• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FWX_E_TCP_NO_SERVER_REPLY on https

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> FWX_E_TCP_NO_SERVER_REPLY on https Page: [1]
Login
Message << Older Topic   Newer Topic >>
FWX_E_TCP_NO_SERVER_REPLY on https - 2.Mar.2008 6:36:27 PM   
someone999

 

Posts: 2
Joined: 2.Mar.2008
Status: offline
Hello,
I am brand new to ISA and have just (with significant help from a friend) set up my network.  This is a home network (details below) with what I would consider a fairly simple configuration and for the most part works (I'm writing this from the network now).  I appear to have a problem with https though.  I am unable to connect to any sites using https.  If I start the default query in ISA's monitor I see that https initiates the connection with result code 0x0 ERROR_SUCCESS but roughly 5 seconds later I get result code 0xC0040038 FWX_E_TCP_NO_SERVER_REPLY.  There are also a slew of FWX_E_GRACEFUL_SHUTDOWN for various protocols but I assume these are information and not really indicative of a problem.  Anyway, details that may help...

architecture:
Cisco 678 DSL modem, in bridged mode - Qwest DSL service
ISA box:
- Win2K3 Enterprise
- ISA 2006 Enterprise
- Using PPPoE to authenticate to Qwest on outside NIC (currently receiving a DHCP addy but I'll be switching to static in the next couple days)
- Inside NIC has a 10.0.x.x addy and no gateway or DNS info
- DNS service is on with forwarding to Qwest's DNS servers
- DHCP is on handing out 10.0.x.x addys internally
NetGear RangeMax router inbound of the ISA box
Vista machine physically wired to the NetGear switch with a 10.0.x.x addy and the ISA internal NIC as its gateway and DNS

ISA Firewall Policy (in order):
- allow PPTP from external/internal to localhost (haven't tested this yet but eventually I want to VPN in, one thing at a time though)
- allow DNS from internal/localhost to all networks
- allow DHCP reply from localhost to all networks
- allow DHCP request from internal to localhost
- allow RDP from internal to localhost (remote to administer this box headless)
- allow ping from internal and localhost to all networks
- allow all outbound from internal and localhost to enternal and internal
- deny all trafic from all networks to all networks

So, being completely new to this, where should i start my search?  All help is appreciated.  I'm not sure what additional details you need to assist me but I'm happy to provide them if you ask.
Thanks!
Post #: 1
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 10.Mar.2008 10:41:34 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hello, someone999.

I did not see a rule allowing access to http/https. Are you using webproxy or secureNAT?

(in reply to someone999)
Post #: 2
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 10.Mar.2008 1:16:08 PM   
someone999

 

Posts: 2
Joined: 2.Mar.2008
Status: offline
quote:

ORIGINAL: paulo.oliveira

Hello, someone999.

I did not see a rule allowing access to http/https. Are you using webproxy or secureNAT?


Thank you for the suggestion Paulo.  I added a rule specifically for HTTPS after my previous post thinking that maybe the outbound traffic rule wasn't sufficient but that didn't do it either.  Since then I have decided to dump ISA altogether.  I really wasn't using much from it (just masquerading and VPN) and it wasn't working anyway so I am now just using a hardware router that supports masquerading and PPTP passthrough and letting one of my workstations authenticate VPN clients.  Much simpler setup as I don't need 10% of what ISA can do.

Thank you again for the suggestion though!

(in reply to paulo.oliveira)
Post #: 3
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 10.Mar.2008 1:26:34 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Sorry, but I had not understood your rule. I thought it was from internal to localhost only and not from internal to external. But thats ok anyway. 

(in reply to someone999)
Post #: 4
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 9.Jun.2011 9:42:04 PM   
james.mmt

 

Posts: 3
Joined: 9.Jun.2011
Status: offline
Yeah me too. I'm also facing the same problem. My environment is W2K 2008 R2, Forefront TMG 2010. Mine also working well on everything except https: Users get page request time out, when they try to access https website through Forefront. Meanwhile, they are using Auto Proxy setting at their browser.
But its working well, when they put my forefront IP and ports in their browser proxy server address. I want to use my Forefront as transparent proxy server and can not use till now because of these error, WX_E_TCP_NO_SERVER_REPLY.

There have any solution to solve that problem?

(in reply to paulo.oliveira)
Post #: 5
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 10.Jun.2011 3:35:56 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

everytime I saw this error code: WX_E_TCP_NO_SERVER_REPLY, the destination server was really unresponsive to TMG.

In this case, TMG is not the culprit, it is only the victim!

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to james.mmt)
Post #: 6
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 10.Jun.2011 10:52:06 PM   
james.mmt

 

Posts: 3
Joined: 9.Jun.2011
Status: offline
Hi Paulo,

Its working well if I used TMG as NAT. The result I tested the connection from Traffic Simulator is shown as Allowed traffic, Traffic allowed by firewall policy rules may be blocked by Web or Application filters.
I disabled the https inspection, and other http/https related application / web filter. but still face the problem.

Sometimes it working for a few seconds when I change some settings at Firewall policy and apply the changes.

Thanks for your reply.

(in reply to paulo.oliveira)
Post #: 7
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 11.Jun.2011 8:00:52 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

this has nothing to do with allow or deny traffic. The TMG is not getting an answer from the server.

You must check if the route path is correctly configured for both.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to james.mmt)
Post #: 8
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 11.Jun.2011 9:07:30 AM   
james.mmt

 

Posts: 3
Joined: 9.Jun.2011
Status: offline
Yeah, route is working well. That's why I can access any websites except https. For example, I can access to http://www.google.com. But I can't to https://www.google.com if I using TMG as my proxy. Its working well if I use TMG as my NAT and put the ISP provided proxy in my internet browser.

(in reply to paulo.oliveira)
Post #: 9
RE: FWX_E_TCP_NO_SERVER_REPLY on https - 20.Jul.2011 10:20:02 PM   
luluxiu

 

Posts: 6
Joined: 20.Jul.2011
Status: offline
This has nothing to do, to allow or deny traffic. Tokyo did not receive a response from the server. You must check if the routing path is configured correctly...

_____________________________

Tera Items,Tera Gold Cheap,WOW Items

(in reply to james.mmt)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> FWX_E_TCP_NO_SERVER_REPLY on https Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts