jim. > > Silly question, though. How do you restart the Web Proxy service when > it doesn't display in the Services tab of the Monitoring > node? I don't > even see W3Proxy.exe running as a process, although I do see a > W3Prefch.exe process (that related?). > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > HHS Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, January 19, 2006 12:44 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > That's my point - you shouldn't allow "/*". > If you create rules using specific path limitations, don't test them > using other (empty, IOW) paths unless you're trying to validate ISA > blocking action (you did). > > If you're trying to support folks that forget to use /exchange in the > URL, take a look at http://isatools.org/isa_redirects.zip > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 09:30 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > By default, when creating the rule using the wizard, the paths are set > to just the following. I have not changed these. > > /exchange/* > /exchweb/* > /public/* > > Should I add "/"? In the past, when I've attempted to add "/*" ISA > complains saying that that is the same as the others already > specified. > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > HHS Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, January 19, 2006 12:23 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Does you rule include the "/" path? > My $.02 says "no". > My $M5 says it shouldn't, either. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 09:06 > To: [ISAserver.org Discussion List] > Subject: [isalist] OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > > All, > > I'm having a problem with getting OWA working through ISA as expected. > > If I point the URL for OWA to https://domain.com/exchange > <https://domain.com/exchange> , a connection is made and the OWA page > displays. However, if I go to https://domain.com > <https://domain.com> , > I consistently get denied connections due to the [Enterprise] Default > rule kicking in stating that the ISA server denied that URL. The URL > field in the logged event shows up as http://domain.com > <http://domain.com> instead of http://domain.com:443 > <http://domain.com:443> . The same field when going to > https://domain.com/exchange <https://domain.com/exchange> shows up in > the logs as http://domain.com:443/exchange > <http://domain.com:443/exchange> . > > Anyone know what's causing this behavior? > > Since this is being logged by the Web Proxy Filter, I'm guessing > something related to that configuration but I'll be damned if I can > figure it out. > > Cordially yours, > > Jerry G. Young II > > MCSE (4.0/W2K) > > Atlanta EES Implementation Team Lead > > HHS Engineering > > Unisys > > > > 11493 Sunset Hills Rd. > > Reston, VA 20190 > > Office: 703-579-2727 > > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gerald.young@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gerald.young@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gerald.young@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gerald.young@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx