RE: that old 12202 forbidden chessnut
- From: Clayton Doige <clayton.doige@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 23 Dec 2005 13:51:25 +0000
According to the article it was supposed to go under computer on the ISA
Server.
On 12/22/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote:
>
> http://www.ISAserver.org
>
> *Exactly* where did you install the certificates?
> Every machine has three basic locations:
> - user
> - computer
> - service
>
> Each one of those has "personal" and "trusted root" locations for
> certificates.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx]
> Sent: Thursday, December 22, 2005 09:51
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: that old 12202 forbidden chessnut
>
> http://www.ISAserver.org
>
> That's the bit I don't get, I went through that document word for word,
> slowly, pedantically, and did exactly what it said.
>
> At any rate, what I really wanted to get working out of all of this was
> active sync on an IPAQ, which I have managed this afternoon. So I am a happy
> bunny from that perspective. Although I have responded to some of your
> points below:
>
> Merry Christmas :-) and thanks for the feedback.
>
> Clayton Doige
> IT Project Manager
> CME Development Corporation
> T: 020 7430 5355
> M: 07932 653787
> E:clayton.doige@xxxxxxxxxxx
> W:www.cetv-net.com
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: 22 December 2005 17:30
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: that old 12202 forbidden chessnut
>
> http://www.ISAserver.org
>
> You're clearly *not* following instructions.
> CIL...
>
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx]
> Sent: Thursday, December 22, 2005 07:54
> To: [ISAserver.org Discussion List]
> Subject: [isalist] that old 12202 forbidden chessnut
>
> http://www.ISAserver.org
>
>
> Some of you will recall a couple months back me having no success with
> this error at all.
>
>
>
> Now that things have been quiet around here this week, I have had a chance
> to revisit things.
>
>
>
> I uninstalled the original certificate authority I had created here, and
> reinstalled one for cme-net.com. I again have gone through Liran Zamir's
> Step By Step Publishing Article for publishing W2K3 OWA over ISA 2K4 using
> Forms Based Authentication.
>
>
>
> The name on the certificate is registered in DNS, and I can ping that name
> and have it resolve to the correct IP Address from an external computer. I
> have added this name to the ISA Server's host file with the internal 10
> range address.
> [Jim] - stop messing about with the hosts file; this is what DNS is for.
>
> [Clayton] - Under the section in the article I got from isaserver.orgcalled
> Checking Browser connectivity from ISA to the OWA site it states:
> "If the ISA Firewall cannot resolve the common name to the exchange ip
> address using DNS, you should edit the ISA firewall's host file..."
>
>
> When I go to the website, I am prompted to verify I want to proceed with
> the untrusted certificate, which I do, and the OWA Form opens on the page,
> I then put in my username and password (username being domain\user format)
> and the 403 Forbidden pops up.
> [Jim] - this is where ISA will fail; ISA *must* trust the cert issuer or
> your internal connection will *not* happen
>
> [Clayton] - Fair enough, the article I used referenced importing the
> certificate into the ISA Server, which I did do, admittedly certs are not my
> strong point, but over and above what is in that article, how do I go about
> getting ISA to trust my local CA? In the trusted root section, my cert is
> listed, and I also imported the pfx file into the personal certs container,
> and was able to select it via the listener.
>
>
> Interestingly enough, when I had this error before nothing showed up in
> the Logs of the ISA Server, however now, it comes up with a denied packet
> associated with port 443, https, with the username I am putting in being
> referenced.
>
>
>
> Is there some other rule that I need to create here?
>
>
>
> Lastly, when I browse to the OWA site from the ISA Server itself, before
> the certificate prompt comes up, a security warning is displayed stating
> that certificate revocation information for the previous certificate is
> unavailable do I wish to continue. I am guessing this is due to the old cert
> with that internal reference being still hanging around in IE somewhere, but
> will that be contributing to the 12202 issue from the public side?
>
>
>
> Any help will be greatly appreciated, tomorrow being the last day for me
> here this year, I would like to finish off on a positive.
>
>
>
>
>
> Clayton Doige
>
> IT Project Manager
>
> CME Development Corporation
>
> T: 020 7430 5355
>
> M: 07932 653787
>
> E:clayton.doige@xxxxxxxxxxx
>
> W:www.cetv-net.com
>
>
>
>
> ______________________________________________________________________
> This electronic mail message and any attached files contain information
> intended for the exclusive use of the person to whom it is addressed and may
> contain information that is proprietary, privileged, confidential and/or
> exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any viewing, copying, disclosure or
> distribution of this information may be subject to legal restriction or
> sanction. If you are not an addressee, please notify the sender immediately
> by electronic mail and delete the original message without making any
> copies.
> _____________________________________________________________________
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> clayton.doige@xxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> ______________________________________________________________________
>
> ______________________________________________________________________
> This electronic mail message and any attached files contain information
> intended for the exclusive use of the person to whom it is addressed and may
> contain information that is proprietary, privileged, confidential and/or
> exempt from disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any viewing, copying, disclosure or
> distribution of this information may be subject to legal restriction or
> sanction. If you are not an addressee, please notify the sender immediately
> by electronic mail and delete the original message without making any
> copies.
> _____________________________________________________________________
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> clayton.doige@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
--
Regards,
Clayton
clayton@xxxxxxxxxxxx
http://alsipius.com
Other related posts:
