Hi Bill, Are they using an alternate port for SSL? Try bypassing the Web Proxy service by using Direct Access to see if it's a problem with the Java app. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Mayo, Bill [mailto:bemayo@xxxxxxxxxxxxx] Sent: Tuesday, February 18, 2003 2:37 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Problem with outbound connection to secure site http://www.ISAserver.org Dr. Shinder, Thanks very much for the response. I have logging turned on, and all the rules that show up (including the lines that have a 12209 or 995 sc-status) are allow rules. I have also noted that I had some sc-status returns of 64 as well (failed to mention that in previous email). Although it appears other places in the log, I am suspicious of the anonymous access lines interspersed in the session. Further refinement shows that the 12209 errors are all on lines where the cs-username shows "anonymous". I am at a loss as to why certain lines here show anonymous authentication. I have just spoken with the people hosting the site. The information they provide is that the site is using SQL Server for a database, and that the program is Java (from all appearances, server-based). The pages all have an extension of ".do", if that means anything to anyone. I also tried doing a packet trace from the server, but could not discern anything particularly meaningful (presumably because the packets are all encrypted due to SSL). Any further comments or pointers graciously accepted! ~~~~~~~~~~ Bill Mayo Network Administrator Pitt County MIS -----Original Message----- Subject: RE: Problem with outbound connection to secure site From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> Date: Fri, 14 Feb 2003 11:50:40 -0600 X-Message-Number: 18 Hi Bill, Turn on all fields in the Web Proxy log Go to the sites in question Check the Web Proxy logs for Rule#1 and Rule#2 to determine the rules blocking the requests Remember that ISA Server can't see what's in the SSL tunnel, so if you're blocking subdirs or content, then the entire site will be whacked. HTH, Tom ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')