[isalist] Re: Uploads to Facebook don't work anymore...

  • From: Gene Sibbs <gen_sib@xxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Wed, 2 Dec 2009 05:04:03 -0800 (PST)

Once your problem is fixed, it is advisable that you manually back up your ISA 
config weekly to a network drive. This will save you 
on countless troubleshooting hours. 

 


________________________________
From: "Ball, Dan" <DBall@xxxxxxxxxxx>
To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
Sent: Wed, December 2, 2009 2:35:34 PM
Subject: [isalist] Re: Uploads to Facebook don't work anymore...


Thanks, that clears it up a bit, now I know what to look for.  Yes, we are 
using authentication on outbound traffic and I have a strong suspicion that 
Websense has something to do with this issue.  We are becoming less enamored 
with it daily, and I have spent countless hours with their tech support in the 
last few weeks.  
 
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Wednesday, December 02, 2009 1:04 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
 
No; there is no rule allowing the request as specified.
Don’t worry about rules that disallow specific commands or headers; you would 
see those rules quoted.
The protocol quoted is in lowercase, which indicates a CERN proxy request.
Are you forcing authentication on the outbound traffic?
The request is not coming from the browser, but the “image uploader”, which may 
have authentication issues (cant’ tell from a single log entry).
A Netmon capture could tell you…
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Tuesday, December 01, 2009 11:52 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
 
I can see that… There is no rule allowing http from localhost to localhost so 
it fails (somehow I don’t think such a rule would resolve the issue though).   
Subsequent Googling on those topics didn’t shed any light on it either.  Is 
this a Facebook App error or something on my end?
 
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, December 01, 2009 1:16 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
 
The destination IP will be the ISA internal IP, because this is a CERN proxy 
request.
Regardless, this request was denied because there is no firewall policy that 
would allow it (thus quoting the default rule).
 

________________________________

From:isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of 
Ball, Dan [DBall@xxxxxxxxxxx]
Sent: Tuesday, December 01, 2009 7:22 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
Hmmmmmm….. I don’t see anything changed on the Internal Network configuration 
(same it has been for months), and that destination IP is the ISA server itself.
 
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, December 01, 2009 10:16 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
 
The request was denied by the default rule; indicating that you have no policy 
that allows this request.
Interestingly enough, the request was identified as being destined for the 
“internal” network.
This tells me that unless you deployed ISA in a single-net configuration you or 
someone you shouldn’t trust has been playing with the internal network 
definition.
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Tuesday, December 01, 2009 6:50 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
 
Oh, I agree, that is only the tip of that looming iceberg… But, like I said, my 
obvious answer to “do it from home” wasn’t acceptable, so I have to figure out 
how to get it working again… *sigh*
 
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA SHIFT MGR
Sent: Tuesday, December 01, 2009 9:45 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Uploads to Facebook don't work anymore...
 
The fact that ISA or something else is not allowing the upload don’t worry me 
too much, what is incredible here is:
 
Do the taxpayer on your school district knows that the school district is using 
money for somebody to be able to upload pictures to facebook? amazing
 
Regards
Diego R. Pietruszka
MIS - Shift Manager
 
From:isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Tuesday, December 01, 2009 9:27 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Uploads to Facebook don't work anymore...
 
In the last couple of weeks, something changed (no idea what), and now people 
inside our network can no longer upload pictures to Facebook.  The upload 
application seems to be working, then crashes at the end.   (Of course, the 
obvious solution of doing it from home is unacceptable… *grumble*)
 
I looked on the ISA server (ISA 2006), and this is the error message where it 
dies:
 
Original Client IP               Client Agent       Authenticated Client      
Service Server Name     Referring Server               Destination Host 
Name         Transport            MIME Type         Object Source   Source 
Proxy     Destination Proxy            Bidirectional                Client Host 
Name             Filter Information            Network Interface          Raw 
IP Header  Raw Payload      GMT Log Time      Source Port        Processing 
Time               Bytes Sent          Bytes Received Result Code        HTTP 
Status Code                Cache Information          Error 
Information             Log Record Type               Authentication Server   
Log Time                Destination IP   
 Destination Port               Protocol               Action   Rule       
Client IP               Client Username                Source 
Network               Destination Network      HTTP Method    URL
0.0.0.0   Image Uploader               Yes         Proxy    SERVERNAME    
http://www.facebook.com/editalbum.php?&aid=349361&add=1&created=1#          ; 
10.20.1.10            TCP                                        -              
-                              -              Req ID: 0e8e449f             
-              -              -              12/1/2009 2:12:02 PM    
0              1              4310       639014                  12202 The ISA 
Server denied the specified Uniform Resource Locator (URL).    0x4         
0xa80    Web Proxy Filter                              12/1/2009 9:12:02 
AM         10.20.1.1              8080      
 http       Denied Connection         Default rule        10.20.6.117         
DOMAIN\username                Internal                Internal                
POST     
http://upload.facebook.com/photos_upload.php?created_album=1&aid=349361&id=504175590
 
The traffic is hitting the default rule for some reason (which is why it is 
dying), but the protocol is http, which “should” be able to make it through.
 
--------------------------------------------------
Dan Ball
Network and Systems Technician
Marquette Area Public Schools
1103 West College Avenue
Marquette, MI 49855
E-Mail: dball@xxxxxxxxxxx
Phone: (906)225-5779
Fax: (906)225-5377
--------------------------------------------------

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2009