Hi Jim I started the post on another newsgroup too... There is a hotfix for IE !! The topic is in dutch but the KB articles from microsoft can be found there http://gathering.tweakers.net/forum/list_messages/891858 Regards, Sebastian -----Oorspronkelijk bericht----- Van: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Verzonden: dinsdag 23 maart 2004 16:44 Aan: [ISAserver.org Discussion List] Onderwerp: [isalist] Re: page not found at first time starting IE on XP with ISA http://www.ISAserver.org Two or more "407" responses are expected as part of the negotiations, as you stated. This is just the way authentication works. If IE was ignoring the proxy settings, you would not see those requests in the web proxy log, since IE would be trying to make a direct, not proxy request to TCP-80. Is ISA listening set to support automatic discovery? Installing the FW client won't help here. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, March 23, 2004 07:31 Subject: [isalist] Re: page not found at first time starting IE on XP with ISA http://www.ISAserver.org Hi Jim Well, i've taken a look at some settings. Proxy settings in IE are manually set to the server at port 8080. No automatic configuration or URL. ISA uses the same listener for outgoing webrequests on port 8080 ISA is using integrated authentication and is asking anonymous users for authentication. No strange things in the firewall log BUT in the webproxy log i found the following : I see an anonymous user trying to open a page ..for example google.com. (probably because of a default gateway set at the client) Then it gets a 407 page And a line below i see the user open the page. This happens alot ! So probably the problem is located in the proxy negotiation in IE. Like it first bypasses the proxy setting in IE and then tries the credentials and settings..... I even tried to install the proxy client...that gave the same results Thanks in advance Sebastian -----Oorspronkelijk bericht----- Van: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Verzonden: dinsdag 23 maart 2004 15:06 Aan: [ISAserver.org Discussion List] Onderwerp: [isalist] Re: page not found at first time starting IE on XP with ISA http://www.ISAserver.org Hi Sebastian, Lots of supposition, there. Have you reviewed the ISA web proxy log to see what was being denied? Do you get the same behavior for the clients on both networks? Exactly what are the IE settings: - Automatic detection - detection URL - manual entry ? As far as what suthentication is being used, it depends on what auth options you've selected in the outbound web request listener. What selections have you made there, and are they identical on both ISA servers? Add "Rule#1" and "Rule#2" to the web proxy and firewall logs to get some useful information. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 23 Mar 2004 14:44:32 +0100 "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx> wrote: http://www.ISAserver.org We have the following problem at 2 customer sites at the moment ; Situation 1 : Microsoft SBS 2003 + ISA + windows XP clients Situation 2 : MS win 2000 server + ISA + windows XP clients In both situations the servers have 2 NIC's,1 LAN and 1 to a Cisco DSL connection. Regarding we have 2 different server Operating Systems i guess the problem is in the combination of ISA and Windows XP. The XP clients do not have the firewall client installed, only the proxy settings in Internet Explorer are configured Now the following problem : When people logon to their system and start internet explorer they always get 'page not found' error. After refreshing the page or by retyping the url the internet connection just works as the homepage does. The users all have access to http(s) in ISA For now what I have heard the following would cause this effect : If Explorer is started, the first authentication is done by the XP system. And because the XP systems are not explicitly allowed in ISA they will get an access denied. 403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) When typing in the url for the page again or by refreshing the user authentication would be used, so access is granted. All Windows XP systems are up to date with the latest fixes by SUS and they are using Internet Explorer 6. Has anyone seen this problem before ? Can someone confirm or reject the statement above ? Or is there a solution for this problem ? Met vriendelijke groet, Sebastian van Dijk ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: s.vandijk@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: s.vandijk@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')