Re: FWC and Stamps.com on ISA2004

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Matt (anonymous_at_discussions.microsoft.com)
Date: 10/10/04 

Date: Sun, 10 Oct 2004 16:39:59 -0700

The ISA Log points to the policy I have setup for
Firewall Clients (which allows HTTP, HTTPS, FTP, and MMS)
from a range of IP addresses, to External and the rule
applies to a AD Global Group.

The error the log states is 0x800 and was recorded from
the Web Proxy Filter, the connection was denied (source -
Internal/Destination - External) and the HTTP method was
a "GET" to a URL. It also shows the client username
was "Anonymous".

What else can I provide you with to help troubleshoot
this?

Thanks,

Matt
>-----Original Message-----
>Ah. I see.
>This is a good example of how the poor term usage could
lead to the huge
>time waste ;-)
>OK. Let's try to start from the beginning.
>What does ISA log says, e.g. which particular firewall
policy denies your
>application requests?
>
>Regards,
>Andrew
>
>"Matt" <anonymous@discussions.microsoft.com> wrote in
message
>news:117001c4ab8d$803d3590$a601280a@phx.gbl...
>> When I use the word "applet" I am being generic in
>> stating "application". This program is not a Java
based
>> appp.
>>
>> Thanks,
>>
>> Matt
>> >-----Original Message-----
>> >I don't know if I understand your question correctly,
so
>> I try to start from
>> >the basics.
>> >Java applets couldn't be executed directly. They need
>> some intermediate
>> >software interpreter to run. That is the cost for
cross-
>> platform
>> >compatibility of Java apps. If your Java executive
>> starts to misbehave for
>> >some reason, the applet just couldn't run correctly or
>> even could completely
>> >stop working.
>> >I suppose that. And that is why I suggested you what
you
>> see in my previous
>> >post.
>> >
>> >A little computer horror follows.
>> >Sun initially developed the Java language and Java
tools
>> and environments
>> >for all computer platforms (including Windows). Some
>> years ago Microsoft
>> >decided to develop its own Java environment and called
>> it the 'Java Virtual
>> >Machine'. They included some enhancements into the
Java
>> code interpreting
>> >process and it led to some incompatibility issues. Sun
>> was disagree with MS
>> >and brought an action against MS. They (Sun) were
>> successful in its action,
>> >so MS have to stop all its JVM development and
support.
>> >Since MS JVM does not supported anymore, so you
couldn't
>> download it's
>> >'latest' version, and the only option for you is to
get
>> latest JRE ('Java
>> >Runtime Environment' - that is how they called their
>> virtual machine) from
>> >Sun.
>> >I did that too and immediately faced the compatibility
>> issue. My network
>> >color printer has the built-in web-based control
panel.
>> It uses Java applets
>> >to control print jobs and configure printer options.
So
>> when I moved from MS
>> >JVM to Sun JRE, this control panel just stopped
working
>> saying 'You need the
>> >Java-enabled browser to run this application'.
>> >That is the deep impact of Microsoft into the computer
>> industry ;-) It's
>> >hard to believe, but there were times when many people
>> (almost most of
>> >them!) thought that there are no other Java
environment
>> than the MS JVM...
>> >
>> >Regards,
>> >Andrew
>> >
>> >"Matt" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:2d8401c4ab2f$18384510$a501280a@phx.gbl...
>> >> What does upgrading the latest JRE from Sun have to
do
>> >> with the Stamps.com applet and gaining access
through
>> ISA
>> >> via HTTP/SSL?
>> >>
>> >> Matt
>> >> >-----Original Message-----
>> >> >Try to install latest JRE from Sun.
>> >> >Configure it with proper proxy (your ISA2K4)
>> >> address/port.
>> >> >
>> >> >Regards,
>> >> >Andrew
>> >> >
>> >> >"Matt" <anonymous@discussions.microsoft.com> wrote
in
>> >> message
>> >> >news:265601c4a9b4$dbe98c20$a301280a@phx.gbl...
>> >> >> Good Evening,
>> >> >>
>> >> >> ISA Std 2004 with Firewall Clients deployed in
>> >> >> environment. Trying to run an applet from
>> Stamps.com
>> >> >> that needs to authenticate with their web site on
>> port
>> >> >> 443. A firewall policy exists to allow
HTTP/HTTPS
>> >> >> through for FW Clients and normal HTTP activity
>> through
>> >> >> browser works fine.
>> >> >>
>> >> >> When I execute the Stamps.com applet, it prompts
me
>> for
>> >> >> basic authentication through the ISA Server.
When I
>> >> >> monitor activity I see it try to establish a SSL
>> >> >> connection with URL associated with Stamps.com.
>> Even
>> >> if
>> >> >> I provide Domain creds, it fails. I need some
>> guidance
>> >> >> trying to troubleshoot this issue.
>> >> >>
>> >> >> Thanks,
>> >> >>
>> >> >> Matt
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: Admin Tool Remote Zugriff
    ... Für Http freizuschalten war dann doch ganz einfach. ... man dann wohl diverse Sicherheitseinstellungen in der Policy des Frameworks ... ich hab mir gerade das Website Administration Tool zur Benutzerverwaltung ... dass auch per Remote Zugriff möglich ist? ...
    (microsoft.public.de.german.entwickler.dotnet.asp)
  • Re: Admin Tool Remote Zugriff
    ... "Thomas Freudenreich" wrote: ... Für Http freizuschalten war dann doch ganz einfach. ... man dann wohl diverse Sicherheitseinstellungen in der Policy des Frameworks ... ich hab mir gerade das Website Administration Tool zur Benutzerverwaltung ...
    (microsoft.public.de.german.entwickler.dotnet.asp)
  • Re: finding time when url was modified
    ... > would send a policy and request a resource. ... > evaluate the policy and respond accordingly. ... then examining what the capabilities of your servers are. ... is catch the HTTP result code and do the right thing with it. ...
    (comp.lang.python)
  • Re: Client Username in log does not show username...
    ... we do not plan to use ISA2004 to serve ... Firewall Clients yet, it's running as web proxy, could you give me a ... quick hint about how to turn on authentication for HTTP and HTTPS? ...
    (microsoft.public.isa)