Re: Getting 12209 error on isa when server tries to connect to cookie enabled site. Xp workstation works fine. same OU. HIGH PRIORITY. THANKS IN ADVANCE!
- From: "A. Klimkin" <nothanks at microsoft.com>
- Date: Fri, 17 Feb 2006 16:30:06 +0300
What leads you to a conclusion that this problem is an ISA server related?
From what I have understood from your explanation, you're complaining thatthe same code cannot get access to the same web site from different
platforms - XP and Server 2003.
This leads me immediately to the conclusion that your issue is somewhat
related to the so-called "IE Enhanced security configuration" incorporated
in Windows Server 2003. I'd rather to dig this way than to beaten the ISA
server. Maybe something wrong with zone security settings. Besides that a
have no particular suggestions though.
Sorry if I haven't understood your issue and started throwing here my
suggestions ;-)
Regards,
Andrew
"JP Ueberbach" <webmaster@xxxxxxxxxxx> wrote in message
news:OiCqYvyMGHA.2828@xxxxxxxxxxxxxxxxxxxxxxx
This is a difficult one and is cookie header related... please do not
answer this question if you do not fully understand our problem. We have
tried many many many etc things.
I must tell the headers from out of my head, so i cant give you the EXACT
details but will try to be exact as possible.
We try to access a certain site which sets cookies by sending cookie
header Set-Cookie: etc
This cookie is after an internal 302 redirect transmitted to the server :=
session cookie.
i.e.
GET site/
407 Access denied
ISA Proxy authentication
302 Object moved temporarily
Location etc
Set-Cookie etc
-------------------------------
after this we get different behaviour on both the XP machine and the
windows 2003 server
First the client situation (Windows XP Professional)
After the 302 Object moved temporarily another request is done
GET Location
Cookie: Cookie names and values
---------------------------------- RESPONSE -->
200 OK
Next the server situation
After the 302 Object moved temporarily another request is done
GET Location
Cookie: Cookie names and values
---------------------------------- RESPONSE -->
407 ISA 12209 access denied
Ok. So you think it might be the redirect to the other location.
We also thought that might be it, so we took another site with a redirect
we know of that it doesnt use
session cookies. result=Same behaviour on the XP and Client machine. 200
OK
in short:
1.The conclusion is that since the Set-Cookie on both machines is executed
and received, this isnt the issue.
2.The conclusion is that when Cookie header is sent from the server to
site, it fails
3.The conclusion is that when Cookie header is sent from the client to
site, it succeeds
4.The conclusion is that when NO Cookie header is sent from server to
site, it succeeds
5.The conclusion is that when NO Cookie header is sent from client to
site, it succeeds
6.Both machines are in the same organizational unit so policies are the
same (except for the win2003 and xp difference)
7.It might be OS related, winxp, win2003 differences in policy/settings.
8.All other non cookie enabled sites work so proxy authentication is just
fine.
9.Site is in local intranet zone.
We use the winhttprequest component to gain access to the site in question
over an ISA 200X proxy server.
Thanks in advance for helping us out.
I will send u a pie when your solution solves the problem we are
experiencing. It is a very high priority problem.
.
- Follow-Ups:
- References:
- Prev by Date: Re: Accessing the published webpage behind a router.
- Next by Date: Re: Problem after installing SP2
- Previous by thread: Re: Getting 12209 error on isa when server tries to connect to cookie enabled site. Xp workstation works fine. same OU. HIGH PRIORITY. THANKS IN ADVANCE!
- Next by thread: Re: Getting 12209 error on isa when server tries to connect to cookie enabled site. Xp workstation works fine. same OU. HIGH PRIORITY. THANKS IN ADVANCE!
- Index(es):
Relevant Pages
|
|
