Re: ISA server 2004 and Bluecoat proxy
- From: ALISA - STS <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 25 Apr 2008 04:36:01 -0700
dear jim;
i want to mention that we have configured a backup rout ( backup bluecoat
proxy) with no luck
"ALISA - STS" wrote:
Dear Jim;.
thanks alot for your reply.i will return to that article and read it again.
i want to ask about event 14130 that related to web proxy chain fauilire .
the exact event is [[[ The Web Proxy
service detected that the upstream proxy '212.93.193.87' is now available.
If you were able to work around the upstream proxy server, no further action
is necessary. If you changed the configuration of the primary route to the
upstream ISA Server, you might want to change it back. "
]]] we have configured ISA as cache only and forward the web request to
bloecoat device.
Many sites said that you can give the answer ,someone in this web site said
your name especially ((
http://www.freelists.org/archives/isalist/03-2004/msg00394.html )) ,i have
search many and many , all said the only sloution is to disable the alert .
and i know that microsoft not do that.
how you can help me in that ???
====================================
"Jim Harrison (ISA SE)" wrote:
Sorry; you're misunderstanding that article.
"i have trace that the bluecoat is never go down" - using what? Have you
obtained network captures?
One thing you can do to speed up ISA in a web chaining scenario is to
disable name lookups for the ISA.
There is an example on how to accomplish this here:
http://msdn2.microsoft.com/en-us/library/ms826264.aspx
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:86ABA581-0FBE-4E55-AF30-8C0B29B65EA3@xxxxxxxxxxxxxxxx
Dear Jim;
first thank you for your notes.
second as i told you ((http web proxy filter)) is designed for (
SecureNAT,Firewall clients) and you can disable it. without disable web
proxy
filter to web proxy clients . you can check in
http://www.microsoft.com/technet/isa/2004/plan/ts_proxy_traffic.mspx
go to the last page and you will find that am true.
the only problem that i have that many erros appear in ISA state that WEb
chaining problem occured,then after 2 seconds another events states that the
blue coat device in online.this make connectivity for clients not perfect.
i have trace that the bluecoat is never go down.this is the problem.
another thing web browsing is very slow through ISA, but through bluecoat is
perfect.
"Jim Harrison (ISA SE)" wrote:
Regardless how you feel, Windows 2003 is not fully updated if you don't
have
SP2 and all following patches (especially
http://support.microsoft.com/kb/936594/).
I don't know where you get the idea that the web proxy filter only applies
to SecureNAT and Firewall clients - this is not true.
You're asking several different questions; what exactly are you trying to
solve?
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:81A34507-EB02-4C1C-8E4B-9DF6830B6AF4@xxxxxxxxxxxxxxxx
Dear JIM;
first my ISA 2004 sp3 is on windows 2003 sp1 and have all updates without
SP2.
second i told you about disable HTTP web proxy filter ( this filter
applies
for secureNAT and firewall clients)
but the web proxy filter for web proxy clients cannot be disabled ( this
is
by desighn)
third: i want to ask that microsoft post an article to disable name
resolution on ISA 2004/2006 but when i read the article ite related to ISA
server that is configured as firewall server. if i disable name resolution
on
ISA sa cache only server (one NIC) id that will success???
thanks lot
"Jim Harrison (ISA SE)" wrote:
"windows 2003 sp1 and fully updated" is a conflicting statement. If
Windows
is fully updated, then SP2 and all following updates have been applied.
Also, "ISA server has one network adapter" and "secureNAT clients"
create
a
conflict; you cannot have both.
When you enable caching, you also enable the web proxy; they're
intimately
connected.
If you disable the web proxy, ISA stops testing the upstream proxy.
ISA will test the upstream proxy in the same way any client would test
the
connection to a proxy:
1. if the TCP connection succeeds, the make a request
2. if the request succeeds, then all is good
if ISA is complaining about the upstream proxy failing, then this is
because
the upstream proxy is not responding quickly enough to either #1 or #2
(only
a capture can tell).
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html
"ALISA - STS" <ALISASTS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1457A5AC-E77C-432D-9DCE-EE1EB396F510@xxxxxxxxxxxxxxxx
Dear All;
i hope someone help me in this issue.
We have ISA 2004 standard edition with SP3 , on windows 2003 sp1 and
fully
updated . and no viruses detected on the server. this ISA server has one
network adapter . and configured as cache only server.
All clients are either web proxy clients or secureNAT clients
The ISA server is configured to redirect web request to primary
Bluecoat
proxy device and if the primary failed , ISA will route to backup
bluecoat
(
using web chaining rule)
The problem is that : during the day many warning events appear on ISA
alerts says that the ISA detect that the primary bluecoat device is
unavailable and ISA is routed to the backup bluecoat device. After 3
seconds
or less another event state that the primary bluecoat is available and
ISA
will return to this bluecoat. This behavior is making internet
connectivity
unstable on clients side.
how do i solved this : I have solved this issue by disable the cache to
enforce all web request to pass to bluecoat then i disabled HTTP web
proxy
filter ( used by NAT clients) + edit system policy allow HTTP/HTTPS from
Isa
server to specified site and add the IP addresses of the two bluecoat
devices.
Then NO warning events were logged.
But if I enable ISA cache these error appears again
Can I disable application filter since Isa server work as cache only
server?
Is SecureNAT clients supported on this ISA server( cache only) ?
What is th relation between enable ISA server cache and web chaining
problem?
The other problem is that the clients web browsing through ISA is very
slow,
but when clients connect directly to bluecoat ,internet browsing is so
fast
The ISA server TCP/IP setting is ip x.x.x.x DNS : ip of the domain
controller
DNS name resoulution on ISA is disabled using scritp from Microsoft web
site.
I read the KB
http://support.microsoft.com/default.aspx?scid=kb;en-us;839510
that talk about disable name resolution on ISA and I think its
applicable
on
ISA that works as firewall not cache only.
Is this true ?
Note that all dns name resolution is passed from ISA to bluecoat.
How can I ensure that the slow internet browsing is from DNS ? . and is
disable name resolution on ISA 2004 (cache only server is supported)
- Follow-Ups:
- Re: ISA server 2004 and Bluecoat proxy
- From: Jim Harrison \(ISA SE\)
- Re: ISA server 2004 and Bluecoat proxy
- References:
- ISA server 2004 and Bluecoat proxy
- From: ALISA - STS
- Re: ISA server 2004 and Bluecoat proxy
- From: Jim Harrison \(ISA SE\)
- Re: ISA server 2004 and Bluecoat proxy
- From: ALISA - STS
- Re: ISA server 2004 and Bluecoat proxy
- From: Jim Harrison \(ISA SE\)
- Re: ISA server 2004 and Bluecoat proxy
- From: ALISA - STS
- Re: ISA server 2004 and Bluecoat proxy
- From: Jim Harrison \(ISA SE\)
- Re: ISA server 2004 and Bluecoat proxy
- From: ALISA - STS
- ISA server 2004 and Bluecoat proxy
- Prev by Date: Re: ISA server 2004 and Bluecoat proxy
- Next by Date: Changing ISP w/ISA 2004 Ent and NLB
- Previous by thread: Re: ISA server 2004 and Bluecoat proxy
- Next by thread: Re: ISA server 2004 and Bluecoat proxy
- Index(es):
Relevant Pages
|
