RE: UPS Worldship

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 22 Jan 2004 16:55:11 -0600

Hi Michael,

http://news.zdnet.co.uk/internet/security/0,39020375,39118994,00.htm

HTH,
Tom 

-----Original Message-----
From: Michael Weber [mailto:mweber@xxxxxxxxxxxx] 
Sent: Wednesday, January 21, 2004 9:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship

http://www.ISAserver.org

I'm not aware of the Verisign intermd CA problem.  Could you please explain, or 
give me some information about how to correct the problem?

I am not using DSL PPPoE, and the 403 problems from the web browser don't seem 
to be a problem.  It should work even with those responses (from IE).

Michael Weber
Director of Engineering
XT Racing
 
1065B Nine North Dr
Alpharetta, GA  30004
Phone: 770-992-3795
Fax: 678-990-7920

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, January 20, 2004 7:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: UPS Worldship

http://www.ISAserver.org
Hi Michael,
 
You're correct that Direct Access is probably required. Could you be dealing 
with the Verisign intermd CA problem?
 
Thanks!
Tom


From: Michael Weber [mailto:mweber@xxxxxxxxxxxx]
Sent: Tuesday, January 20, 2004 10:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] UPS Worldship
http://www.ISAserver.org
Hi all,
I know that this has been reviewed before; however, I still cannot connect with 
the UPS Worldship software through my ISA Server.  I'm not an expert on ISA but 
I think I have set up everything correctly for the software to have direct 
access to www.uoss.ups.com.  And when I examine the ISA logs I don't get an 
entry in the web proxy file, and I do get one in the Firewall log.
 
The firewall log file and the ups trace file are given below, hopefully, 
somebody can see something that will help me out.
 
I have connected successfully with Worldship on a computer without ISA.  The 
only difference in the log files is that I don't get the "Peer's certificate 
has an invalid signature" error on the SSL_ForceHandshake, and everything 
connects correctly.
 
My only guess is that ISA is still somehow messing with the SSL certificate, 
but I don't know why.
 
Thanks,
Michael Weber
mweber@xxxxxxxxxxxx
 
---------------------------------
FIREWALL log
---------------------------------
 
192.168.0.26, <user>, getHostIP.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv, 
XTSERVER, -, www.uoss.ups.com, 153.2.72.100, 0, -, 0, 0, -, -, GHBN, -, -, -, 
0, 0, -, Allow rule, 39, 0 192.168.0.26, <user>, ShipUps.exe:3:5.1, N, 
1/20/2004, 11:21:23, fwsrv, XTSERVER, -, -, 153.2.72.100, 443, 31, 0, 0, 443, 
TCP, Connect, -, -, -, 0, 0, Internal access, Allow rule, 31, 109 192.168.0.26, 
<user>, ShipUps.exe:3:5.1, N, 1/20/2004, 11:21:23, fwsrv, XTSERVER, -, -, 
153.2.72.100, 443, 94, 52, 1752, 443, TCP, Connect, -, -, -, 20000, 0, Internal 
access, Allow rule, 31, 109
 
---------------------------------
UPS log
---------------------------------
 Transact Version 2.0.12.0  NSS 2.7.1    Thread 1764
01/20/2004 11:15:34.944   appMsgId=TNT_REQ    clientType=1  nPort=443  dwFlags=1
01/20/2004 11:15:34.944   reqInfoLen=251  reqAppDataLen=0  rcvTimeout=120, 
SndTimeout=30,DNSTimeout=5
01/20/2004 11:15:34.944   Connect: locked.
01/20/2004 11:15:34.944   Socket SetUp entered.
01/20/2004 11:15:34.944   Initializing NSS.
01/20/2004 11:15:34.944   Verifying security databases located at 
C:\WINDOWS\System32.
01/20/2004 11:15:34.991   SSL_ClearSessionCache completed.
01/20/2004 11:15:34.991   Connecting to : www.uoss.ups.com at port 443
01/20/2004 11:15:34.991   certdir = (C:\WINDOWS\System32)
01/20/2004 11:15:34.991   pszCommandLine = (www.uoss.ups.com 443 
C:\WINDOWS\System32 99 GetHostIP1764.dat) ; pszImageModule = 
(C:\WINDOWS\System32/getHostIP.exe).
01/20/2004 11:15:35.412   Process getHostIP Successfully.
01/20/2004 11:15:35.412   PR_GetHostByName() succeed.
01/20/2004 11:15:35.412   Host IP address  = (153.2.72.100)
01/20/2004 11:15:35.553   Error in function SSL_ForceHandshake: -8182
 - Peer's certificate has an invalid signature.
01/20/2004 11:15:35.553   Connect: Unlocked.
01/20/2004 11:15:35.553   Total Elapsed Time=640,Time to process 
transaction=0,Time to resolve HOST IP =421,Time to make connection to 
HOST=484,Time to make handsake=78,Time to send HTTP request=0,Time to wait for 
HOST response=0,Time to receiving response message=0
01/20/2004 11:15:35.553   Transact API exited with return code 610, status code 
3010. Elapsed time = 0:01
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security 
Resource Site: http://www.windowsecurity.com/ Network Security Library: 
http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to 
$subst('Email.Unsub') ------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security 
Resource Site: http://www.windowsecurity.com/ Network Security Library: 
http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
mweber@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security 
Resource Site: http://www.windowsecurity.com/ Network Security Library: 
http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to 
$subst('Email.Unsub')

Other related posts:

• » UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship
• » RE: UPS Worldship

1. Home
2. isalist
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---