http://www.ISAserver.org
-------------------------------------------------------
On 8/21/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
Remove that rule, you don't need it.
Done.
Run the ISA firewall BPA to make sure your certificates are in order.
Problems:
1) The certificate used by the server specified in a Web publishing rule cannot be validated
To correct this warning, do one or both of the following Add an access rule that allows HTTPS traffic from the Local Host network to the network where the Web server resides.
Check your network layout and connections.
2) Same error
3) Enabled PMTUDiscovery Reg key to 1
Make sure you're delegating basic authentication
Done. (Under the Users tab of this policy).
Make sure the ISA firewall is a domain member
It was and is.
Thanks, Tom.
...D
http://www.ISAserver.org -------------------------------------------------------
Remove that rule, you don't need it.
Run the ISA firewall BPA to make sure your certificates are in order.
Make sure you're delegating basic authentication
Make sure the ISA firewall is a domain member
HTH, Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
> -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny > Sent: Monday, August 21, 2006 1:45 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Outlook RPC via HTTPS - Unable to connect > after one authentication prompt > > http://www.ISAserver.org > ------------------------------------------------------- > > Systems: Exchange 2003 SP2, Outlook 2003 SP2, ISA 2004 SP2. OWA > already setup and works. > > Testing Outlook RPC over HTTPS. MAPI profile created with Proxy > details, open Outlook prompted for domain\username and password, > Outlook times out with an error that it cannot connect to the Exchange > server. > > Internally https://FQDN/rpc works as per the troubleshooting > section here: > http://support.microsoft.com/kb/884506/en-us > > I also created: "A rule that allows SSL from the Localhost object to > the Internal network." > > Any assistance would be much appreciated. > > Here are some ISA logs specific to the Client IP (public IP) the > client is accessing from. > > Original Client IP Client Agent Authenticated Client > Service Server > Name Referring Server Destination Host Name > Transport MIME Type Object > Source Source Proxy Destination Proxy > Bidirectional Client Host > Name Filter Information Network Interface Raw IP > Header Raw > Payload Source Port Processing Time Bytes Sent > Bytes Received Result > Code HTTP Status Code Cache Information Error > Information Log Record > Type Log Time Destination IP Destination > Port Protocol Action Rule Client IP Client > Username Source > Network Destination Network HTTP Method URL > 0.0.0.0 MSRPC No Reverse > Proxy GATEWAY email.acmemigdets.com TCP > - - - - - > - 0 1 2264 281 12202 > The ISA Server denied the specified Uniform Resource Locator (URL). > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:43 > PM 192.168.11.4 443 https Denied Connection Default > rule 123.123.123.123 anonymous External > RPC_IN_DATA > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > s.com:6004 > 0.0.0.0 MSRPC No Reverse > Proxy GATEWAY email.acmemigdets.com TCP > - - - - - > - 0 1 2264 282 12202 > The ISA Server denied the specified Uniform Resource Locator (URL). > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:43 > PM 192.168.11.4 443 https Denied Connection Default > rule 123.123.123.123 anonymous External > RPC_OUT_DATA > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > s.com:6004 > 0.0.0.0 MSRPC No Reverse > Proxy GATEWAY email.acmemigdets.com TCP > - - - - - > - 0 1 2264 280 12202 > The ISA Server denied the specified Uniform Resource Locator (URL). > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:44 > PM 192.168.11.4 443 https Denied Connection Default > rule 123.123.123.123 anonymous External > RPC_IN_DATA > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > s.com:593 > 0.0.0.0 MSRPC No Reverse > Proxy GATEWAY email.acmemigdets.com TCP > - - - - - > - 0 1 2264 281 12202 > The ISA Server denied the specified Uniform Resource Locator (URL). > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:44 > PM 192.168.11.4 443 https Denied Connection Default > rule 123.123.123.123 anonymous External > RPC_OUT_DATA > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > s.com:593 > 123.123.123.123 GATEWAY - > TCP - > - 1238 0 0 0 0x0 > 0x0 0x0 Firewall 21/08/2006 2:07:44 > PM 192.168.11.4 443 HTTPS Initiated > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 14090 0 0 0 0x0 > 0x0 0x0 Firewall 21/08/2006 2:07:44 > PM 192.168.11.4 443 HTTPS Initiated > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 1238 0 1054 3701 > 0x80074e21 > 0x0 0x0 Firewall 21/08/2006 > 2:07:44 PM 192.168.11.4 443 HTTPS Closed > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 14090 0 1015 3741 > 0x80074e20 > 0x0 0x0 Firewall 21/08/2006 > 2:07:44 PM 192.168.11.4 443 HTTPS Closed > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 1239 0 0 0 0x0 > 0x0 0x0 Firewall 21/08/2006 2:07:44 > PM 192.168.11.4 443 HTTPS Initiated > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 14091 0 0 0 0x0 > 0x0 0x0 Firewall 21/08/2006 2:07:44 > PM 192.168.11.4 443 HTTPS Initiated > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 14091 2000 1054 3741 > 0x80074e20 > 0x0 0x0 Firewall 21/08/2006 > 2:07:46 PM 192.168.11.4 443 HTTPS Closed > Connection 123.123.123.123 External > Local Host - - > 123.123.123.123 GATEWAY - > TCP - > - 1239 2000 1053 3701 > 0x80074e21 > 0x0 0x0 Firewall 21/08/2006 > 2:07:46 PM 192.168.11.4 443 HTTPS Closed > Connection 123.123.123.123 External > Local Host - - > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx