Re: SSL Tunnel - Denied & Failed log entries

Sorry, but this did not fix the problem. What happened
was, I had my Web Browser to our Wingate Proxy Server
instead of the ISA Server. When I found this out, I switched
my IE 6+ browser back to use the ISA Server 2004 as
the Proxy server. ISA Server still has the lines in the detail
log from Client IP to the ISA Server's internal IP for SSL-Tunnel
protocol was "Denied"/"Failed".

Another thing I don't understand is, I can login to my Yahoo
mail account through ISA. I believe that uses SSL, too!
Why not to our Trading Partner's SSL site?

What can I do????

Thanks for your help.


"C C" <someone@xxxxxxxxxxxxxxx> wrote in message
news:NTNbf.5600$8W.199@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> That did it. I created a Rule for HTTPS protocol:
> From Internal and Localhost - To Internal and Localhost
> For All Users
> I then placed this on top of the rules list.
>
> What I don't understand is, why does the ISA Server need this?
> I already have a rule for my "Web Access" to allow common
> Web Browser protocols (Http, Https, Ftp, Pop3, SMTP, etc)
> from Internal and Localhost to External, Internal, and Localhost.
>
>
>
> "Julian Dragut" <julianmd@xxxxxxxxxx> wrote in message
> news:ucn$3G24FHA.1000@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi,
>> I've had these simtoms before with VPN users trying to access resources
>> in the LAN, and the rule filed was empty too.
>>
>> In your case I would create a HTTPS rule, and place it before the others;
>> pls post back!
>>
>> Cheers
>> "C C" <someone@xxxxxxxxxxxxxxx> wrote in message
>> news:ZeKaf.5020$8W.1802@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>> By the way the "Failed" and the "Denied" entries have blank in the
>>> "Rule" column.
>>> Why is the remote IP the ISA Server's IP address, though???
>>>
>>> "Kevin Longley" <kwlongley@xxxxxxxxxxxxxx> wrote in message
>>> news:O9nWHmN4FHA.1140@xxxxxxxxxxxxxxxxxxxxxxx
>>>>I have had this issue for a few https web sites and had to configure
>>>>them for direct access.
>>>>
>>>> "C C" <someone@xxxxxxxxxxxxxxx> wrote in message
>>>> news:v0xaf.6140$Kv.3150@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hello,
>>>>>
>>>>> I'm running ISA 2004 and I have a rule to allow "Internet Users"
>>>>> group inside to access the Internet using Web Browser, FTP, POP3, etc.
>>>>> I have a rule which is called "Web Access Only" which allows common
>>>>> web browsing protocols, including HTTPS.
>>>>>
>>>>> Some users have reported problems going to secure websites of our
>>>>> trading partners, and others - that the page sometimes times out, or
>>>>> authentication on the secure website fails.
>>>>>
>>>>> So I looked at the Web usage log and here is very interesting.
>>>>> Tracing one users log entries to a secure site, I have the following
>>>>> entries:
>>>>> Note: User's IP = 192.168.0.126, ISA 2004 server = 192.168.0.3
>>>>> (SecureSite) = The remote IP address of the secure
>>>>> site
>>>>> There are a series of these entries in a matter of milliseconds in
>>>>> between
>>>>> each entry. Sometimes they finally get the page but since the burst
>>>>> of these
>>>>> failures, it takes a long time to display the page, or any page for
>>>>> that matter
>>>>> after they have logged on. What is causing my problem.
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>>
>>>>> ComputerIP User RemoteIP Protocol Rule
>>>>> Action
>>>>> -------------- ----------- ----------- ------------- -------------
>>>>> --------
>>>>> 192.168.126 KarenD (SecureSite) SSL-tunnel Web Access
>>>>> Allowed
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 KarenD (SecureSite) SSL-tunnel Web Access
>>>>> Allowed
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 KarenD (SecureSite) SSL-tunnel Web Access
>>>>> Allowed
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 KarenD (SecureSite) SSL-tunnel Web Access
>>>>> Allowed
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 Anonymous 192.168.0.3 SSL-tunnel Web Access
>>>>> Denied
>>>>> 192.168.126 KarenD (SecureSite) SSL-tunnel Web Access
>>>>> Allowed
>>>>> .
>>>>> .
>>>>> .
>>>>> .
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • Re: SSL Tunnel - Denied & Failed log entries
    ... I created a Rule for HTTPS protocol: ... From Internal and Localhost - To Internal and Localhost ... why does the ISA Server need this? ... Web Browser protocols (Http, Https, Ftp, Pop3, SMTP, etc) ...
    (microsoft.public.isaserver)
  • Re: Bypass address
    ... Client Configuration / Web Browser ... How can I do that in ISA server? ...
    (microsoft.public.isaserver)
  • RE: HTTPS PROBLEM
    ... Most of all Hong Kong HTTPS WEB (I think, ... How to configure networks in ISA Server 2004 ... This newsgroup only focuses on SBS technical issues. ... you may want to contact Microsoft CSS directly. ...
    (microsoft.public.windows.server.sbs)
  • RE: rpc over https
    ... outlook tries to connect to your exchange server. ... The article I read on How to configure ISA server 2004 to ... >> server, I can see it hitting the ISA server, but it just keeps doing HTTPS ... I presume that port ...
    (microsoft.public.exchange.admin)
  • RE: rpc over https
    ... Perhaps I should ask in the ISA server newsgroup unless anyone here knows why ... When I take my laptop off the office LAN, ... > server, I can see it hitting the ISA server, but it just keeps doing HTTPS ... I presume that port ...
    (microsoft.public.exchange.admin)
Loading