Cleanup of ISA rules in ISA server 2004 and 2006

Similar Messages

• Applet fails to connect behind isa server 2004

  hi, for security I have to activate authentication on Isa server 2004 and under this configuration the applet can't connect here is the log:
  NETg Learning Studio (Web) 3.1.8.8
  Copyright � 1997-2005 Thomson NETg, a division of Thomson Learning, Inc. All rights reserved.
  java.vendor = Sun Microsystems Inc., version = 1.5.0_06
  os.name = Windows XP
  Friday, September 15, 2006
  Memory: Total 4767744, Free 998864
  SMD was found.
  AICC_HACP_Connection: IOException processHACPPost().
  java.net.SocketException: Connection reset
       at java.net.SocketInputStream.read(Unknown Source)
       at java.io.BufferedInputStream.fill(Unknown Source)
       at java.io.BufferedInputStream.read1(Unknown Source)
       at java.io.BufferedInputStream.read(Unknown Source)
       at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
       at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
       at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.doTunneling(Unknown Source)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
       at netg.AICC.HACP.nls_jk.i(DashoA8374)
       at netg.AICC.HACP.nls_jk.a(DashoA8374)
       at netg.AICC.HACP.nls_nj.allSecure(DashoA8374)
       at netg.signpost.nls_kq.run(DashoA8374)
       at java.security.AccessController.doPrivileged(Native Method)
       at netg.signpost.SunSecurity.g(DashoA8374)
       at netg.signpost.SunSecurity.f(DashoA8374)
       at netg.AICC.HACP.nls_jk.a(DashoA8374)
       at netg.InterNETgBase.run(DashoA8374)
       at netg.util.nls_l.run(DashoA8374)
  Could not communicate with HACP host!
  and when (for testing purposes) I deactivate authentication on my ISA the applet works fine (here is the log)
  NETg Learning Studio (Web) 3.1.8.8
  Copyright � 1997-2005 Thomson NETg, a division of Thomson Learning, Inc. All rights reserved.
  java.vendor = Sun Microsystems Inc., version = 1.5.0_06
  os.name = Windows XP
  Friday, September 15, 2006
  Memory: Total 9728000, Free 1392944
  SMD was found.
  Sending HACP host the following:
  command=GetParam&version=2.0&session_id=CRS3684_SCR2304_STU9782_SOL59084_&AICC_Data=
  HACP host returned the following:
  Error=0
  error_text=successful
  version=2.0
  aicc_data=
  [Core]
  Student_ID=josky.jara
  Student_Name=Jara, Josky
  Lesson_location=
  path=
  Credit=credit
  Lesson_status=I,A
  Score=
  Time=73:09:13
  Lesson_Mode=Normal
  [Core_Lesson]
  TSF=0_2_0_1lsi_42_42_cuc2_0_0_0_0_0_0_0_; MVA=00000000000000; UPF=12_2_0_1_0_1_1; sSkew=0; ATS1=fvvv; LastTopic=en_US_20811_Assmt1.nlo; MP=80; PC=48; DOWNLOAD=0; LastPage=-1;
  [Core_Vendor]
  [Student_Data]
  Mastery_Score=80
  Error: java.lang.ThreadDeath: null
  java.lang.ThreadDeath
       at java.lang.Thread.stop(Unknown Source)
       at java.lang.ThreadGroup.stopOrSuspend(Unknown Source)
       at java.lang.ThreadGroup.stop(Unknown Source)
       at sun.awt.AppContext.dispose(Unknown Source)
       at sun.applet.AppletClassLoader.release(Unknown Source)
       at sun.plugin.security.PluginClassLoader.release(Unknown Source)
       at sun.applet.AppletPanel.release(Unknown Source)
       at sun.applet.AppletPanel.sendEvent(Unknown Source)
       at sun.plugin.AppletViewer.onPrivateClose(Unknown Source)
       at sun.plugin.AppletViewer$1.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  loading copyright notices
  loading copyright notices
  loading copyright notices
  Copyrights for NLO /skillb/en_US_20811/en_US_20811.nlo:
  Copyright � 2004 Thomson NETg, a division of Thomson Learning, Inc.
  All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, broadcasting, or by any information storage and retrieval system, without permission in writing from Thomson NETg.
  Skill Builder is a registered trademark of Thomson NETg. All other trademarks referenced are the trademark, service mark, or registered trademark of their respective holders. Thomson NETg is not affiliated with any company or any other product or vendor mentioned in this course and its accompanying materials.
  Cisco Systems is a registered trademark of Cisco Systems, Inc. Cisco IOS is a trademark of Cisco Systems, Inc. Novell and Netware are registered trademarks of Novell, Inc.
  The software and technology used to implement this course contain trade secrets that Thomson NETg considers to be confidential and proprietary information, and your right to use this material is subject to the restrictions in the license agreement under which you obtained it.
  Companies, names, products, and data used in the examples in this course are fictitious. Any resemblance to existing companies, persons, or products is coincidental and unintentional.
  Versions for NLO /skillb/en_US_20811/en_US_20811.nlo:
  BuilderVersion=Builder Version: GenNLO 3.6.2.32
  BuildDate=Build Date: 05-Jul-2004
  TemplateVersion=Template Version: 20030630
  ContentVersion=Content Version: 20811-0406-10
  SrcOrigRelease=Original Release: <200407051839>
  SrcCurRelease=Current Release: <200407051839>
  SrcPrevRelease=Previous Release: <>
  SrcNlo=Source Nlo: <>
  LocalOrigRelease=Local Original Release: <>
  LocalCurRelease=Local Current Release: <>
  LocalPrevRelease=Local Previous Release: <>
  PandoraVersion=Pandora Version: 1.2.0.0
  PandoraBuildDate=Build Date: 09-Jul-2004
  RSObjective not found.
  bUseUserDir = false
  vars.netgIniFile set to "C:\Documents and Settings\All Users\Application Data\NETg/netg.ini"
  In DisplayViewSettings...
  curMode = -1
  In preferences, audioinstalled = 1
  no UserLinkBox
  Setting default font size to 12
  could someone give me a hand?

  Try a security/authentication forum. This isn't a VM issue.
  Sorry.

• Behind ISA Server 2004 Error in applet

  Hi there,
  If i enter a particular website i am getting the following error:
  Error: 'idEditbox' is not defined
  If i enter the website when i am not behind the ISA Server 2004 i'm not getting any errors.
  Does anyone knows how this problem can be solved?
  OS: WindowsXP SP2
  Java version: Java(TM) Plug-in 1.4.2_03
  Best Regards,
  Ferdi

  My first thought would be to discuss the problem with the people who maintain that ISA server. From painful personal experience I know that it can be configured in more ways than any sane person could possibly desire.

• Publishing NVR (Network Video Recorder) using ISA Server 2004

  I have dahua make NVR, i was publishing this through internet using ISA server 2004. In local network, its working fine. But in internet, i able to see the login screen, after enter user name and password. "Fail to connect the device in main connection"
  message comes up.
  Please give suggestion for this..

  Did you find any solution for publishing NVR on ISA server 2004, i have same problem, please share

• Outlook through ISA Server 2004

  Hello.. I am new in this forums, about this topic...
  The problem is... I have the new Imac with System Operative 10.7.3...
  I need the software office 2011 download outlook emails from an ISA Server 2004 .. I managed to navigate with the safari, but the outlook does not download emails ...
  Beforehand ... Mil Gracias who answers me ...
  German Ardila.

  Hi,
  Firstly, would you mind to post the result of running “ipconfig/all” at the command prompt?
  Please make sure that your network driver is compatible and maybe you can update or uninstall your network driver to see if the issue persists.
  Best regards,
  Susie

• ISA Server 2004 Connection Problem

  Hi all,
  I have a problem on my isa server , 
  I need to Disable and Enable WAN card every day to get the internet connection , and I Still connected all the day , after get back to home and at the next day , I need to disable and Enable WAN to go online .
  I need your help to solve this issue please .
  thanks in advance 

  Hi,
  Firstly, would you mind to post the result of running “ipconfig/all” at the command prompt?
  Please make sure that your network driver is compatible and maybe you can update or uninstall your network driver to see if the issue persists.
  Best regards,
  Susie

• Isa Proxy Server 2004 replacement for Windows Server 2012 Essential R2

  Good evening everyone. I am searching for a replacement for our proxy/firewall server which is ISA Server 2004. At present, we have Windows Server 2003 Premium and ISA Server 2004. As we know already, these two already expires their life cycle as per Microsoft. So, can you please help me to find a solution for this? WS 2003 Premium will be replaced by Windows Server 2012 R2 Essential.
  Thank you very much.
  This topic first appeared in the Spiceworks Community

  Good evening everyone. I am searching for a replacement for our proxy/firewall server which is ISA Server 2004. At present, we have Windows Server 2003 Premium and ISA Server 2004. As we know already, these two already expires their life cycle as per Microsoft. So, can you please help me to find a solution for this? WS 2003 Premium will be replaced by Windows Server 2012 R2 Essential.
  Thank you very much.
  This topic first appeared in the Spiceworks Community

• Download Manager with Microsoft ISA Server

  Hello forum, I need help with the connection of program SAP DOWNLOAD MANAGER with ISA Server 2004 
  I've installed JAVA 1_4_2_13 and Download Manager, I configured the setting with the proxy connection (server ISA, user and pass) 
  but an error appears: 
  The basket content could not be read. The following exception occurred: 
  Unable to read data from the Service Marketplace: Check your settings and try again 
  In my ISA server I declared the form my IP to Internet permit all traffic out. 
  Somebody help me ??? what do I have to configure in my ISA Server to permit the connection? 
  Thanks.
  Costa Gustavo

  Hi Ram, I solved the problem with download manager. 
  First my PC don't use as default gateway the ISA Server, I've another default gateway for my LAN. 
  Is it the problem because my PC never contact directly to SAP, I could solved this problem if my PC can contact directly the IP of SAP. 
  You will can set in your PC the gateway of ISA server and public DNS to contact SAP directly 
  For example: 
  I've default gateway 192.168.0.1 for my LAN 
  My ISA server to internet is 192.168.0.9 
  Public DNS : (My ISP) 200.0.1.1 
  In your ISA server you can set a policy from your PC to External for all user with all traffic permit. 
  You try set in your PC the following: 
  Default gateway: 192.168.0.9 
  DNS: 200.0.1.1 
  I hope this can resolve your problem 
  Regards. 
  Costa Gustavo
  SAP BASIS.

• ISA Server 2006 + Average response time for Non Cached requests = performance issues?!?!?!

  All,
  I am in a predicament with internet browsing speeds...We have a 3rd party look after our line and internet facing f/w  so I cant troubleshoot them, so at the moment Im looking at ISA as the potential bottleneck - we have a fairly standard environment:
  Internal > Local Host > Perimiter n/work > Firewall > Internet
  I have been running custom reports on the ISA server to see what data can be collected - I have noticed that "Average response time for non cached requests" (traffic by time of day) can be as high as 76 seconds!!!!!! Cached hits are between .5
  and 2 seconds.
  I have also coonfigured a connectivity verifier which is also flagging slow connectivity, massively over the >5000ms and also reporting "cant resolve server name on occassions- and this is configured for
  www.Microsoft.com --- DNS ???!?!, however I have looked through DNS (no obvious errors / config issues) which I can see 
  I have run the BPA on ISA server to ensure its Health - - connectivity verifier errors flagged timeouts to microsoft.com as expected...
  Can anyone advise any obvious areas to investigate as Im struggling! - as always the 3rd party have told us the internet pipe is fine :O

  Problem resolved.
  DNS forwarders have been changed on the ISA server / DNS and this has improved lookup speed considerably.
  thanks all :)

• Testing an ISA Server Rule, the recursive query to other DNS Servers test fails

  Hello,
  I am trying to configure the following infrastructure with ISA Server 2006 and two W2003 servers (called "Server1" and "Server2") . "Server1" is a domain controller, and in
  "Server2" is the ISA Server installed, which also has
  attached two network Ethernet cards, one called "Internal Ethernet Card", and the other one called
  "External Ethernet Card".
  The infrastructure would be:  "Internal Ethernet Card"---- ISA Server ----"External Ethernet Card"---"Router"----"Internet"
  "Internal Ethernet Card" manages the internal package traffic of the infrastructure, the network segment which belongs is isolated from what we could called the Outbound traffic, which is linked to a router. "Internal Ethernet Card" it`s
  a virtual network.
  "Internal Ethernet Card" feature configuration is the following:
  - IP address: 192.168.3.3
  - Subnet Mask: 255.255.255.0
  - DHCP Enabled: No
  - DNS Server: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)
  - Default Gateway:  None  (because doesnt point to outside)
  - Primary WINS Server: 192.168.3.1  
  The "External Ethernet Card" provides, the outbound connection, and this card is connected to the physical router.
  It`s feature configuration is the following:
  - IP address: 192.168.1.50
  - Subnet Mask: 255.255.255.0
  - DHCP Enabled: No
  - Default Gateway: 192.168.1.1
  - DNS Servers: 192.168.3.1 (Must point to the DC "Server1" which has the DNS Service installed)
  After configuring the network cards, I create the following rule in the ISA Server to allow the traffic towards outside from the server and the clients which have joined to the domain:
  Action: Allow.  Protocol: DNS.  From:"Server2".  To : External.  Condition: All Users
  After applying the changes to update the configuration, I enter in the Dns Server of "Server1" and in the "Monitoring" tab, I run a "recursive query to other DNS Servers" but fails.
  Only works the "simple query against this DNS Server".
  I don`t know why fails, but I`m stucked on this issue, because in the "Server1" DNS Server, in the "domain forward IP address list", I have added two DNS addresses which work OK.
  I would appreciate some help to solve this issue.
  Thanks
  Regards 

  Hello Ms. Long, 
  Yes, you are right. In the Server1 is configured the DNS server, to use forwarders whose are set in the field "Selected domain`s forwarder IP address list", two DNS address numbers obtained from "Open DNS", which work well.
  There is no DNS Server linked to the External NIC.
  The Server1 belongs to a private network configured as "VMnet3", which it is set as follows:
  IP address: 192.168.3.1
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.3.3
  DNS Server: 192.168.3.1
  I have tried to test your suggested idea:
  > set d2
  > google.com
  Server:  srv-dcfs-01.dominio.local
  Address:  192.168.3.1
  SendRequest(), len 42
      HEADER:
          opcode = QUERY, id = 2, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0
      QUESTIONS:
          google.com.dominio.local, type = A, class = IN
  Got answer (113 bytes):
      HEADER:
          opcode = QUERY, id = 2, rcode = NXDOMAIN
          header flags:  response, auth. answer, want recursion, recursion avail.
          questions = 1,  answers = 0,  authority records = 1,  additional = 0
      QUESTIONS:
          google.com.dominio.local, type = A, class = IN
      AUTHORITY RECORDS:
      ->  dominio.local
          type = SOA, class = IN, dlen = 46
          ttl = 3600 (1 hour)
          primary name server = srv-dcfs-01.dominio.local
          responsible mail addr = hostmaster
          serial  = 41
          refresh = 900 (15 mins)
          retry   = 600 (10 mins)
          expire  = 86400 (1 day)
          default TTL = 3600 (1 hour)
  SendRequest(), len 28
      HEADER:
          opcode = QUERY, id = 3, rcode = NOERROR
          header flags:  query, want recursion
          questions = 1,  answers = 0,  authority records = 0,  additional = 0
      QUESTIONS:
          google.com, type = A, class = IN
  DNS request timed out.
      timeout was 2 seconds.
  timeout (2 secs)
  SendRequest failed
  *** Request to srv-dcfs-01.dominio.local timed-out
  As you can see highlighted in bold, the problem remains in the "recursive query to other DNS Servers" check.
  Maybe is better to put the issue on the "Windows Server General Forum" , because the issue has not nothing in common with the ISA Server, dont you?
  Thanks
  Best regards

• Reporting Services through ISA server for All Authenticated Users

  Hello colleagues.
  I have MS SQL 2012 server with Reporting Services and it work via link:
  https://reports2.domain.com/reports
  In LAN all work fine, but I want publish this resource via ISA for All Authenticated Users.
  When in publish rule I configure (in Condition) "All users" - all work fine, but when I configure "All Authenticated Users" - I have trouble on web form on
  https://reports2.domain.com/reports/Pages/Report.aspx?ItemPat...  - scripts not work, because it run how "anonymous" (I see on ISA logging) and ISA block scripts.
  I can't use "All Users", because it's not secure.
  Maybe somebody publish Reporting Services through ISA server for All Authenticated Users?
  OR maybe - how on Reporting Services configure Negotiate authenticated for scripts?

  Hi Alexander,
  All users or applications who request access to report server content or operations must be authenticated using the authentication type configured on the report server before access is allowed. The AuthenticationType named RSWindowsNegotiate is supported
  by Reporting Services. To configure Windows Authentication on the Report Server, please see:
  http://msdn.microsoft.com/en-us/library/cc281253(v=sql.110).aspx
  Besides, we can publish report server via ISA server. Please note that you should use a new web port number with a new listener which shouldn’t be used by other web site for report server. Reference:
  http://social.technet.microsoft.com/Forums/forefront/en-US/1cc68996-1ce6-4d88-a30d-2bfd13fba06e/how-to-publish-ssrs-2008-through-isa-2006?forum=Forefrontedgegeneral
  Hope this helps.
  Thanks,
  Katherine Xiong
  Katherine Xiong
  TechNet Community Support
  Katherine thanks for answer.
  Report Server service started as Domain account.
  I have in RSReportServer.config this:
  <Authentication>
  <AuthenticationTypes>
  <RSWindowsNegotiate />
  </AuthenticationTypes>
  <RSWindowsExtendedProtectionLevel>Allow</RSWindowsExtendedProtectionLevel>
  <RSWindowsExtendedProtectionScenario>Proxy</RSWindowsExtendedProtectionScenario>
  <EnableAuthPersistence>true</EnableAuthPersistence>
  </Authentication>
  In web.config I have this:
  <authentication mode="Windows" />
      <identity impersonate="true" />
  I can go (from Internet through ISA) to
  https://reports2.domain.com/reports  and LogOn Authentication is work, but scripts not work, because it run how "anonymous" (I see this on ISA logging) and ISA block scripts.
  Do you know where in Reporting Services configure run scripts with Negotiate authentication?

• Customers not able to log in with Microsoft ISA server firewall.

  I have a few external customers that are having issues logging in.  In all cases it is with the customer having Microsoft ISA firewalls.
  They can get to the site.  They put in their username and password.  The screen flashes back to the logon screen, no errors, just back to the screen.
  On the logs I seen the logon page request and the 200 OK but, the username and password never come across.
  I can not tell if the username and password are being blocked by the ISA server or when the logon screen is presented that the username and password fields are just not active.
  Has anyone else see or hear about this one?

  We are seeing a slightly different problem but certainly related. We are using a SAP cFolder server for PLM collaboration. Companies using a Microsoft ISA server are not seeing problems logging in but are seeing problems with the mass download feature. They are seeing the connection hang. Looking at the ISA log file on the server they are receiving an authentication problem and a broken connection. If you try a single file download everything works OK. Also vendors without ISA are working fine.
  What is it about ISA that would be causing issues like these?

• Proxy Error ( The ISA Server denied the specified Uniform Resource Locator

  Dear All,
     I am getting one error in ABAP proxy configuration,
    following is the error.
  ~response_line     HTTP/1.1 502 Proxy Error ( The ISA Server denied the specified Uniform Resource Locator (URL).  )
  ~server_protocol     HTTP/1.1
  ~status_code     502
  ~status_reason     Proxy Error ( The ISA Server denied the specified Uniform Resource Locator (URL).  )
  via     1.1 BLRSPRX10001
  connection     close
  proxy-connection     close
  pragma     no-cache
  cache-control     no-cache
  content-type     text/html
  content-length     4070
      suddenly one day this error occured.  proxy configuration was working earlier fine. SLDCHECK also working without any problem now also. but in SPROXY it is saying no connection to ESR. only local objects.
  Please help me.
  Regards
  Pradeep P N

  Hi Pradeep,
  What is this BLRSPRX10001?
  IF it is rfc destination, then check the user.
  This problem is related to user rights. The user used there might not have sufficient authorizations to invoke the proxy. (may be the authorization is expired)
  Regards
  Suraj

• My Firefox can't synchronize after updating to version 26. Our organization uses MS ISA server as firewall.

  Our organization uses MS ISA server as firewall.

  Can your IT check whether there are any error messages logged in ISA that might explain why the connection is not working (assuming it is a connection issue)?

• ISA server- Bypass authentication

  Hi 
  My environment: External users access SharePoint intranet site by entering credentials in Microsoft ISA server login page(authenticate to ISA server then accessing all sharepoint sites).
  one client wants to access sharepoint intranet without ISA authentication.Is there any way to access SharePoint intranet site(https://domainname/sites/site1) from internet without ISA authentication.I mean bypass ISA proxy authentication for this particular
  SharePoint site(https://domainname/sites/site1)
  SharePoint site(https://domainname/site/site1) is enabled with anonymous authentication.
  Thanks for any help.

  Hi
  I see this is posted in the wrong forum. Yes you can add the url to the bypass proxy list in IE and it should work.
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.