Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
FWX_E_GRACEFUL_SHUTDOWN
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 9:51:42 AM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
When i try to connect to an application that required LDAP(389)
in the logging i got a line saying
ERROR_SUCCESS
on the seconde line i got
closed connection
FWX_E_GRACEFUL_SHUTDOWN
how can i resolve it
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:24:14 AM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
There is nothing to solve
1. It was a success
2. It shutdown gracefully
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:29:31 AM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
why it shutdown
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:35:17 AM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
Because it thought it was supposed to,...that it was time to shutdown,...it was "finished". Probably because the Application that owned the session said,.."Ok,..I'm done,..good bye".
There is nothing more that can be said with the information that has been given.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:46:43 AM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
there is a way to find out why is disconnecting. when it pass outside the isa server its works but when it passing throught the isa server i got this error
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:49:29 AM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
We don't know what "it" is and have no idea what you are doing. You need to to be more specific.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:01:21 AM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
its an desktop application called Entrust who call a web browser. When the webbrowser show up it made the connection to the governement of canada import export permit website
for that i need to open some ports to make it work.
like i said before without the isa server its work , with the isa server it doesnt work
i wondering if there a way to know what can differt between this two mode that make the connection close
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:11:28 AM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
there is what they asking for
Firewall/Proxy ports – open to new Entrust Certificate Authority URLs:
Authority=ca-ac.gss-spg.gc.ca+829
Manager=ca-ac.gss-spg.gc.ca+709
Server=ldap.gss-spg.gc.ca+389
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:11:35 AM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
It probably won't work over a rule that requires authentication, so make it an "All Users" Rule.
Make sure the Firewall Client is installed on the EnTrust machine so it can handle LDAP. It may also work as a SecureNAT Client instead of having the Firewall Client. The point is that LDAP will not work with a Web Proxy "only" Client.
Create a Computer Object or a Computer Set that represents or contains the Server that runs EnTrust.
Create a Computer Object or Computer Set that represents or contains the Destination Computers (or IP Range, or subnet).
Then the Rule would look like this:
From: <source computer object>
To: <destination computer object
Protocol: HTTP, HTTPS, LDAP (not LDAP Server)
Users: All Users
Place this Rule "above" any other Rule using HTTP, HTTPS, LDAP that requires user authentication.
In the Monitoring Log set the filter to only show traffic from the EnTrust Computer IP#. Watch for problems in the logs.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:13:24 AM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
Authority=ca-ac.gss-spg.gc.ca+829
Manager=ca-ac.gss-spg.gc.ca+709
Server=ldap.gss-spg.gc.ca+389
Have no idea what that means.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:55:24 AM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
i did what you said and its doesnt work
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 1:17:14 PM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
You have to use the MonitoringLog as I described to troubleshoot.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 2:09:32 PM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
yes but i just be able to reach someone from the software ( i was lucky)
and he told me that entrust modify packet and isa reject this packet because of that
so im waiting an answer from him
i hope it would work
thanks for your help
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:18:18 PM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
here what i get
he told me , you must configure isa server to not filter out EntrustId of the incoming packets
how can i do that
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:39:53 PM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
I think he is wrong.
What does "filter out EntrustId of the incoming packets" even mean? What? Where? How?
You have to use the MonitoringLog as I described to troubleshoot.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:53:48 PM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
he told me that isa server his removing the entrust id from the incoming packet from the web server to my computer thats why i get security error missing token data
he told me that im not the first one and you have to do that.
you must specify isa server to not remove entrust id
what does it mean i dont know :)
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:58:12 PM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
Ok, well wait and see if any others here have any ideas.
I would not have any idea.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 4:03:34 PM
|
|
|
tibob
Posts: 22
Joined: 19.Dec.2007
Status: offline
|
there is a way to check the packets ?
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 18.Jun.2008 10:05:47 AM
|
|
|
paulo.oliveira
Posts: 765
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: online
|
Hi,
if he said you´re not the first one, ask him what the others did to solve this issue. Did you try to google around?
You can check these packets using a net cap, like wireshark.
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: FWX_E_GRACEFUL_SHUTDOWN - 18.Jun.2008 10:21:41 AM
|
|
|
pwindell
Posts: 751
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
|
My thoughts exactly.
The Tech should have documented what had to be done with the "others" so then when the next one came along he would have an answer for them. That's what a tech support person is supposed to do when they support their products.
_____________________________
Phillip Windell
www.wandtv.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
