RE: Cannot browse Internet from ISA 2004 server in Remote Desktop session

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Hi Omar,

Thank you for posting in SBS newsgroup.

>From the description, I understand the issue to be: you can not browse
internet which using HTTP protocol from SBS in Remote Desktop session when
you RDP to SBS form outside network. If I have misunderstood your concerns,
please do not hesitate to let me know.

To narrow down the problem, would you please help me collect the following
information?

1. Does the situation occur when you use domain admin to RDP to the SBS
Server form external network?
2. On ISA Management, make sure "Require all users to authenticate" is not
selected as following. Can the situation occur?

1) Click "Start", point to "Programs", point to "Microsoft ISA Server", and
then click "ISA Server Management".
2) In "ISA Server Management", in the right pane, click the "Toolbox" tab,
and then click "Networks".
3) Right click Internal and select Properties.
4) In Web Proxy tab | Authentication button, make sure "Require all users
to authenticate" is not selected.

3. Please try to enable or disable proxy on the SBS server to see if the
problem disappears.
4. Please modify the SBS Internet Access Rule to allow All user to try to
see if the problem still occurs.
5. Gather the ISA log after perform the above steps:

1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem (initiate an SQL access), stop the service, and
then gather the resulting W3C files to me for analysis.

I am appreciated your time and I look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Omar Seri" <omar.seri@xxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Cannot browse Internet from ISA 2004 server in Remote Desktop
session
| Date: 7 Dec 2005 06:09:48 -0800
| Organization: http://groups.google.com
| |
| I'm managing SBS 2003 network with ISA 2004 and I'm having the
| following problem: while accesing the SBS 2003/ISA 2004 server with
| remote desktop from outside the local network I cannot browse the
| Internet (In fact, it seems that the only protocole having problems if
| HTTP). But, if the same server is accesed with remote desktop from the
| local network, there is no problem.
| Because I also manage another network with the same topology (SBS 2003
| with ISA 2004) I tested the same issue: browse with Internet Explorer
| the ISA 2004 server accesed with remote desktop from outside the local
| network and I found no problem.
| I checked both firewall access rule list and I didn't find out where
| the problem is with one of the network.
| I also monitored the network with problems with ISA built-in monitor: I
| modified the filter, I added the HTTP protocol and a specified
| destination address. When I try then to reach that address in IE, I've
| got the 403 error, and in ISA monitor, I've got a "Refused connection"
| by the default "SBS Internet access rule": I do not understand why a
| rule that allow traffic could deny the http.
| I would appreciate any help on this.
| Thanks
|
|

.

Quantcast