Nope, about 7 hours on the phone with PSS, 2 1/2 hours on the phone with Burstek, about 12 hours of testing, researching, configuring, more testing, more researching... John T eServices For You > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, September 19, 2005 4:07 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Winsock 40006 error > > http://www.ISAserver.org > > Whoa! Not exactly a "click here" solution :) > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Monday, September 19, 2005 5:57 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Winsock 40006 error > > > > http://www.ISAserver.org > > > > That's what I call a lesson hard-(re)learned... > > Glad you got it back to accountability, tho! > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > Sent: Monday, September 19, 2005 15:37 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Winsock 40006 error > > > > http://www.ISAserver.org > > > > Final update and issue is resolved. > > > > Recap of problem: An in-house designed application has a new feature. > > That > > feature formulated and sent an xml request using HTTP to a 3rd party > > server > > on the Internet for live data. That data was then imported into the > > in-house > > application for use by the sales people. The feature would > > error as soon > > as > > the xml request was sent. > > > > Issue 1: Application needed the use of the Firewall client. > > The firewall > > client was not installed as during testing there were problems > > encountered > > with an application the client was using before. That > > application was a > > 16 > > bit DOS application. That application is no longer in use, and the > > Firewall > > client can now be freely used. > > > > Issue 2: HTTP Redirector was enabled. The app would only work if the > > HTTP > > Redirector was disabled. Why was it enabled? Before migrating the > > workstations to XP Pro last November, they were running NT 4.0. There > > was an > > application they were using (An earlier version of PaperPort) > > that would > > not > > work properly unless the user had admin rights. Therefore, > > all the users > > had > > admin rights on their workstation. As such, they could (and did) make > > any > > change to their computer they wanted, including changing IE settings. > > (When > > I came on the seen there, 2 users were even using Gator, > > ouch.) Through > > testing, it was determined that the only way to force users > > through the > > proxy was to enable the HTTP Redirector. The proxy service > > was then able > > to > > both filter and apply rules. Since they are now on XP Pro, and users > > only > > have local user rights, they can not change settings in IE (Forced > > through > > GPO) nor have access to the control panel or any settings. (Again, > > through > > GPO.) Therefore, the HTTP Redirector can remain disabled now. > > > > Issue 3: Most users were able to access sites on the Internet that > > should > > have been filtered. On Saturday, 09/10, GFI DownloadSecurity was > > uninstalled > > from the server, and the new GFI WebMonitor was installed. As > > a result, > > the > > order in which the web filters were applied changed. As a result, GFI > > WebMonitor was scanning and passing and Burstek was not > > scanning at all. > > Turns out this is a known issue by Burstek that if any GFI product is > > higher > > priority that Burstek, this will happen. I put Burstek web filter as a > > higher priority (number 1, GFI is now number 2, and the ISA URL > > converter > > {not used} is number 3) and both are scanning and working as intended. > > > > Issue 4. Some users were able to access sites that should have been > > blocked > > by Burstek. Reading the Burstek logs showed they were properly > > categorized. > > Called Burstek support. On Saturday, 09/10, I had also > > upgraded both the > > Burstek WebFilter and LogAnalyzer. I did have problems with the > > WebFilter > > install. Turns out some registry settings were amiss and not all > > policies > > were being enforced. When I tried to Uninstall and reinstall both, CPU > > went > > to 100%. After 10 minutes, I forced quit the services and uninstalled. > > What > > then was happening is I was using a backup settings file from Friday > > afternoon. Between Friday afternoon and Thursday when I was > > on the phone > > with Burstek, 6 reports should have run. Well, Burstek LogAnalyzer saw > > that > > and was running them, all at once. I let them run out, and after about > > an > > hour it finished. I did a lot of testing after that and > > Burstek was back > > to > > running as expected. > > > > Moral of the story: Document Document Document > > > > If had I documented what was in use or not in use on the firewall and > > why, > > instead of having to dig through 3 years of notes, I would have solved > > this > > a lot sooner. > > > > Thanks to Erik Naumann and Abhishek Bajpai of Microsoft and the > > Honorable > > Jim Harrison for their assistance in this problem > > > > John T > > eServices For You > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx