Re: Rule blocks OutLook Mail
- From: "Larry Bird" <LarryBird@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 3 Jan 2006 13:52:05 -0800
I've been trying to ge the Client component to work for a couple of days, but
no success. Can you tell me what's wrong? I've supplied information from
the "fwctool":
I'm running the ISA Client on a workstation. VIA the Client I'm unable to
detect the ISA Sserver. I've installed the FWCTool and I get the following
resulsts below:
FwcTool version 4.0.3439
Firewall Client for ISA Server 2004 support tool
Copyright (c) Microsoft Corporation. All rights reserved.
Action: Test the auto detection mechanism
Type: DHCP
Detection details:
Timeout is set to 60 seconds
Locating WSPAD URL in DHCP Server
Locating option 252 in DHCP
Reading network adapters information
Option found on adapter:
{1453ED4D-C014-410F-BCAA-58CC4EFF8EE1}
DHCP option for WPAD found:
http://cscdserver4:8080/wpad.dat
WSPAD URL found in DHCP Server:
http://cscdserver4:8080/wspad.dat
Initializing Web server connection
Resolving IP addresses for cscdserver4
Resolved 1 address(es):
192.168.10.4
Connecting to address #1: 192.168.10.4:8080
Waiting for address #1 to connect
Address #1 successfully connected
Requesting wspad.dat file
Web server is connected and ready to send WSPAD file
Downloading WSPAD file
WSPAD file was downloaded successfully
Detected ISA Server: CSCD_ISA.azalea.local:1745
Result: The command completed successfully.
FwcTool version 4.0.3439
Firewall Client for ISA Server 2004 support tool
Copyright (c) Microsoft Corporation. All rights reserved.
Action: Test the auto detection mechanism
Type: DNS
Detection details:
Timeout is set to 60 seconds
Locating WSPAD URL in DNS Server
Locating domain name in registry
Opening registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
Querying registry value:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
Domain name found:
azalea.local
Resolving address:
wpad.azalea.local.
Domain name found:
wpad.azalea.local.
WSPAD URL found in DNS Server:
http://wpad.azalea.local/wspad.dat
Initializing Web server connection
Resolving IP addresses for wpad.azalea.local
Resolved 1 address(es):
192.168.10.4
Connecting to address #1: 192.168.10.4:80
Waiting for address #1 to connect
Address #1 successfully connected
Requesting wspad.dat file
Web server is connected and ready to send WSPAD file
Downloading WSPAD file
WSPAD file was downloaded successfully
Detected ISA Server: CSCD_ISA.azalea.local:1745
Result: The command completed successfully.
What's interesting about the above information is that both display success
however, the ports used for during the success are different. DHCP was
successful on port 8080. In my DHCP server I've created the WPAD entry with
option 252 as a string "http://cscdserver4:8080/wpad.dat";. However, my DNS
was successful on port 80. I created a CName record/Alias. What the real
answer here?
When I used the Client component I'm unable to detect the ISA server at all.
It does not matter if I used the Manual detection of the Automatic. I've
made sure that the Autodiscovery port in the ISA Server is port 8080.
I am able to surf the internet with no problems and receive e-mail. My ISA
serve is not doing encryption at the present time. But I want to goinf
forward.
Can any one help me.
Thanks
"Phillip Windell" wrote:
> "Larry Bird" <LarryBird@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:0B95DFFD-A5A2-45DA-A2DC-C6C6DBAFB537@xxxxxxxxxxxxxxxx
> > Action = Allow
> > Protocols = All outbound traffic
> > From = Internal
> > To = External
> > Users= A Domain group labled "Unrestricted Users" (only 2 users in this
> group)
> > Schedule = 24 hours
> > Content Types = All content types
> >
> > Why can't my outlook client connect to my ISP mail server? If I disable
> my
> > rule and enable the orignal rule "Unstricted Internet access" everything
> > works fine. What could be the problem? Are there any tools to trace
> what's
> > happing within a rule?
>
> Because:
> 1. The original Unrestricted Rule was "anonymous",..this Rule you created is
> not, it uses a Domain Group.
>
> 2. The Web Proxy Service cannot "do" email (POP3/SMTP). This can only be
> done by the Firewall Service or the SecureNAT Service. Since you probably
> have not installed the Firewall Client on the workstation, you would be
> running the client as a combination of Web Proxy Client and SecureNAT
> Client.
> A. Web Proxy Clients cannot do POP3/SMTP
> B. SecureNAT Clients can *only* use "anonymous" rules.
>
> The solution is a "choice",...either:
> 1. Create an "anonymous" Rule for POP3/SMTP
> ....Or.....
> 2. Install the Firewall Client and run the machine as a combination Web
> Proxy Client & Firewall Client.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/ISA2004_AccessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
> http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
>
> Deployment Guidelines for ISA Server 2004 Enterprise Edition
> http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
> -----------------------------------------------------
>
>
>
>
.
- Prev by Date: New ISA 2004 Client
- Next by Date: Re: ISA & DNS Conflicts ?
- Previous by thread: New ISA 2004 Client
- Next by thread: Re: Rule blocks OutLook Mail
- Index(es):
Relevant Pages
|
