Re: page not found at first time starting IE on XP with ISA
- From: "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 24 Mar 2004 09:33:22 +0100
Hi Jim
I started the post on another newsgroup too...
There is a hotfix for IE !!
The topic is in dutch but the KB articles from microsoft can be found there
http://gathering.tweakers.net/forum/list_messages/891858
Regards,
Sebastian
-----Oorspronkelijk bericht-----
Van: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Verzonden: dinsdag 23 maart 2004 16:44
Aan: [ISAserver.org Discussion List]
Onderwerp: [isalist] Re: page not found at first time starting IE on XP
with ISA
http://www.ISAserver.org
Two or more "407" responses are expected as part of the negotiations, as you
stated. This is just the way authentication works.
If IE was ignoring the proxy settings, you would not see those requests in the
web proxy log, since IE would be trying to make a
direct, not proxy request to TCP-80.
Is ISA listening set to support automatic discovery?
Installing the FW client won't help here.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, March 23, 2004 07:31
Subject: [isalist] Re: page not found at first time starting IE on XP with ISA
http://www.ISAserver.org
Hi Jim
Well, i've taken a look at some settings.
Proxy settings in IE are manually set to the server at port 8080.
No automatic configuration or URL.
ISA uses the same listener for outgoing webrequests on port 8080
ISA is using integrated authentication and is asking anonymous users for
authentication.
No strange things in the firewall log BUT in the webproxy log i found the
following :
I see an anonymous user trying to open a page ..for example google.com.
(probably because of a default gateway set at the client)
Then it gets a 407 page
And a line below i see the user open the page.
This happens alot !
So probably the problem is located in the proxy negotiation in IE.
Like it first bypasses the proxy setting in IE and then tries the credentials
and settings.....
I even tried to install the proxy client...that gave the same results
Thanks in advance
Sebastian
-----Oorspronkelijk bericht-----
Van: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Verzonden: dinsdag 23 maart 2004 15:06
Aan: [ISAserver.org Discussion List]
Onderwerp: [isalist] Re: page not found at first time starting IE on XP
with ISA
http://www.ISAserver.org
Hi Sebastian,
Lots of supposition, there.
Have you reviewed the ISA web proxy log to see what was being denied?
Do you get the same behavior for the clients on both networks?
Exactly what are the IE settings:
- Automatic detection
- detection URL
- manual entry
?
As far as what suthentication is being used, it depends on what auth options
you've selected in the outbound web request listener.
What selections have you made there, and are they identical on both ISA servers?
Add "Rule#1" and "Rule#2" to the web proxy and firewall logs to get some useful
information.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Tue, 23 Mar 2004 14:44:32 +0100
"Sebastian van Dijk" <sebastian@xxxxxxxxxxxx> wrote:
http://www.ISAserver.org
We have the following problem at 2 customer sites at the moment ;
Situation 1 : Microsoft SBS 2003 + ISA + windows XP clients
Situation 2 : MS win 2000 server + ISA + windows XP clients
In both situations the servers have 2 NIC's,1 LAN and 1 to a Cisco DSL
connection.
Regarding we have 2 different server Operating Systems i guess the problem is
in the combination of ISA and Windows XP.
The XP clients do not have the firewall client installed, only the proxy
settings in Internet Explorer are configured
Now the following problem :
When people logon to their system and start internet explorer they always get
'page not found' error.
After refreshing the page or by retyping the url the internet connection just
works as the homepage does.
The users all have access to http(s) in ISA
For now what I have heard the following would cause this effect :
If Explorer is started, the first authentication is done by the XP system.
And because the XP systems are not explicitly allowed in ISA they will get an
access denied.
403 Forbidden - The ISA Server denies the specified Uniform Resource Locator
(URL). (12202)
When typing in the url for the page again or by refreshing the user
authentication would be used, so access is granted.
All Windows XP systems are up to date with the latest fixes by SUS and they are
using Internet Explorer 6.
Has anyone seen this problem before ? Can someone confirm or reject the
statement above ?
Or is there a solution for this problem ?
Met vriendelijke groet,
Sebastian van Dijk
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
s.vandijk@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
s.vandijk@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
