Re: http://companyweb doesn't work but http://companyweb.domain.local or https://companyweb do

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I'm not forcing SSL on either web site.

After more research I found a post on Susan Bradley's Blog that seems
to describe my problem. The funny thing though is that I have th
firewall client installed on all the machines and we're still getting
the error. :-(

Does that help?

Link to Susan's blog:
http://msmvps.com/blogs/bradley/archive/2006/12/23/issues-in-december-from-the-partner-newsgroups.aspx

Text from Susan's blog:

ISSUE
-----------
SBS 2003 with ISA 2004 installed. LAN clients receive 403 access denied
when
accessing http://companyweb. They can browse https://companyweb and
http://companyweb.domain.local without issues.

CAUSE
--------
"Require all users to authenticate" option was enabled on the ISA's
Internal
network.
All the LAN clients are configured as Web Proxy client and the "Bypass
proxy
server for local addresses" option is ticked.
The problem occurrs because ISA requires authentication for all HTTP
traffic
from the internal network.
When the "Bypass proxy server for local addresses" option is selected,
IE
will bypass the proxy when accessing resources considered locally
(whose URL
doesn't contain a period) and leverage either the Firewall client and
the
SecureNAT client to send the traffic.
If Firewall Client is not installed, the SecureNAT will handle the
traffic.
As the SecureNAT cannot pass the user credential to the ISA, the access

failed.
As you install the third party web filter on the ISA, the "Require all
users
to authenticate" option should be enabled.

RESOLUTION
---------------
Two options:

1. Uncheck the "Bypass proxy server for local addresses" option in IE.

Or:

2. Install the Firewall Client on all the workstations.



Lanwench [MVP - Exchange] wrote:
In news:1168008459.848591.280780@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
Jon <jonoallen@xxxxxxxxx> typed:
Out of the blue (at least I can't think of any change I've made
recently that could have caused this) all our clients can no longer
access http://companyweb, http://server, http://server/exchange etc.

They CAN however access https://companyweb
They CAN access http://companyweb.americansavingslife.local (if they
put in their username and password)
Clients can ping companyweb and they get a response saying "pinging
server.domain.local [192.168.10.8] with 32 bytes of data: Reply from
192.168.10.8: bytes=32 time<1ms TTL=128"

DNS looks like it's working great - I can say "nslookup companyweb"
and get a response "Name: server.domain.local Address: 192.168.10.8
Aliases: companyweb.domain.local".

Clients CAN NOT open up internet explorer and navigate to
http://companyweb.

I've tried flushing dns, registering dns, nbtstat -R and -RR, I've
reset IIS, reset my client computer, tried setting a static IP - they
all don't work.

ipconfig /all shows everything pointing to my server, just like it's
supposed to.

I would imagine this is a simple issue with a simple resolution, but
I'm sure missing it. :-{

Thanks and have a great day,
Jon

This isn't an IP or DNS issue. Sounds like someone set a requirement to use
SSL on companyweb & OWA manually - find it in IIS, go to directory security,
and in the SSL / certificate button options, untick the box to force SSL.

Same for /exchange. If you're allowing only port 443 inbound in your
firewall/router/ISA, your external OWA users will still be required to use
https: as they should.

There's nothing anyone should be doing on http://server anyway -

.

Quantcast