Hi Sebastian, Can u describe the article in English, I won't be able to understand that due to different language.....Pls give some time... Thanks in Advance Regards Brajesh Ranjan Panda ----- Original Message ----- From: "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, March 24, 2004 2:03 PM Subject: [isalist] Re: page not found at first time starting IE on XP with ISA > http://www.ISAserver.org > > Hi Jim > > I started the post on another newsgroup too... > There is a hotfix for IE !! > > The topic is in dutch but the KB articles from microsoft can be found there > http://gathering.tweakers.net/forum/list_messages/891858 > > Regards, > > Sebastian > > > > -----Oorspronkelijk bericht----- > Van: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Verzonden: dinsdag 23 maart 2004 16:44 > Aan: [ISAserver.org Discussion List] > Onderwerp: [isalist] Re: page not found at first time starting IE on XP > with ISA > > > http://www.ISAserver.org > > Two or more "407" responses are expected as part of the negotiations, as you stated. This is just the way authentication works. > If IE was ignoring the proxy settings, you would not see those requests in the web proxy log, since IE would be trying to make a > direct, not proxy request to TCP-80. > Is ISA listening set to support automatic discovery? > > Installing the FW client won't help here. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://www.microsoft.com/isaserver > http://isaserver.org/Jim_Harrison > http://isatools.org > > Read the help, books and articles! > ----- Original Message ----- > From: "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, March 23, 2004 07:31 > Subject: [isalist] Re: page not found at first time starting IE on XP with ISA > > > http://www.ISAserver.org > > Hi Jim > > Well, i've taken a look at some settings. > Proxy settings in IE are manually set to the server at port 8080. > No automatic configuration or URL. > ISA uses the same listener for outgoing webrequests on port 8080 > ISA is using integrated authentication and is asking anonymous users for authentication. > > No strange things in the firewall log BUT in the webproxy log i found the following : > > I see an anonymous user trying to open a page ..for example google.com. (probably because of a default gateway set at the client) > Then it gets a 407 page > And a line below i see the user open the page. > > This happens alot ! > > So probably the problem is located in the proxy negotiation in IE. > Like it first bypasses the proxy setting in IE and then tries the credentials and settings..... > > I even tried to install the proxy client...that gave the same results > > Thanks in advance > > Sebastian > > > > > -----Oorspronkelijk bericht----- > Van: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Verzonden: dinsdag 23 maart 2004 15:06 > Aan: [ISAserver.org Discussion List] > Onderwerp: [isalist] Re: page not found at first time starting IE on XP > with ISA > > > http://www.ISAserver.org > > Hi Sebastian, > > Lots of supposition, there. > Have you reviewed the ISA web proxy log to see what was being denied? > Do you get the same behavior for the clients on both networks? > Exactly what are the IE settings: > - Automatic detection > - detection URL > - manual entry > ? > As far as what suthentication is being used, it depends on what auth options you've selected in the outbound web request listener. > What selections have you made there, and are they identical on both ISA servers? > > Add "Rule#1" and "Rule#2" to the web proxy and firewall logs to get some useful information. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > > > On Tue, 23 Mar 2004 14:44:32 +0100 > "Sebastian van Dijk" <sebastian@xxxxxxxxxxxx> wrote: > http://www.ISAserver.org > > We have the following problem at 2 customer sites at the moment ; > > Situation 1 : Microsoft SBS 2003 + ISA + windows XP clients > Situation 2 : MS win 2000 server + ISA + windows XP clients > > In both situations the servers have 2 NIC's,1 LAN and 1 to a Cisco DSL connection. > Regarding we have 2 different server Operating Systems i guess the problem is in the combination of ISA and Windows XP. > > The XP clients do not have the firewall client installed, only the proxy settings in Internet Explorer are configured > > Now the following problem : > When people logon to their system and start internet explorer they always get 'page not found' error. > After refreshing the page or by retyping the url the internet connection just works as the homepage does. > The users all have access to http(s) in ISA > > For now what I have heard the following would cause this effect : > If Explorer is started, the first authentication is done by the XP system. > And because the XP systems are not explicitly allowed in ISA they will get an access denied. > > 403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) > > When typing in the url for the page again or by refreshing the user authentication would be used, so access is granted. > > All Windows XP systems are up to date with the latest fixes by SUS and they are using Internet Explorer 6. > > Has anyone seen this problem before ? Can someone confirm or reject the statement above ? > > Or is there a solution for this problem ? > > > Met vriendelijke groet, > > > > > Sebastian van Dijk > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: s.vandijk@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: s.vandijk@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: brajesh@xxxxxxxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') >