ISA 2004 and SSL-Tunnel Protocol
- From: Robert Waltenburg <RobertWaltenburg@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Jun 2008 10:12:01 -0700
I have an issue when clients are trying to connect to a HIPPA secure email
server. The clients are connecting on port 443 and we use ISA to proxy the
port. The issue is that the clients get a "nonstandard port error", but the
log shows authentication issues with SSL-Tunnel protocol. I have included
the log below. The interesting thing is that the client can connect (with a
certificate warning) if I replace the url with the actual IP address of the
secure email server. Here is the log.
Denied Connection GRANTESD-ISA2 5/28/2008 2:15:03 PM
Log type: Web Proxy (Forward)
Status: 12209 The ISA Server requires authorization to fulfill the request.
Access to the Web Proxy service is denied.
Rule:
Source: ( 10.2.80.68:0)
Destination: ( 10.2.80.141:443)
Request: CONNECT
Filter information: Req ID: 0d7a2df4; Compression:None
Protocol: SSL-tunnel
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
Object source: Processing time: 1
Cache info: 0x0 MIME type:
Failed Connection Attempt GRANTESD-ISA2 5/28/2008 2:15:03 PM
Log type: Web Proxy (Forward)
Status: 5 Access is denied.
Rule:
Source: ( 10.2.80.68:0)
Destination: ( 10.2.80.141:443)
Request: CONNECT
Filter information: Req ID: 0d7a2df6; Compression:None
Protocol: SSL-tunnel
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
Object source: Processing time: 1
Cache info: 0x0 MIME type:
Failed Connection Attempt GRANTESD-ISA2 5/28/2008 2:15:03 PM
Log type: Web Proxy (Forward)
Status: 12204 The specified Secure Sockets Layer (SSL) port is not allowed.
ISA Server is not configured to allow SSL requests from this port. Most Web
browsers use port 443 for SSL requests.
Rule:
Source: ( 10.2.80.68:0)
Destination: ( 10.2.80.141:0)
Request: https://secureemail.hr.state.or.us:443
Filter information: Req ID: 0d7a2df7; Compression:None
Protocol: SSL-tunnel
User: ESDDOM\waltenburgr
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
Object source: Internet Processing time: 0
Cache info: 0x0 MIME type:
Failed Connection Attempt GRANTESD-ISA2 5/28/2008 2:15:03 PM
Log type: Web Proxy (Forward)
Status: 12204 The specified Secure Sockets Layer (SSL) port is not allowed.
ISA Server is not configured to allow SSL requests from this port. Most Web
browsers use port 443 for SSL requests.
Rule:
Source: ( 10.2.80.68:0)
Destination: ( 10.2.80.141:0)
Request: https://secureemail.hr.state.or.us:443
Filter information: Req ID: 0d7a2df7; Req ID: 0d7a2df7; Compression:None,
Compression:None
Protocol: SSL-tunnel
User: ESDDOM\waltenburgr
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727; InfoPath.2)
Object source: Internet Processing time: 0
Cache info: 0x0 MIME type:
Any help is greatly appreciated!
Robert
.
- Next by Date: Set file permissions in ISS inside of an application ?
- Next by thread: Set file permissions in ISS inside of an application ?
- Index(es):
Relevant Pages
|
