• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Half-Life Server Unable to get WON Authorization timing out

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Misc.] >> Gaming >> Half-Life Server Unable to get WON Authorization timing out Page: [1]
Login
Message << Older Topic   Newer Topic >>
Half-Life Server Unable to get WON Authorization timing... - 24.Dec.2001 4:15:00 AM   
Ziptar

 

Posts: 5
Joined: 24.Dec.2001
From: Beyond The Sun.
Status: offline
I am setting up a dedicated Half-Life Server On (not behind) my ISA Server (Actually a Win2K Small Business Server running ISA.)

I have setup the protocol definitions as outlined on the games page. However when I run the server I get
"Error connecting to Auth server:ES_TIMED_OUT"

When I type ip in the hlds console I get the IP address of my external nic....

I found these entries in my ISA IPPEXTD Logs..
#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2001-12-24 00:00:53
#Fields: date time source-ip destination-ip protocol param#1 param#2 filter-rule interface
2001-12-24 02:56:35 External_NIC_IP 63.251.143.213 Udp 27016 27010 BLOCKED External_NIC_IP
2001-12-24 02:56:35 External_NIC_IP 216.52.220.16 Udp 27016 27010 BLOCKED External_NIC_IP
2001-12-24 02:56:35 External_NIC_IP 63.251.143.218 Udp 27016 27010 BLOCKED External_NIC_IP
2001-12-24 03:08:28 External_NIC_IP 63.251.143.218 Tcp 8860 7002 BLOCKED External_NIC_IP


I have created custom Packet filters and and Protocol Rules to allow the traffic... still no go... Still logged as blocked Any Ideas??

I have tried to coonect to it on my internal Lan and it just keeps retrying but it can see it.. If someone connects from the outside they can't see it...

[This message has been edited by Ziptar (edited 24 December 2001).]

Post #: 1
RE: Half-Life Server Unable to get WON Authorization ti... - 24.Dec.2001 9:44:00 PM   
Ziptar

 

Posts: 5
Joined: 24.Dec.2001
From: Beyond The Sun.
Status: offline
Played around with this a little more today... Just as a test I put the Half-Life server on a workstation behind the ISA Server If I run the server from behind the proxy I can get WON autorization no problem... Any Ideas on how to get it to work on the ISA server??? It used to run no problem on a NT/Proxy 2.0 Server.....

(in reply to Ziptar)
Post #: 2
RE: Half-Life Server Unable to get WON Authorization ti... - 25.Dec.2001 6:02:00 AM   
HJB417

 

Posts: 187
Joined: 24.Jul.2001
From: nYc
Status: offline
to run a HL server on the ISA machine, you need to add several IP packet filter rules.

The following need only TCP(i think):

half-life.east.won.net:6003
half-life.west.won.net:6003
half-life.central.won.net:6003

half-life.east.won.net:7002
half-life.west.won.net:7002
half-life.central.won.net:7002

These need UDP only (I think):

half-life.east.won.net:27010
half-life.west.won.net:27010
half-life.central.won.net:27010

half-life.east.won.net:27011
half-life.west.won.net:27011
half-life.central.won.net:27011

and UDP port 27015 or whatever port your HL server is running on. You also need to open port 27005 ( and 27006 for those sharing cd keys =) )

------------------
5 computer network (1 win9x, 4 win2k), HPNA 1mb network, cable modem.

===================================
don't forget to do security tests
---------------------------------

http://www.vulnerabilities.org/analysis.html
http://www.sdesign.com:8080/cgi-bin/fwtest.cgi
http://scan.sygatetech.com/
http://www.dslreports.com/scan
http://www.dslreports.com/secureme (I love this one)

----------


(in reply to Ziptar)
Post #: 3
RE: Half-Life Server Unable to get WON Authorization ti... - 25.Dec.2001 7:04:00 PM   
Ziptar

 

Posts: 5
Joined: 24.Dec.2001
From: Beyond The Sun.
Status: offline
Thanks for the help... I have these opened up and created the rules... What confuses me is why does ISA not Block the traffic when it comes from behind the ISA server but then block the same traffic when it comes from the ISA server itself....

It's almost as if ISA is Ignoring my Config.. Has MS made the decision for me to not allow apps to run on the ISA server???

There has to be some sort of configuration or work around ??? I am vexed.....

[This message has been edited by Ziptar (edited 25 December 2001).]


(in reply to Ziptar)
Post #: 4
RE: Half-Life Server Unable to get WON Authorization ti... - 25.Dec.2001 9:48:00 PM   
HJB417

 

Posts: 187
Joined: 24.Jul.2001
From: nYc
Status: offline
well, depending on how you setup ISA, it's an all or nothing deal. You can either have block ISA block everything or block nothing coming to/from the ISA server. That's why you use the IP Packet filter, so you can tell ISA to block everything except for whatever rules are listed, or you could do vice versa. Allow everything except for these few rules/exceptions.

This is a good thing though, you don't have to worry about people remotely logging in to your computer, and if for some reason you get infected with a virus like code red, ISA will still block it's spreading to others on the internet from you.

Most firewalls work in this way though -> you gotta create some rules to tell it that this port is ok and to allow it.

Now, if only I could get starcraft to work from an ISA client...that would make my holiday season =)

------------------
5 computer network (1 win9x, 4 win2k), HPNA 1mb network, cable modem.

===================================
don't forget to do security tests
---------------------------------

http://www.vulnerabilities.org/analysis.html
http://www.sdesign.com:8080/cgi-bin/fwtest.cgi
http://scan.sygatetech.com/
http://www.dslreports.com/scan
http://www.dslreports.com/secureme (I love this one)

----------


(in reply to Ziptar)
Post #: 5
RE: Half-Life Server Unable to get WON Authorization ti... - 26.Dec.2001 6:37:00 PM   
Ziptar

 

Posts: 5
Joined: 24.Dec.2001
From: Beyond The Sun.
Status: offline
Yeah I understand that and can aprreciate what Firewalls do and how they work... However It's odd that the traffic is allowed for behind the ISA server but no on the ISA server... I could understand if the problem was due to multihoming but, the app and the ISA logs show that the external NIC is being used....

How do I allow the traffic on the ISA server???


(in reply to Ziptar)
Post #: 6
RE: Half-Life Server Unable to get WON Authorization ti... - 26.Dec.2001 8:28:00 PM   
HJB417

 

Posts: 187
Joined: 24.Jul.2001
From: nYc
Status: offline
it only ran from behind the ISA because you allowed it too. I'm sure you probably allowed that machine access to any site/destination. That's why it can authorize with WON. Players won't be able to join because packets will be sent the the ISA machine and you must tell the ISA machine to forward ports 27005, 27015, or whatever other ports HalfLife uses to the machine running behind the ISA.


How do I allow the traffic on the ISA server:

"Configuring filtering and routing:

When you enable packet filtering on Microsoft Internet Security and Acceleration (ISA) Server, all packets on the external interface are dropped unless they are explicitly allowed, either statically, by Internet Protocol (IP) packet filters, or dynamically, by access policy or publishing rules.

The opposite scenario is configured when you enable routing on ISA Server without enabling packet filtering. In that case, ISA Server simply routes all traffic between the Internet and your corporate network. In other words, ISA Server acts as a router, a device that connects disjointed networks by forwarding packets between them. This is not a recommended scenario for ISA Server."


personally, I would keep the the filtering on and just add rules when needed.
I'm guessing that this is how you do things, based on what little experience I have with ISA so please correct me whenever guys.

------------------
5 computer network (1 win9x, 4 win2k), HPNA 1mb network, cable modem.

===================================
don't forget to do security tests
---------------------------------

http://www.vulnerabilities.org/analysis.html
http://www.sdesign.com:8080/cgi-bin/fwtest.cgi
http://scan.sygatetech.com/
http://www.dslreports.com/scan
http://www.dslreports.com/secureme (I love this one)

----------


(in reply to Ziptar)
Post #: 7
RE: Half-Life Server Unable to get WON Authorization ti... - 29.Dec.2001 8:04:00 AM   
Ziptar

 

Posts: 5
Joined: 24.Dec.2001
From: Beyond The Sun.
Status: offline
Well I got this working .... I had to check the box for "Enable Filtering IP Options" in Configure Packet Filtering and Intrusion Detection.

Once I setup the filters for specific ports and IP's it appears to work...


(in reply to Ziptar)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Misc.] >> Gaming >> Half-Life Server Unable to get WON Authorization timing out Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts