RE: UPS Worldship
- From: "Michael Weber" <mweber@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 21 Jan 2004 11:42:39 -0500
I would like to thank everyone for their help with my Worldship installation.
I just got it to connect. I don't think it was ever an ISA Server problem;
however, there is something wrong with the computer that it was installed on.
I could never get it to connect with that computer -- it was always the same
certificate problem. The Worldship software can connect either with the proxy
disabled or the proxy enabled (in the UPS software), both seem to work fine.
I still do not know what is wrong with the original computer, but I don't
really care right now :-)
Thanks,
Michael Weber
Director of Engineering
XT Racing
1065B Nine North Dr
Alpharetta, GA 30004
Phone: 770-992-3795
Fax: 678-990-7920
-----Original Message-----
From: Michael Weber
Sent: Wednesday, January 21, 2004 10:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship
http://www.ISAserver.org
I'm not aware of the Verisign intermd CA problem. Could you please explain, or
give me some information about how to correct the problem?
I am not using DSL PPPoE, and the 403 problems from the web browser don't seem
to be a problem. It should work even with those responses (from IE).
Michael Weber
Director of Engineering
XT Racing
1065B Nine North Dr
Alpharetta, GA 30004
Phone: 770-992-3795
Fax: 678-990-7920
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, January 20, 2004 7:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship
http://www.ISAserver.org
Hi Michael,
You're correct that Direct Access is probably required. Could you be dealing
with the Verisign intermd CA problem?
Thanks!
Tom
From: Michael Weber [mailto:mweber@xxxxxxxxxxxx]
Sent: Tuesday, January 20, 2004 10:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] UPS Worldship
http://www.ISAserver.org
Hi all,
I know that this has been reviewed before; however, I still cannot connect with
the UPS Worldship software through my ISA Server. I'm not an expert on ISA but
I think I have set up everything correctly for the software to have direct
access to www.uoss.ups.com. And when I examine the ISA logs I don't get an
entry in the web proxy file, and I do get one in the Firewall log.
The firewall log file and the ups trace file are given below, hopefully,
somebody can see something that will help me out.
I have connected successfully with Worldship on a computer without ISA. The
only difference in the log files is that I don't get the "Peer's certificate
has an invalid signature" error on the SSL_ForceHandshake, and everything
connects correctly.
My only guess is that ISA is still somehow messing with the SSL certificate,
but I don't know why.
Thanks,
Michael Weber
mweber@xxxxxxxxxxxx
---------------------------------
FIREWALL log
---------------------------------
192.168.0.26, <user>, getHostIP.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv,
XTSERVER, -, www.uoss.ups.com, 153.2.72.100, 0, -, 0, 0, -, -, GHBN, -, -, -,
0, 0, -, Allow rule, 39, 0
192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv,
XTSERVER, -, -, 153.2.72.100, 443, 31, 0, 0, 443, TCP, Connect, -, -, -, 0, 0,
Internal access, Allow rule, 31, 109
192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv,
XTSERVER, -, -, 153.2.72.100, 443, 94, 52, 1752, 443, TCP, Connect, -, -, -,
20000, 0, Internal access, Allow rule, 31, 109
---------------------------------
UPS log
---------------------------------
Transact Version 2.0.12.0 NSS 2.7.1 Thread 1764
01/20/2004 11:15:34.944 appMsgId=TNT_REQ clientType=1 nPort=443
dwFlags=1
01/20/2004 11:15:34.944 reqInfoLen=251 reqAppDataLen=0 rcvTimeout=120,
SndTimeout=30,DNSTimeout=5
01/20/2004 11:15:34.944 Connect: locked.
01/20/2004 11:15:34.944 Socket SetUp entered.
01/20/2004 11:15:34.944 Initializing NSS.
01/20/2004 11:15:34.944 Verifying security databases located at
C:\WINDOWS\System32.
01/20/2004 11:15:34.991 SSL_ClearSessionCache completed.
01/20/2004 11:15:34.991 Connecting to : www.uoss.ups.com at port 443
01/20/2004 11:15:34.991 certdir = (C:\WINDOWS\System32)
01/20/2004 11:15:34.991 pszCommandLine = (www.uoss.ups.com 443
C:\WINDOWS\System32 99 GetHostIP1764.dat) ; pszImageModule =
(C:\WINDOWS\System32/getHostIP.exe).
01/20/2004 11:15:35.412 Process getHostIP Successfully.
01/20/2004 11:15:35.412 PR_GetHostByName() succeed.
01/20/2004 11:15:35.412 Host IP address = (153.2.72.100)
01/20/2004 11:15:35.553 Error in function SSL_ForceHandshake: -8182
- Peer's certificate has an invalid signature.
01/20/2004 11:15:35.553 Connect: Unlocked.
01/20/2004 11:15:35.553 Total Elapsed Time=640,Time to process
transaction=0,Time to resolve HOST IP =421,Time to make connection to
HOST=484,Time to make handsake=78,Time to send HTTP request=0,Time to wait for
HOST response=0,Time to receiving response message=0
01/20/2004 11:15:35.553 Transact API exited with return code 610, status code
3010. Elapsed time = 0:01
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mweber@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mweber@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
