"also a KB " means that this behavior is also documented in a KB; http://support.microsoft.com/kb/281985/. This KB needs updating to include ISA 2004 & 2006, but the behavior itself hasn't changed. The way to validate policy changes is to make sure that your test client has no sessions with ISA. Monitoring, Sessions will show any active sessions and you can kill them there as well. From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gene Sibbs Sent: Friday, July 18, 2008 12:55 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Publishing Fedora-PHPticket System using ISA 2006 SE Hi My web listeners are as follows: External Web Site - OWA (SSL) works ok - no problems at all. External Web Site - TicketSupport (HTTP) - acting up on me. 1. you changed the wrong listener - not real, I changed the External Web Site - TicketSupport (HTTP) 2. you didn't wait for ISA to sync with CSS (Ent Ed only) - running ISA Server 2006 SE 3. your test client still has an active session with ISA (policy changes don't affect active sessions - also a KB) - I was RDP into ISA Server from another client. I don't understand what do you meant by -"also a KB"? Any Resolution to this? --- On Fri, 7/18/08, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: From: Jim Harrison <Jim@xxxxxxxxxxxx> Subject: [isapros] Re: Publishing Fedora-PHPticket System using ISA 2006 SE To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx> Date: Friday, July 18, 2008, 4:45 PM "no joy" and "no luck" aren't anything to work from. Have the symptoms changed? If not, it's probable that: 1. you changed the wrong listener 2. you didn't wait for ISA to sync with CSS (Ent Ed only) 3. your test client still has an active session with ISA (policy changes don't affect active sessions - also a KB) Jim From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gene Sibbs Sent: Friday, July 18, 2008 3:13 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Publishing Fedora-PHPticket System using ISA 2006 SE Still no joy. Followed this link http://support.microsoft.com/kb/885186 Also, allowed authentication over HTTP in the advanced properties, but no luck. Please help. --- On Sun, 7/13/08, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: From: Jim Harrison <Jim@xxxxxxxxxxxx> Subject: [isapros] Re: Publishing Fedora-PHPticket System using ISA 2006 SE To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx> Date: Sunday, July 13, 2008, 11:06 PM Your new web site is requiring some form of authentication. By default, ISA disallows authentication over unencrapted HTTP (as it should!). You *can* allow authentication over HTTP in the advanced properties of the listener "Authentication" context, but this is ill-advised except as a *TEMPORARY* troubleshooting step. Use an SSL listener for this connection and you should be fine. From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gene Sibbs Sent: Sunday, July 13, 2008 9:38 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Publishing Fedora-PHPticket System using ISA 2006 SE Hi Steve, owa is using SSL publishing already. I have tried to create a web publishing rule that points to fc5 webserver, but it fails with this error msg from outside: "Error Code: 403 Forbidden. ISA Server is configured to block HTTP requests that require authentication. (12250)." Here is the steps followed: ISA Server (Firewall Policy - Web Publishing Rule Wizard - Rule Name:[TicketSystem] - Allow - Publish a single web site - use non-secured connection...- internal site name[fc0-01.eslab.lan [on computer name/ip:10.11.1.40] - path [/ticket] - public name:[ dy-oISA.dyndns.org] - Select web listener: I created a new weblistener [WebSupport listener] - do not require SSL secured connections with clients - check external NIC - basic - end then NEXT all the way out. Any missing link? --- On Sun, 7/13/08, Steve Moffat <steve@xxxxxxxxxx> wrote: From: Steve Moffat <steve@xxxxxxxxxx> Subject: [isapros] Re: Publishing Fedora-PHPticket System using ISA 2006 SE To: "ISAPros Mailing List" <isapros@xxxxxxxxxxxxx> Date: Sunday, July 13, 2008, 6:27 PM You need to create a web publishing rule that points to your webserver. If you aren't already publishing owa securely, now is the time, otherwise you will need to use a port other than 80 for your ticket system. S From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Gene Sibbs Sent: Sunday, July 13, 2008 11:58 AM To: ISAPros Mailing List Subject: [isapros] Publishing Fedora-PHPticket System using ISA 2006 SE Hi I am running a very small network at home, and I would like to publish an open source ticket management system (http://sourceforge.net/projects/ticket/) installed and running on fedora 5 server. My Small infrastructure is configured as follows: (Internet) | | DSL (Router) --- 192.168.1.1 | | | ISA 2006 (ExternalNIC) ---192.168.1.4 ||----ISA 2006 (InternalNIC) ---10.11.1.250 | [Switch] | |DC-Server (10.11.1.20) - Exch-Server(10.11.1.30) Fedora-PHPticket Server (10.11.1.40) On the ISA Server I installed DynDNS Updater which sync with DynDNS.com for host updates (dy-oISA.dyndns.org ). This host allows me to access OWA, and RDP when I'm on the road. How do I go about configuring ISA box to publish this ticket management system? Internal I just access it via the IP address (http://10.11.1.40/ticket) Please help Many thanks Gene