Re: ISA 2004 - require proxy authentication breaks companyweb

Tech-Archive recommends: Fix windows errors by optimizing your registry

Are you talking about trying to RWW from a workstation inside the LAN to another desktop inside a different SBS network?

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Rich R" <RichR@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:58A83C15-EB9A-418C-9715-6E90C9ACCA17@xxxxxxxxxxxxxxxx
can you also please tell them that the wizard creates a outbound rule for
remote desktop over RWW (4125) but that it doesnt create an inbound one (or
it may be the other way round). this means that out of the box, the remote
desktop doesnt work correctly.

that cost me ages too.

thanks!

"Cris Hanna [SBS-MVP]" wrote:

> thanks for the update
> I'll certainly pass it back to the SBS team for their thoughts
>
> --
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "Rich R" <RichR@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:9C8BD568-0412-4B25-8AF4-BEDE7A430C82@xxxxxxxxxxxxxxxx
> no matter, i've worked it out.
>
> this is what i would say is a fault in the SBS internet connection wizard.
>
> when it creates the rules for ISA, it creates a rule that allows
> unrestricted internet access. this rule sits above the SBS internet access
> rule. the unrestricted rule is set to all users, therefore ISA doesnt query
> the credentials, and all logs and webfilters only see the IP address. moving
> the unrestricted internet access below the SBS internet access rule and
> applying the changes then made it work correctly.
>
> i hope this helps someone else, because it took me ages of trawling through
> ISA documentation to figure out what it was doing.
>
> cheers then
> Rich
>
> "Rich R" wrote:
>
> > No, there is more to it that just logging. and surfcontrol is not the issue.
> >
> > surfcontrol is a service that catergoririzes websites. if we choose to block
> > the dirty ladies websites, then it will block all of them as catergorized
> > from surfcontrol, and that database is updated daily. this protects the
> > company, since if someone was ever offended by someone else surfing that
> > stuff then we can prove we'd at least taken steps to prevent it.
> >
> > also, even without surfcontrol ISA logs everything as anonymous without the
> > require authentication option set. and when we set it, it breaks the
> > companyweb access.
> >
> >
> >
> > "Cris Hanna [SBS-MVP]" wrote:
> >
> > > Why would you need Surf Control in addition to ISA?
> > > ISA has its own logging and you can see what every user is doing
> > >
> > > --
> > > Cris Hanna [SBS-MVP]
> > > -------------------------------------------------
> > > Microsoft MVPs
> > > Independent Experts (MVPs do not work for MS)
> > > Real World Answers
> > > ---------------------------------------------------------
> > > Please do not contact me directly regarding issues
> > >
> > > "Rich R" <RichR@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:75DB6CA4-B785-40EE-BDDA-6630CDC0A03A@xxxxxxxxxxxxxxxx
> > > i have installed surfcontrol on sbs 2003 R2 Premium. in orer to log usernames
> > > surfcontrol say that you must enable require authentication on the 'internal
> > > network. so that isa passes the username to the web filter addin.
> > >
> > > this does work, however as soon as i implement that the companyweb intranet
> > > site goes down with 403 error. also , we use the \\companyweb\ UNC share to
> > > store/access company documents, thus we lose all access to documents. which
> > > is not acceptable.
> > >
> > > once i have require authentication set, how do i make companyweb behave
> > > normally again?
> > >
> > > the SBS server is 2003 R2 with ISA 2004. it is running 2 network adaptors
> > > and ISA is configured using the connecto to internet wizard as documented.
> > > ISA 2004 is in edge firewall mode.
> > >
> > > note1: internet access still works, just the companyweb doesnt work.
> > > note2: if i remove the proxy settings in the clients, companyweb still
> > > doesnt work, neither does web access which is as expected.
> > > note3: please help!

Relevant Pages

  • RE: Group Policy - Restrict Internet Access by OU?
    ... you could not find ISA on SBS 2003, you can use SBS premium technology disk ... to install ISA server. ... restrict internet access on special user group. ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 - require proxy authentication breaks companyweb
    ... this is what i would say is a fault in the SBS internet connection wizard. ... unrestricted internet access. ... the unrestricted rule is set to all users, therefore ISA doesnt query ... >> Microsoft MVPs ...
    (microsoft.public.windows.server.sbs)
  • Re: Vista Home premiun client - ISA blocking Web access out
    ... Microsoft MVPs ... make her "workgroup" the same netbios name as your sbs ... when this I try to browse the internet - I get an error ... Error 403 Forbidden - ISA denied URL ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2k3 PE, Secure External Access to Intranet
    ... Thanks for using this SBS newsgroup. ... Based on my research, if you want to publish OWA on SBS 2003, through ISA, ... 825763 How to configure Internet access in Windows Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Vista and Outlook 2007 compatibility update/s
    ... Microsoft MVPs ... I came across the following KB article and applied the 1st 2 updates to SBS ... I did not install ISA and don't want to at this point in time. ...
    (microsoft.public.windows.server.sbs)