ISA 2004 problems

N

ne0-reloaded

[H]ard|Gawd
Joined
Jul 1, 2003
Messages
1,216
I have an ISA 2004 server on server 2003 standard that we use along with our web filter to provide proxy access to users on our domain. There's one site (SSL site on port 443) that when used with ISA times out every time. Our old proxy worked with the site without problems. I'm somewhat new to ISA server, so if anyone can give me some pointers on what I can check for I'd appreciate it.
 
ya, others site go through fine. The site is a dept of health site, and they have some web based apps on there. When she logs in theres 4 apps she can launch. Theyre all java apps and they rest of them work fine. Through ISA, it times out. Through the old proxy, or no proxy at all, it goes right through
 
the log says failed connection attempt under action for the site. i also checked the event viewer, but nothing jumped out at me. Like i said im new with ISA, so Im open to any ideas, tips, or instructions.
 
I would try adding that site for Direct Access andsee what happens - I'm suspecting some kind of authentication issue with the Java applications
 
You might try connecting to the site with a client with direct Internet access to verify what components are connecting where by using TCPView from the MS Sysinternals site.

Verify that the Java apps are only connecting over ports 443 or 80. ISA Server 2004 only allows ssl-tunnels to port 443 in its base configuration. http://support.microsoft.com/kb/283284/en-us

I've had several applications where the Java components don't use the proxy server, especially if you have switched from using a hard coded setting to an automatically detected one or a script setting when you moved to ISA 2004.

I hate lazy Java programmers who don't even bother to query the browser to ask for their proxy settings but just try to read it from the registry. GRRRR.

If you are new to ISA server, you might want to give http://www.isaserver.org/ a look.
 
i used netstat before and it says its connecting over https. tcpview says the same thing.
 
pigster said:
I would try adding that site for Direct Access andsee what happens - I'm suspecting some kind of authentication issue with the Java applications
Click to expand...

is there anyway to allow direct access without installing the isa client on a pc?
 
I've went through both articles using the isa firewall client (found the exe). setup everything accordging to those links and the same problem. tried using the steps on MS site for setting up direct access and the same thing

oh and i was wrong about the type of app. theyre .net, not java. sorry about the confusion
 
You need to look at you log files in detail. Try changing the logging to txt files and then attempt to connect to the site again, and see what the logs show as the failure.
 
I exported the logs to excel and when connecting to the specific app, the logs says "Denied Connection." The http status code for this entry is

12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied

The entry after that says failed connection attempt. Also if i let it timeout, log out of the site, log back in, the page loads without hesitation.
 
You must log in or register to reply here.
Back
Top