RE: Web proxy returns Error code 502 (12202)
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Thu, 14 Aug 2008 12:56:33 GMT
Hi Dagwin,
Thank you for your update.
I'm glad to hear that things are working correctly for you now. Please do
not hesitate to post in this newsgroup if you need any assistance in the
future. I look forward to working with you again.
Thank you and have a nice day,
Best regards,
Terence Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Web proxy returns Error code 502 (12202)<eD$TGk5#IHA.5648@xxxxxxxxxxxxxxxxxxxxxx>
thread-index: Acj+APQTWvy05ltTTX6cyTNam8q0Dw==
X-WBNR-Posting-Host: 207.46.193.207
From: =?Utf-8?B?RGFnd2lu?= <Dagwin@xxxxxxxxxxxxxxxx>
References: <5693EC07-2576-4AD9-9ECD-FE01C335AB49@xxxxxxxxxxxxx>
<9C92156E-771F-4F60-8F5F-BA55D4FF1C0B@xxxxxxxxxxxxx>
<7zXTBPT$IHA.5572@xxxxxxxxxxxxxxxxxxxxxx>
Subject: RE: Web proxy returns Error code 502 (12202)w3proxy
Date: Thu, 14 Aug 2008 04:29:02 -0700
Lines: 317
Message-ID: <C561256A-B025-4893-BB5F-E0F9E2E940A2@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
Newsgroups: microsoft.public.isa
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.isa:6825
NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
X-Tomcat-NG: microsoft.public.isa
Hello Terence,
Recreating the rule and domain name set solved the problem.
I still wonder what went wrong though...
Thanks for your tips and your help!
Kind regards,
Dagwin
--
Dagwin
"Terence Liu [MSFT]" wrote:
Hello Dagwin,
Thank you for your update.
I find the following deny log in the ISA server log:
===========================
212.190.195.16 anonymous Windows-Update-Agent Y 8/12/2008 07:46:42
HEADICAISA - download.microsoft.com 212.190.195.2 8080 1 200 254 http TCP
http://download.microsoft.com/v7/windowsupdate/redir/wuredir.cab?0808120746
w3proxy- - 12202 0x0 Prohibit Streaming Servers Req ID: 06e45511 Perimeter
External 0x0 Denied 8/12/2008 07:46 -
212.190.195.16 anonymous Windows-Update-Agent Y 8/12/2008 07:46:42
GETICAISA - download.microsoft.com 212.190.195.2 8080 1 199 4317 http TCP
http://download.microsoft.com/v7/windowsupdate/redir/wuredir.cab?0808120746
Domain- - 12202 0x0 Prohibit Streaming Servers Req ID: 06e45513 Perimeter
External 0x800 Denied 8/12/2008 07:46 -
============================
From the log we know the access to Microsoft.com is denied by the rule
called "Prohibit Streaming Servers".
I suggest you delete the "Prohibit Streaming Servers" rule and the
clickname sets. Then, recreate it as the following steps:
1. Create Domain Name Sets for the blocked sites.
Please open the ISA management console, navigate to Firewall Policy,
NameToolbox tap in right pane, select Network Objects, right-click Domain
*.shutterfly.com,Sets select New Domain Name Sets. In New Domain Name Set Policy Element
window, add all the sites domains to the list (*.dr.dk,
right*.streampower.be, *.vo.llnwd.net, streampower.belgacom.be), input a name
like "Blocked Web Sites", then click OK.
2. Create a access rules.
Please open the ISA management console, navigate to Firewall Policy,
usingclick "Firewall Policy" and click New->Access Rule, then create two new
access rules as following:
Rule name: Block sites
Rule Action: Deny
Protocols: All Outbound Traffic
Sources: internal
Destination: Blocked Web Sites (created in step 2#)
User Sets: All Users
Then move this rule to the top and click Apply to save all the settings.
Then, test this issue.
Meanwhile, please try to perform the steps in the following KB:
947124 Error message when a user visits Web site that is published by
correspondingMicrosoft ISA Server together with client certificate authentication:
"Error Code: 403 Forbidden"
http://support.microsoft.com/kb/947124
I hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
manner.newsgroups so that they can be resolved in an efficient and timely
theYou can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check
are"Notify me of replies" box to receive e-mail notifications when there
newsreader,any updates in your thread. When responding to posts via your
doingplease "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
Pleaseso, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly.
rights.check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe
--------------------
Thread-Topic: Web proxy returns Error code 502 (12202)<eD$TGk5#IHA.5648@xxxxxxxxxxxxxxxxxxxxxx>
thread-index: Acj8Uv6X46IDPbXkSU2p+i+Dhqeu4Q==
X-WBNR-Posting-Host: 65.55.21.8
From: =?Utf-8?B?RGFnd2lu?= <Dagwin@xxxxxxxxxxxxxxxx>
References: <5693EC07-2576-4AD9-9ECD-FE01C335AB49@xxxxxxxxxxxxx>
Subject: RE: Web proxy returns Error code 502 (12202)
Date: Tue, 12 Aug 2008 01:11:16 -0700
Lines: 269
Message-ID: <9C92156E-771F-4F60-8F5F-BA55D4FF1C0B@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
Newsgroups: microsoft.public.isa
Path: TK2MSFTNGHUB02.phx.gbl
Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.isa:6804
NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
X-Tomcat-NG: microsoft.public.isa
Hello Terence,
You understood the problem correctly.
I followed your suggestions, but none of them solved the issue:
- installed hotfix and edited registry key (there was no entry RAT in
HKLM\Software\Microsoft, create the additional entries from there)
- cleared the DNS cache
- cleared the web proxy cache
- installed the firewall client and added *.sun.com to the exceptions
- disabled compression
I still get the error when trying to download the SUN JRE, here is the
direct link:
?e=1218525172189&h=3b01a4e56c8fe5cc79a7187681f8de04/&filename=jre-6u7-window
opens-i586-p-s.exe
If I disable the rule and use the above link, I'm prompted to save or
thethe file.
Enable the rule, and I get error 502 (12202) again.
I collected the cab file with IsaBPA, took a screenshot and captured
pleaselog
files.Proxy
I zipped all this and just sent it to your e-mail address.
For now, I will restore the ISA server settings (logging, compression).
Any other suggestions are welcome.
Thanks for your help!
Kind regards,
Dagwin
--
Dagwin
"Terence Liu [MSFT]" wrote:
Hello Customer,
Thank you for posting here.
According to your description, I understand that you get error "502
(URL).Error. The ISA Server denied the specified Uniform Resource Locator
for(12202)" when you access some web sites after you enabled a deny rule
some other domain name sets. If I have misunderstood the problem,
wedon't hesitate to let me know.
Based on my research, I suggest we try the following steps to see if
usercan
resolve this issue:
I. Please apply the following hotfix:
An ISA Server 2006 Web Proxy client receives error code 502 when a
registrytries to visit certain Web sites
http://support.microsoft.com/kb/935693
As per the KB935693, we need to create the registry key in the
onof
Andthe ISA servers. The path is
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\Web Filters.
the registry key can be created as follows,
Value name: DROP_CONTINUATION_LINES
Value type: REG_DWORD
Value data: 1
Then, test this issue.
II. If the issue persists, please clear DNS cache and Web Proxy cache
ServerISA Server.
a. Clear the DNS cache of the ISA server. Please download and run the
script from:
http://www.isatools.org/tools/ClrDNS.cmd
b. Clear the ISA web proxy cache:
How to delete the Web cache in Internet Security and Acceleration
Options,webhttp://support.microsoft.com/default.aspx?scid=kb;en-us;838248
III. Please make sure all the internal clients are configured as both
proxy client and firewall client:
To be a Web Proxy client, please open IE, click Tools->Internet
Proxyand click Connections->LAN Settings, configure ISA server as your
theserver (you can enter either the computer name or the internal IP of
FirewallISA server, port 8080 by default.)
To be a Firewall client, the workstation needs to have the ISA
pleaseExplorerClient software installed.
Then on the client computer, added the external FQDN in Internet
in:
Internet options
Connections
Lan settings
Advanced (proxy server)
Exceptions area (do not use proxy server for address beginning with)
In you scenario, the problem website is www.domain.com, so please add
*.domain.com in Exceptions area.
IV. Disable http compression on the ISA Server.
1. Open ISA Management console, navigate to 'Configuration'\'Add-ins'.
2. In the right panel, click 'Web Filters' tab.
3. Disable the filter 'Compression filter'. Apply the settings.
If we cannot resolve the issue after we perform the steps above,
onhelp me collect some information for further investigation:
1. Please help me gather a screenshot when you reproduce this issue
http://www.microsoft.com/downloads/details.aspx?FamilyID=d22ec2b9-4cd3-4bb6-the
client side and send it to me at v-terliu@xxxxxxxxxxxxx
2. Make sure the latest version of ISABPA is installed on the ISA box.
capturing91ec-0829e5f84063&DisplayLang=en
Start a command prompt, change directory into:
C:\Program Files\Microsoft IsaBPA>
Run "IsaBpaPack.exe +Repro" (without quotation mark)
It will then ask you to press space bar when you want to start
networknetwork traffic.
Try reproducing the problem.
After that please press space bar again on ISA to stop capturing
'Tasktraffic. It will package everything into a CAB file on the desktop.
3. ISA logs:
Enable the full Web Proxy/firewall logging option:
a. Open ISA 2006 management console.
b. Expand the server node and highlight 'Monitoring'.
c. In the right pane, switch to the 'Logging' tab, make sure the
existing'LoggingPane' is showed there.
d. In the 'Task Pane', click 'Configure Web Proxy Logging' under
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
e. Switch to the 'Fields' tab, and then click 'Select All'.
f. Click OK, and then click 'Apply' to save changes and update the
configuration.
g. Click 'Configure Firewall Logging'. Do step d~f to enable the full
logging options for firewall logging.
Prepare to take the trace:
a. Temporarily stop the Firewall service to clear the current
ByW3C
Firewall'logs: Monitoring->Services tab, and then right click 'Microsoft
to choose 'Stop'.
b. Go to the log saving directory and clean any existing .W3C logs.
normal.)default, the logs will be saved to 'C:\Program Files\Microsoft ISA
Server\ISALogs'. (Some MDF may not be able to deleted, that's
stoppedc. Go back to the ISA 2004 management console, and then Start the
'Microsoft Firewall' service.
Reproduce the problem:
.
- References:
- Web proxy returns Error code 502 (12202)
- From: Dagwin
- RE: Web proxy returns Error code 502 (12202)
- From: Terence Liu [MSFT]
- RE: Web proxy returns Error code 502 (12202)
- From: Dagwin
- RE: Web proxy returns Error code 502 (12202)
- From: Terence Liu [MSFT]
- RE: Web proxy returns Error code 502 (12202)
- From: Dagwin
- Web proxy returns Error code 502 (12202)
- Prev by Date: Re: non-standard port for SSL on ISA 2004 - How?
- Next by Date: RE: Web proxy returns Error code 502 (12202)
- Previous by thread: RE: Web proxy returns Error code 502 (12202)
- Next by thread: RE: Web proxy returns Error code 502 (12202)
- Index(es):
Relevant Pages
|
Loading
