Re: ISA/Proxy problem
From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 12/17/04
- Next message: freddyboy1_at_hotmail.com: "Re: Deploying french and english MSI packages in group policy"
- Previous message: KevinK: "Re: I'm so confused (nothing new, I know) Les, help please"
- In reply to: Phillip Windell: "Re: ISA/Proxy problem"
- Next in thread: Phillip Windell: "Re: ISA/Proxy problem"
- Reply: Phillip Windell: "Re: ISA/Proxy problem"
- Reply: CZ: "Re: ISA/Proxy problem"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 17 Dec 2004 13:22:11 -0600
I'll have to double check - but I don't think you need to remove browser
proxy settings. Matter of fact, I'm sure that you don't. I'm thinking it
may be as much of the HTTP Redirector's fault as Ad-Aware's. I know I've
seen documentation stating that the redirector can't pass credentials to the
proxy service - so if your proxy service requires outbound authentication
(separate from your protocol rules), then apps like this will fail because
the credentials originally supplied by the Firewall Client are submitted to
the HTTP Redirector, which fails to forward those credentials to the Web
Proxy Service.
-- Chad A. Gross - SBS MVP SBS ROCKS! www.msmvps.com/cgross www.gosbs.org Phillip Windell wrote: > "SuperGumby [SBS MVP]" <not@your.nellie> wrote in message > news:ODtNPw64EHA.2568@TK2MSFTNGP11.phx.gbl... >> I have not adjusted the default behaviour of the HTTP redirector. > > The Protocol rule they suggest is an "anonymous" rule, as indicated > by the "Any Request". This allows it to work because Ad-Aware's > problem in the first place is its inability to properly pass the > credentials to the Web Proxy Service in the proper manner. The > suggested Rule causes ISA to not ask for credentials when going to > Lavasoft's URLs,...hence it works. > > If someone is not willing to use Anonymous Rules, then they must > adjust the Redirector to not send to the Web Proxy Service, remove > the Browser's Proxy Settings and run the Clients as Firewall Clients > only. SecureNAT doesn't authenticate and is effectively anonymous so > isn't a viable solution if authentication is required by company > policy. > > In the end, it is a lot of "crap" to go through for just one stupid > application because some programmer didn't write their code properly. > > Other products will have similar problems if they use FTP to transfer > the update using FTP methods that aren't compatible with the > "encapsulated read-only FTP" that is used by the CERN web proxy > standard. In those cases the client has to run as a Firewall Client > or SecureNAT client to be able run standard FTP. > > Even the newset version of Windows Update doesn't work properly with > their own ISA, and I believe again it is an authentication issue (but > a different type). I suspect it is because one division of a large > company did not collaborate properly with another division in the > same large company so that their production methods agreed with each > other. > > Here is their article on that. You will notice that their solution is > to create an "anonymous" rule as did Lavasoft. In this case, with one > of the two scenarios, they seem to want to blame Internet Explorer > and have a patch for it. In the other scenario they say the root > cause is still being investigated. > > You experience problems when you access the Windows Update Version 5 > Web site through a server that is running ISA Server > http://support.microsoft.com/default.aspx?scid=kb;en-us;885819
- Next message: freddyboy1_at_hotmail.com: "Re: Deploying french and english MSI packages in group policy"
- Previous message: KevinK: "Re: I'm so confused (nothing new, I know) Les, help please"
- In reply to: Phillip Windell: "Re: ISA/Proxy problem"
- Next in thread: Phillip Windell: "Re: ISA/Proxy problem"
- Reply: Phillip Windell: "Re: ISA/Proxy problem"
- Reply: CZ: "Re: ISA/Proxy problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
