Hi Jerry, Is the redirect the problem? If so, why not create Web Publishing Rule allowing access to the redirect page? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 2:06 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Tom/Jim, > > Neither of you will probably like this, but this is what I did to deal > with the redirect. > > In ISA on the OWA rule, I allowed "/" in the path. On the OWA server > itself, I put in a default.asp page with a redirect to the /exchange > path. I then updated the Documents tab on the OWA site so that > default.asp was the only file in the list. > > For testing purposes, I stuck testhello.html (hello, world!) > in the same > root directory. > > ISA allows the root to pass back, at which point the default.asp > redirect kicks in and redirects as designed. If I attempt to hit > https://domain.com/testhello.html directly, ISA blocks it > with the same > 12202 error. > > Thoughts? > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > HHS Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > -----Original Message----- > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > Sent: Thursday, January 19, 2006 2:26 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Tom, > > Thanks... I had just reviewed those. *8^) > > The / to /exchange\ worked but didn't. I get a user > challenge (probably > configuration on the OWA server itself). > > I got the protocol redirect taken care of. Now it's just the path. I > lost where Jim was going with his last response. > > I have to base the redirection on a different ISA error. > Mine is 12202, > not 12217. > > If the error is 12202, doesn't that mean I create a file in the > ErrorHtmls directory named 12202.htm and populate that file with the > redirect? I'm not sure where the 12217 number came from. *8^( My > apologies for my denseness here. *8^( > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > HHS Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete > the e-mail > and its attachments from all computers. > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, January 19, 2006 2:12 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > http://www.ISAserver.org > > Hi Jerry, > > http://www.isaserver.org/tutorials/Redirecting-OWA-Users-Part1.html > > And > > http://www.isaserver.org/tutorials/Redirecting-OWA-Users-Part2.html > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > > Sent: Thursday, January 19, 2006 1:03 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > Right... I get that but I thought the point of the redirect > > below was to > > be able to have a user redirected to > > https://domain.com/exchange if they > > hit https://domain.com? > > > > Is this behavior also different on ISA Server 2004 EE? > > According to the > > readme file in the archive, it states to put a "custom" error > > page that > > ISA should return to a user that redirects them to the proper URL. > > > > That is, I thought the following procedure would have solved the > > problem. > > > > The error being returned is 12202. So... > > > > Create a 12202.htm file in the ErrorHtmls directory. > > Using either Jscript or Meta Headers, redirect the client to > > the proper > > URL. > > Restart the Firewall Service (since there isn't a Web Proxy > service). > > > > Cordially yours, > > Jerry G. Young II > > MCSE (4.0/W2K) > > Atlanta EES Implementation Team Lead > > HHS Engineering > > Unisys > > > > 11493 Sunset Hills Rd. > > Reston, VA 20190 > > Office: 703-579-2727 > > Cell: 703-625-1468 > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete > > the e-mail > > and its attachments from all computers. > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, January 19, 2006 1:55 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > Until your request matches the data in the rule, you'll > > continue to get > > that error. > > > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > > Sent: Thursday, January 19, 2006 10:43 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > Ooohkey, then. *8^) > > > > Back to the redirect you provided... > > > > The error being received was a 12202 error. Since there wasn't a > > 12202.htm file in the ErrorHtmls directory, I created a new > > file called > > such, put the redirect in, updated the URL to point to where > > I wanted it > > to go and then restarted the firewall service. > > > > I'm still getting that 12202 error and the web proxy filter > > is throwing > > it. *8^( > > > > Ideas? > > > > Cordially yours, > > Jerry G. Young II > > MCSE (4.0/W2K) > > Atlanta EES Implementation Team Lead > > HHS Engineering > > Unisys > > > > 11493 Sunset Hills Rd. > > Reston, VA 20190 > > Office: 703-579-2727 > > Cell: 703-625-1468 > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete > > the e-mail > > and its attachments from all computers. > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, January 19, 2006 1:27 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > ISA 2004 doesn't have a web proxy service; it's an > > application filter in > > the firewall service. > > Thus, if you feel the need to cycle the web proxy, you have > > to cycle the > > firewall service. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > > Sent: Thursday, January 19, 2006 10:21 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > Thanks, Jim. > > > > Silly question, though. How do you restart the Web Proxy > service when > > it doesn't display in the Services tab of the Monitoring > > node? I don't > > even see W3Proxy.exe running as a process, although I do see a > > W3Prefch.exe process (that related?). > > > > Cordially yours, > > Jerry G. Young II > > MCSE (4.0/W2K) > > Atlanta EES Implementation Team Lead > > HHS Engineering > > Unisys > > > > 11493 Sunset Hills Rd. > > Reston, VA 20190 > > Office: 703-579-2727 > > Cell: 703-625-1468 > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete > > the e-mail > > and its attachments from all computers. > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, January 19, 2006 12:44 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > That's my point - you shouldn't allow "/*". > > If you create rules using specific path limitations, don't test them > > using other (empty, IOW) paths unless you're trying to validate ISA > > blocking action (you did). > > > > If you're trying to support folks that forget to use > /exchange in the > > URL, take a look at http://isatools.org/isa_redirects.zip > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > > Sent: Thursday, January 19, 2006 09:30 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > By default, when creating the rule using the wizard, the > paths are set > > to just the following. I have not changed these. > > > > /exchange/* > > /exchweb/* > > /public/* > > > > Should I add "/"? In the past, when I've attempted to add "/*" ISA > > complains saying that that is the same as the others already > > specified. > > > > Cordially yours, > > Jerry G. Young II > > MCSE (4.0/W2K) > > Atlanta EES Implementation Team Lead > > HHS Engineering > > Unisys > > > > 11493 Sunset Hills Rd. > > Reston, VA 20190 > > Office: 703-579-2727 > > Cell: 703-625-1468 > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete > > the e-mail > > and its attachments from all computers. > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Thursday, January 19, 2006 12:23 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > Does you rule include the "/" path? > > My $.02 says "no". > > My $M5 says it shouldn't, either. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: Young, Gerald G [mailto:Gerald.Young@xxxxxxxxxx] > > Sent: Thursday, January 19, 2006 09:06 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] OWA HTTPS [Enterprise] Default rule Denial > > > > http://www.ISAserver.org > > > > > > All, > > > > I'm having a problem with getting OWA working through ISA > as expected. > > > > If I point the URL for OWA to https://domain.com/exchange > > <https://domain.com/exchange> , a connection is made and > the OWA page > > displays. However, if I go to https://domain.com > > <https://domain.com> , > > I consistently get denied connections due to the > [Enterprise] Default > > rule kicking in stating that the ISA server denied that > URL. The URL > > field in the logged event shows up as http://domain.com > > <http://domain.com> instead of http://domain.com:443 > > <http://domain.com:443> . The same field when going to > > https://domain.com/exchange <https://domain.com/exchange> > shows up in > > the logs as http://domain.com:443/exchange > > <http://domain.com:443/exchange> . > > > > Anyone know what's causing this behavior? > > > > Since this is being logged by the Web Proxy Filter, I'm guessing > > something related to that configuration but I'll be damned if I can > > figure it out. > > > > Cordially yours, > > > > Jerry G. Young II > > > > MCSE (4.0/W2K) > > > > Atlanta EES Implementation Team Lead > > > > HHS Engineering > > > > Unisys > > > > > > > > 11493 Sunset Hills Rd. > > > > Reston, VA 20190 > > > > Office: 703-579-2727 > > > > Cell: 703-625-1468 > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete > > the e-mail > > and its attachments from all computers. > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > gerald.young@xxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > gerald.young@xxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > gerald.young@xxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > gerald.young@xxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gerald.young@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > gerald.young@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >