RE: 401.2 Errors
- From: Ripley <Ripley@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Apr 2007 04:44:00 -0700
Robert,
Many thanks for your reply. I can confirm that the ISA Firewall Client is
not installed on any of my clients. I have always just pointed the clients to
the server name as their proxy server, and this has worked fine. So I didn't
really understand the point in deploying the Firewall Client to all clients.
The option you asked me to check in ISA Server on the Internal network is
already selected with Integrated and the other option not ticked, as you say.
Re the IIS log .... I had a look at the log file but it only seems to be
recording access that the IIS Server itself goes through. Is this log file
supposed to log the access from the clients? Because of this I am struggling
to send you the log file which shows the error. So I'm not sure what to do
here ...
Thanks.
"Robert Li [MSFT]" wrote:
Hi Repley,.
Thanks for updating.
Please check the following:
Step 1: The problem occurred because ISA requires authentication for all
HTTP traffic from the internal network. When the "Bypass proxy server for
local addresses" option is selected, IE will bypass the proxy when
accessing resources considered locally (whose URL doesn't contain a period)
and leverage either the Firewall client and the SecureNAT client to send
the traffic. If Firewall Client is not installed, the SecureNAT will handle
the traffic. As the SecureNAT cannot pass the user credential to the ISA,
the access failed. Please check if "Require all users to authenticate"
option is enabled on the ISA's internal network.
To do this:
1. Open ISA 2004.
2. Migrate to Servername->Network->Internal.
3. Double click Internal, on the Web proxy tab, click Authentication.
4. Make sure Integrated is selected, Require all users to authenticate is
unchecked.
5. Select "Bypass proxy server for local addresses" option in IE and try
again.
Step 2: Install the Microsoft Firewall Client on problematic workstations
and try again.
If the problem persists, please help me collect the following:
1. Gather IIS log:
a. Open IIS snap-in.
b. Right click Default Web Site and click Properties.
c. Uncheck the "Enable Logging" box and click Apply.
d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files to a
backup location.
e. Check "Enable Logging" box and click OK.
f. Run IISReset command.
g. Reproduce the problem and send the log file in
C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.
2. Gather IIS Metabase:
1) Download the IIS Resource Kit tools from the following page:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en
2) Install it, run MBExplorer (Metabase Explorer)
3) Right click the "LM" node and choose "Export to file".
4) Specify a file name, specify the password and finish the export.
5) Send the file and the password to me.
Please send the information to v-robeli@xxxxxxxxxxxxx with subject:
38925791-401.2 Errors.
I am looking forward to hear from you.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: 401.2 Errors
<thread-index: AceItnQni28JVY2cRDixFnv4lSwn6g==
<X-WBNR-Posting-Host: 207.46.19.168
<From: =?Utf-8?B?UmlwbGV5?= <Ripley@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <BEE730CC-F132-43DC-84EA-DF37127330E3@xxxxxxxxxxxxx>
<RX7DS5KiHHA.4332@xxxxxxxxxxxxxxxxxxxxxx>
<Subject: RE: 401.2 Errors
<Date: Fri, 27 Apr 2007 03:26:01 -0700
<Lines: 169
<Message-ID: <918CBD02-9921-418B-A74B-53B89F77F34B@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:33001
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Robert,
<
<Thanks for your reply. Here are my responses to your questions .....
<
<> 1. Do the users have the same problem visiting other websites such as
RWW
<> and OWA?
<
<With the tick box "bypass proxy server" UNTICKED, I am unable to access
<sites such as http://servername/exchange and http://servername/remote. For
<the OWA site I got an error about the certificate, and when I selected to
<continue anyway I got a pop up box asking me to authenticate? I am unable
to
<access these same sites with the "bypass proxy server" TICKED also.
<
<> 2. What the version on the IE on Windows 2000 clients?
<
<They are on a mixture of IE5.01 and IE6. I actually updated one of the
<clients to IE6 and it seemed to resolve the 401.2 error. However, again,
the
<only way to get the client onto the Intranet was by UNTICKING the "bypass
<proxy server" box. Which is not what I used to have set.
<
<> 3. What the detail error message in IE brewer when you check Bypass
proxy
<> server for local addresses?
<
<With the "bypass prpxy server" option TICKED (as it always was), the basic
<"internet explorer cannot display the webpage" appears. No specific error
<code is given.
<
<> 4. Ping comanyweb, does the result point to the SBS internal Nic's IP
<> address"
<
<When I ping companyweb from a client it is resolved to the SBS internal IP
<address yes.
<
<> 5. What's the version of SBS server?
<
<It is an SBS 2003 Server with SP1
<
<> Please take the following steps to see if the problem can be resolved:
<>
<> Step 1: Please take your time to rerun CEICW wizard. This wizard helps
to
<> configure network and website correctly.
<>
<> To do this:
<> 1. Click Start, click Server Management. Click To Do List and then click
<> "Connect to the Internet". Click Next, and go through the Internet
option.
<> 2. Select Enable firewall and click Next.
<> 3. On the Web Services Configuration page shows, select item according
to
<> your enviroment. Click Next.
<> 4. On the Web Server Certificate page shows. Select "Create a new Web
<> server certificate", and type your FQDN (mail.domain.com) in the "Web
<> server name" text box. Click Next.
<>
<> IMPORTANT: The FQDN that you type in the "Web server name" box must be
the
<> same name that you use to connect to the Web site from the Internet. For
<> example, if the URL that you use to connect to the RWW is
<> https://server.contoso.com/remote, type "server.contoso.com" (without
the
<> quotation marks) in the "Web server name" box. If you use
<> http://ipaddress/remote to access RWW, type the public IP address in the
<> "Web server name".
<>
<> 5. Go through the steps to finish the wizard.
<>
<> For more information, please refer to:
<> 825763 How to configure Internet access in Windows Small Business Server
<> 2003
<> http://support.microsoft.com/?id=825763
<
<I re-ran the CEICW again and selected to create a new Web Certificate.
This
<was called servername.domainname.co.uk. I then re-tried getting onto
<http://companyweb with the "bypass proxy server" TICKED and got the same
IE
<error page. I can still only acces the Intranet with the option UNTICKED.
I
<also tried to access OWA but the same problems were apparent.
<
<> Step 2: Please change the IE setting:
<>
<> 1. Open IE brower.
<> 2. Click Tools->Internet Options->Local intranet->Custom level.
<> 3. Click Automatic logon with current user name and password.
<> 4. Click OK.
<> 5. Click Sites and then click Advanded.
<> 6. Input http://companyweb and click OK three times.
<
<I have set these options as specified on my own IE settings.
<
<> Step 3: Configure proxy server settings for the Web browser
<>
<> 1. Start Internet Explorer.
<> 2. On the Tools menu, click Internet Options, and then click the
<> Connections tab.
<> 3. In the Dial-up and Virtual Private Network settings list, click the
<> connection that you want to configure, and then click Settings.
<> 4. Under Proxy Server, click Advanced.
<> 5. In the Exceptions box, type the URL http://companyweb.
<> 6. Click OK, click OK, and then click OK.
<
<I made these changes on my own IE settings also. The only difference was
<that I have no dial up connections listed since I am on a LAN. So I added
the
<http://companyweb exception under LAN settings. After making these changes
<though and trying to access http://companyweb I was unable to get the page
to
<load with the "bypass the proxy server" option TICKED or UNTICKED.
Therefore,
<these new settings have resulted in my IE now not being able to load the
<Intranet at all.
<
<> For more information, please refer to:
<>
<> You receive a "You are not authorized to view this page" error message
when
<> you connect to the SharePoint Central Administration page in Windows
<> SharePoint Services
<> http://support.microsoft.com/?ID=829065
<>
<> If the problem persists, please help me collect the following
information
<> for further research:
<>
<> 1. Collect IIS Log:
<> 1) On Exchange Serves, open IIS MMC, right click Default Web Site and
then
<> click Properties.
<> 2) Click Website tab and then check Enable loggin
<> 3) Stop the Default Website and RENAME the existing IIS log files under
<> C:\WINDOWS\system32\LogFiles\W3SVC1.
<> 4) Restart the Default Website and reproduce the problem, which will
<> generate new IIS log file with the exact error.
<> 5). Go to the following folder on Exchange Server:
<> C:\WINDOWS\system32\LogFiles\W3SVC
<
<Logging was already enabled on the IIS Default Web Site. I have replicated
<the problem on a client but I cannot see the Log File showing it at all.
<Since there are lots of log files, I'm unsure which one to send you here.
<
<> 2.Collect IIS Metabase
<> 1) On Exchange Server, install .NET Framework Version 1.1:
<>
http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-4842-
<> 8157-034d1e7cf3a3&DisplayLang=en.
<> 2) Install MBExplorer by installing IIS 6 Resource Kit Tools:
<>
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
<> B628-ADE629C89499&displaylang=en.
<> 3) Once it is installed, access it from Start, Programs, IIS Resources,
<> Metabase Explorer.
<> 4) In the left pane, right click ''LM'' (under your server computer
name)
<> to choose ''Export to file'', and then save it as IIS.mbk.
<> 5) Compress this mbk file and send it to me for analysis. Please let me
<> know the password if you set on this iis mbk file.
<
<I already have .NET Framework 1.1 on the SBS server but I downloaded the
<other file you mentioned IIS 6.0 Resource Kit. However, when I try to run
<this on the SBS server I get "Windows cannot access the specified path
.... "
<even if I try running it from the desktop??!!
- References:
- RE: 401.2 Errors
- From: Robert Li [MSFT]
- RE: 401.2 Errors
- From: Ripley
- RE: 401.2 Errors
- From: Robert Li [MSFT]
- RE: 401.2 Errors
- Prev by Date: Re: How does a SBS network connect to my shiny, new HD DVD player?
- Next by Date: RE: SMTP Event IDs: 7004, 7010 errors
- Previous by thread: RE: 401.2 Errors
- Next by thread: Error running kb:926505 adding vista clients to sbs2003
- Index(es):
Relevant Pages
|
