RE: HELP! Strange Problem with Internet Access after Migration

Hi Wallace:
Thank you for posting here.

>From your description, I understand that after you migrated the SBS 2003
Server, you cannot access your web site www.tapeandmedia.com, but other
websites such as www.google.com can be viewed without difficulties. If I am
off base, please feel free to let me know.

Before we go any further, could you please let me know if the website
www.tapeandmedia.com is published by the SBS Server, which means the
website is on the SBS Server or an internal member server? If the website
is hosted on the internet, please do let me know.

Here, I assumed that this website is published to the external by ISA
Server. I would like to provide the following suggestions:
Suggestion 1, with ISA 2000 installed.
If you are using ISA 2000, there is a known issue when the internal client
computers are only deployed as SecureNAT clients without firewall client
installed. (To be a SecureNAT client, the workstation has to have it's
default gateway set to the internal IP of the ISA server.)

The SecureNAT Clients Cannot Access the Internal Resources That Are
Published by Means of ISA Server
http://support.microsoft.com/default.aspx?scid=KB;EN-US;296674

Suggestion 2, with ISA 2004 installed.
Since the internet computers can access the published web sites, ISA works
well and this issue may not be caused by the ISA. This issue may occur if
the IE on the internal clients still sends the requests to ISA when
accessing the internal clients. To verify it, please perform the following
test:

1. On a problematic internal client, close all IE windows.
2. Open Internet Options | Connections tab | LAN Settings button, clear all
proxy settings, and then click OK twice.
3. Launch IE to access the URL again, does the problem still exist? (Please
make sure the firewall client is installed on the client)

If the issue disappears, it should be an IE behavior. As I know, Internet
Explorer uses the following rule to determine if the web site is on
internet or intranet: "If an FQDN or IP address contains a period, Internet
Explorer identifies the Web site or share as in the Internet zone". If
your LAN clients access your internal web sites by using FQDN name or IP
address, Internet Explorer will always treat it as the Internet sites. I am
not sure if you access this web site using http://www.tapeandmedia.com from
the client side.

In general, if Internet Explorer correctly recognizes that the accessing
site is an internal site, it will not send the request to the ISA/Proxy
server. Instead, it sends the request directly to the web server.

To resolve this issue, you can use one of the following workarounds (Make
sure the option "Bypass proxy server for local addresses" under Internet
Options | Connections tab | LAN Settings is checked):

1. Add the FQDN or IP address of the internal sites into Internet Options |
Connections tab | LAN Settings button | Advanced button | Exceptions
2. Add the FQDN or IP address of the internal sites into Internet Options |
Security tab | Local Intranet icon | Sites button | Advanced button | Add
this web site to the zone
3. On the ISA Server, open ISA Management | Network Configuration | LDT,
add all domain names that are in the internal network, and then configure
Automatic configuration Script.

In order to exclude the Web sites listed in LDT from being proxied, we need
to use automatic configuration script. If you simply configure proxy server
in IE, IE cannot know which Web site needs to be excluded so it still send
the request to the ISA server. ISA server knows that the Web site is in LDT
but it is unable to notify the client with this; the only choice for ISA is
to serve the client with is request. Once you put the setting on the client
side, IE will be aware of this so the Web sites are skipped.

Once we configure automatic configuration script, IE will download a script
from the ISA server. This script includes the sites to skip so IE can be
aware of the LDT and skip them. To configure automatic configuration
script, please try:

A. On the ISA server

1) In ISA console, locate Client Configuration->Web Browser.
2) Select "Set Web browsers to use automatic configuration script" under
"Automatic configuration". Select "Use default URL".

You will see the URL below. Write it down.

3) Click "OK" to take effect and ISA will write LDT into this script.

B. On the client computer

1) Open Internet Options from the Control Panel
2) On Connections tab, click LAN Settings.
3) Make sure "Automatically detect settings" is unchecked.
4) Check "Use automatic configuration script" and then put the URL into the
"Address" text box.

- Generally, the URL is "http://Server:Port/array.dll?Get.Routing.Script";.
Server is the ISA server name and port is the Web proxy listening port.

- You can import http://Server:Port/array.dll?Get.Routing.Script in the IE
address bar to download this script file.

5) Click "OK".

Thus, the configuration on the ISA server will be downloaded through this
URL. The Web sites listed in LDT will be accessed directly.

Then, from the client side, try accessing http://www.tapeandmedia.com
again. Does it work this time?

Thanks for your time and cooperation. I look forward to hearing from you.
Please feel free to let me know if you have any questions or concerns.

Have a nice day! :)

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: HELP! Strange Problem with Internet Access after Migration
| thread-index: AcWvzOdmGQfU49xYRR2wtxsZoG7FxQ==
| X-WBNR-Posting-Host: 63.144.134.130
| From: "=?Utf-8?B?QndhbGxhY2Vqcg==?="
<Bwallacejr@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: HELP! Strange Problem with Internet Access after Migration
| Date: Fri, 2 Sep 2005 07:45:04 -0700
| Lines: 12
| Message-ID: <6FC4E10B-38B3-488E-83DC-489D0885EAF8@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:150243
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I just migrated (swing) SBS2003 Premium to new hardware and our clients
| cannot get to our (public) internet site. I can get to other sites like
| this one www.google.com but not to ours (www.tapeandmedia.com). I don't
have
| this problem From the server.
|
| We are using ISA.
|
| --
| B Wallace
| www.tapeandmedia.com
| www.tapeandmeda-data.com
| www.tapeandmedia-dvd.com
|

.