Re: Getting 12209 error on isa when server tries to connect to cookie enabled site. Xp workstation works fine. same OU. HIGH PRIORITY. THANKS IN ADVANCE!

Ok. we have solved the problem. We took a winhttp dll from the working xp
client machine
and closed all handles to the original winhttp.dll on the win2003 server.
We then disabled file protection, replaced the winhttp.dll with the xp
version, regsvr32 winhttp.dll of the new dll. and then rebooted the machine.

This home made patch works. After knowing this, i have posted the question
in the wrong forumn.

IE enhanced security configuration was already disabled.

Thanks for all suggestions.



"A. Klimkin" <nothanks at microsoft.com> wrote in message
news:ed0%23ZY8MGHA.1488@xxxxxxxxxxxxxxxxxxxxxxx
What leads you to a conclusion that this problem is an ISA server related?
From what I have understood from your explanation, you're complaining that
the same code cannot get access to the same web site from different
platforms - XP and Server 2003.
This leads me immediately to the conclusion that your issue is somewhat
related to the so-called "IE Enhanced security configuration" incorporated
in Windows Server 2003. I'd rather to dig this way than to beaten the ISA
server. Maybe something wrong with zone security settings. Besides that a
have no particular suggestions though.
Sorry if I haven't understood your issue and started throwing here my
suggestions ;-)

Regards,
Andrew

"JP Ueberbach" <webmaster@xxxxxxxxxxx> wrote in message
news:OiCqYvyMGHA.2828@xxxxxxxxxxxxxxxxxxxxxxx
This is a difficult one and is cookie header related... please do not
answer this question if you do not fully understand our problem. We have
tried many many many etc things.

I must tell the headers from out of my head, so i cant give you the EXACT
details but will try to be exact as possible.

We try to access a certain site which sets cookies by sending cookie
header Set-Cookie: etc
This cookie is after an internal 302 redirect transmitted to the server
:= session cookie.

i.e.
GET site/
407 Access denied
ISA Proxy authentication
302 Object moved temporarily
Location etc
Set-Cookie etc
-------------------------------
after this we get different behaviour on both the XP machine and the
windows 2003 server

First the client situation (Windows XP Professional)

After the 302 Object moved temporarily another request is done
GET Location
Cookie: Cookie names and values
---------------------------------- RESPONSE -->
200 OK

Next the server situation

After the 302 Object moved temporarily another request is done
GET Location
Cookie: Cookie names and values
---------------------------------- RESPONSE -->
407 ISA 12209 access denied

Ok. So you think it might be the redirect to the other location.
We also thought that might be it, so we took another site with a redirect
we know of that it doesnt use
session cookies. result=Same behaviour on the XP and Client machine. 200
OK

in short:

1.The conclusion is that since the Set-Cookie on both machines is
executed and received, this isnt the issue.
2.The conclusion is that when Cookie header is sent from the server to
site, it fails
3.The conclusion is that when Cookie header is sent from the client to
site, it succeeds
4.The conclusion is that when NO Cookie header is sent from server to
site, it succeeds
5.The conclusion is that when NO Cookie header is sent from client to
site, it succeeds
6.Both machines are in the same organizational unit so policies are the
same (except for the win2003 and xp difference)
7.It might be OS related, winxp, win2003 differences in policy/settings.
8.All other non cookie enabled sites work so proxy authentication is just
fine.
9.Site is in local intranet zone.

We use the winhttprequest component to gain access to the site in
question over an ISA 200X proxy server.

Thanks in advance for helping us out.

I will send u a pie when your solution solves the problem we are
experiencing. It is a very high priority problem.






.

Relevant Pages

  • Re: Chicken and egg issue with Cookie based login?
    ... >> Cookies are created by the server, not by the client. ... a client can create a cookie as well. ... The credentials are created when the user logs into the server. ...
    (comp.security.misc)
  • Re: If not readdir() then what?
    ... Please go read the NFS spec. ... The only thing an NFS client has in order ... filehandle and a cookie as its arguments. ... The server is expected to return cookies for _each_ ...
    (Linux-Kernel)
  • Re: Getting 12209 error on isa when server tries to connect to cookie enabled site. Xp workstation w
    ... What leads you to a conclusion that this problem is an ISA server related? ... We try to access a certain site which sets cookies by sending cookie ... 2.The conclusion is that when Cookie header is sent from the server to ...
    (microsoft.public.isa)
  • Re: Chicken and egg issue with Cookie based login?
    ... a client can create a cookie as well. ... So in reference to the W3C document, this MAC is created by the server? ... a new client created hashed cookie to pass the credentials to the server. ...
    (comp.security.misc)
  • Re: executing javascript and vbscript
    ... by javascript, so the request pulls the old value. ... Communication between the server and the client happens in one direction at ... So the cookie is set using your client side JavaScript AFTER all the cookies ...
    (comp.lang.javascript)