• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Program can't access if Rules applied to Authenticated users

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Program can't access if Rules applied to Authenticated users Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Program can't access if Rules applied to Authenticated ... - 1.Apr.2006 10:29:44 AM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello Dears,

I have a weird problem,my company develop an application that used to monitor Gulf Stock Markets.

here is the link for the website for more details:

http://www.almuashir.com/english/home.asp

The problem is some customers work in a Network that has ISA server installed,and when they
run the application it can't access the internet.

I check with their I.T managers and I found that there is no restrictions at all and noticed that they apply
the firewall rule to All authenticated users.

I test the program with their configuration which is :

Allow - All outbound protocols - internal and local host - external - all authenticated users


I changed to all users and the program worked just fine but when applying the policy to all authenticated
users it didn't work.


So,what is wrong here?,and what should we do?

here's a link to download the program:

http://www.almuashir.com/english/imagesnew/AlmuashirExpressn.exe


and this is a link for a required update :

http://www.almuashir.com/english/imagesnew/dlm.exe

after installing the program run the update and then run the program which called AlmuashirExpress
then enters these information:

username : tgtalal
password : tgtalal


if you face any problems unpacking the application change the language to Arabic...

I hope to find answer for this problem or even an explanation for it.

Thanks
Post #: 1
RE: Program can't access if Rules applied to Authentica... - 1.Apr.2006 3:27:31 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Sandy,

quote:

I changed to all users and the program worked just fine but when applying the policy to all authenticated
users it didn't work.
 

That means that your application can't authenticate against the ISA server. You can solve that problem in two ways:
- either make sure the application can act as a Web Proxy client *and* can authenticate against the ISA server,
- or install the Firewall client on the clients computer and make sure the applucation is not acting as a Web Proxy client.

HTH,
Stefaan

(in reply to Sandy)
Post #: 2
RE: Program can't access if Rules applied to Authentica... - 1.Apr.2006 3:51:48 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

- or install the Firewall client

Assuming of course that the application uses winsock.

If it uses WinHTTP, it could be as simple as setting PROXYCFG.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to spouseele)
Post #: 3
RE: Program can't access if Rules applied to Authentica... - 1.Apr.2006 4:06:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Les,

is WinHTTP not covered by solution 1, that means acting as a Web Proxy client?

Thanks,
Stefaan

(in reply to LLigetfa)
Post #: 4
RE: Program can't access if Rules applied to Authentica... - 1.Apr.2006 4:37:20 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

is WinHTTP not covered by solution 1

Perhaps, but I am unsure if, as in the case of Windows Update, lack of authentication support is a limitation of WinHTTP or WU.  As with WU, it may be necessary to create an anonymous rule.

Since WinHTTP doesn't use winsock, the FWC might not help there.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to spouseele)
Post #: 5
RE: Program can't access if Rules applied to Authentica... - 1.Apr.2006 5:56:44 PM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello Dears,

Thanks, but what is Web proxy client there are some expresions that I don't understand
I'll be appreciated if I have more Details

Thanks

(in reply to LLigetfa)
Post #: 6
RE: Program can't access if Rules applied to Authentica... - 1.Apr.2006 6:22:30 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
ISA has 3 types of clients:

1- Secure-Nat Client
2- Web Proxy Client
3- Firewall Client


check this for more :

ISA Server Client Types

and also if u want

Selecting the ISA Server Client Type

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Sandy)
Post #: 7
RE: Program can't access if Rules applied to Authentica... - 2.Apr.2006 8:28:01 AM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello Dears,

Ok,I get it and know the types of clients...all I know that the program is work on the default HTTP port 8080
(it is the default port in Saudi Arabia).

So,How to make the program authenticate against the ISA server?

Thanks

(in reply to Sandy)
Post #: 8
RE: Program can't access if Rules applied to Authentica... - 2.Apr.2006 3:41:55 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

So,How to make the program authenticate against the ISA server?

That is not an ISA question.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to Sandy)
Post #: 9
RE: Program can't access if Rules applied to Authentica... - 3.Apr.2006 8:53:58 AM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello,

Okay, all I need is brief explanation so I can tell the developers what is the problem exactly,did you get what I mean?

Thanks


(in reply to LLigetfa)
Post #: 10
RE: Program can't access if Rules applied to Authentica... - 3.Apr.2006 1:50:20 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
hi sandy,

is the software installed in a Domain Enviroment ??


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Sandy)
Post #: 11
RE: Program can't access if Rules applied to Authentica... - 4.Apr.2006 4:22:08 PM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hi elmajdal,


yes,it is installed in a Domain environment.
 

(in reply to elmajdal)
Post #: 12
RE: Program can't access if Rules applied to Authentica... - 4.Apr.2006 11:54:23 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
lets say this application is used by Sandy , then we need to create a new user is ISA and seleect ur username from AD, call it Sandy

k,  create a rule:

Action : Allow
Protocols : All Outbound Protocols
From : Internal
To : External
Condition : Sandy


make sure that the firewall client is installed and poiting correctly to ISA server. also it might help to set the user as a Secure nat client ( Set ur users default gateway to be ISA internal NIC IP )

HTH


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Sandy)
Post #: 13
RE: Program can't access if Rules applied to Authentica... - 8.Apr.2006 12:33:18 PM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello elmajdal,

I done excatly what you told me and it was the same problem,I create a user and excits in the domain
and make it a SecureNat Client and te firewall client is installed corretly.

Bty...there is only two rules one to access the server and the other one is what you told me to do.

so,any other Idea

Thanks

(in reply to elmajdal)
Post #: 14
RE: Program can't access if Rules applied to Authentica... - 9.Apr.2006 5:57:29 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

Bty...there is only two rules one to access the server and the other one is what you told me to do.


whats the first rule ??

how about other applications like Outlook 2003  ? it as working properly ?

one last question , does this software has any settings inside it to set it to access the internet  ?

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Sandy)
Post #: 15
RE: Program can't access if Rules applied to Authentica... - 10.Apr.2006 8:40:32 AM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello,

the other rule is :

Allow - All outbound Traffic - Internal - Local Host - All users

Dear, I tried Outlook 2003 and it worked just fine and it has no specific settings to access the internet it just work in the default port of HTTP which is 8080 (in Saudia Arabia).

let's see what's next and I'm with you and the other guys until find a solution or explanation to this problem.

Thanks

(in reply to elmajdal)
Post #: 16
RE: Program can't access if Rules applied to Authentica... - 10.Apr.2006 4:28:43 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
 
tgtalal is not a correct username and password , please double check as i cant log in .

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Sandy)
Post #: 17
RE: Program can't access if Rules applied to Authentica... - 10.Apr.2006 4:49:33 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
sandy , i think i found the reason.


if u need authentication , then DONT use this application on a WEB Proxy Client.

i have tried it with Firewall client ONLY ( No need to be also a secure-Nat ) and its working and not giving me the firewall error message , but as i told u its telling me wrong username and password.

so u want it to work with authentication , then make sure the client is ONLY a firewall client and NOT a Web Proxy Client. ( make sure there is no proxy set in the Connection tab in Tools > Internet Options > Connection > Lan Settings )

also make sure this checkbox is not enabled :




HTH




_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to elmajdal)
Post #: 18
RE: Program can't access if Rules applied to Authentica... - 11.Apr.2006 8:45:24 AM   
Sandy

 

Posts: 17
Joined: 19.Jan.2006
Status: offline
Hello elmajdal ,

I really appreciate your effort...

I done exactly the same you do,I make it a Firewall client only no secure nat no web proxy, I removed the proxy set from connection tab I remove the mark from " Enable Web browser automatic configuration " ,but unfortunately the same problem .

I tried the username tgtalal with a password tgtalal and it really worked,so any other ideas in this hopeless case.

Thanks

(in reply to elmajdal)
Post #: 19
RE: Program can't access if Rules applied to Authentica... - 11.Apr.2006 3:03:55 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
it seems that i forgot to install the update , i will try to install it today when iam in office and try again if anything else differ, maybe after the update i will be able to logon.

< Message edited by elmajdal -- 11.Apr.2006 3:07:08 PM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to Sandy)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Program can't access if Rules applied to Authenticated users Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts