Then again, Maybe not. Found this… not sure if you’ve already been down this road or not but the symptoms do fit what you have below, although the situation does not. Looking in the logs I see the client connecting to ISA but not getting redirected to a web server in the farm. ISA sees them trying on port 80, says there was a failed connection attempt, and gives me an http status code of 12241. I can't find the definition of that status code anywhere." After some research, Calvin found this answer: "I finally got this fixed. Turns out it is related to a bug in the Link Translation module. I'm not 100% sure how that plays in since I am actually using the redirection option but it must use something from link translation to redirect the user. There is a hotfix #927265 that fixes the problem. If anyone else is seeing this though, that hotfix is not released publicly yet so you have to contact Microsoft support to get the download. Cordially yours, Jerry G. Young II Application Engineer, Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young Sent: Thursday, February 01, 2007 8:48 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Publishing in ISA2006 Dan, Check the web server/site configuration (in IIS if a Windows box). It does sound like the SSL requirement is set there. “The page must be viewed over a secure channel (Secure Sockets Layer (SSL))” I also see the first line of the log below saying that the attempt to connect over 80 failed but it went through ISA just fine. Cordially yours, Jerry G. Young II Application Engineer, Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Thursday, February 01, 2007 8:32 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Publishing in ISA2006 Okay, so it is rule-based, that narrows down the troubleshooting significantly… When I ditch the “must use HTTPS” option in the listener (I cannot do it in the rule), I get this these three log entries when trying to access the website: HTTP Status Code Cache Information Error Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL 12241 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator. 0x0 0x0 Web Proxy Filter 1/30/2007 10:18:58 PM 24.213.58.250 80 http Failed Connection Attempt Web Server 75.128.225.6 anonymous External GET http://www.mapsnet.org/ 0x0 0x0 Firewall - 1/30/2007 10:18:58 PM 24.213.58.250 80 HTTP Closed Connection 75.128.225.6 External Local Host - - 0x0 0x0 Firewall - 1/30/2007 10:18:58 PM 24.213.58.250 80 HTTP Initiated Connection 75.128.225.6 External Local Host - - And when I say I cannot disable the option in the rule, this is why: I’ve recreated this rule many times, and the web publishing wizard always grays out the options that seem to be relevant… ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, February 01, 2007 12:32 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Publishing in ISA2006 The rule, not the website is returning that result. 12211 is an ISA; not an IIS response code. You get this in your ISA logs because your rule is configured this way. Your rule reacts this way because you told it to. Users get a 403 because their request doesn’t match ISA policy requirements. Ditch the “must use HTTPS” option in the rule and troubleshoot the rule-based denial. All mail to and from this domain is GFI-scanned.