Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Publishing error on ISA 2006 EE
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Publishing error on ISA 2006 EE - 15.Jul.2008 10:52:04 AM
|
|
|
cruxxe
Posts: 1
Joined: 14.Jul.2008
Status: offline
|
Hi,
I have read through quite a number of threads and have searched through the Internet but I cant seemed to get any resolution to what appears to be a simple problem. I noticed there are many who are facing similar issues but attempts to use the solutions that they get do not result in anything good. I am hoping someone here will be able to help.
I am currently trying to publish a web server residing in my internal network using a unihomed ISA EE server sitting in my DMZ. The website will be using SSL and the necessary ports on the firewall are opened. I have tested internally and its working fine.
My setup is as follows -
1. External URL - https://Companyurl/folder pointing to External IP (external DNS - Ok)
2. External IP is NAT to DMZ IP of ISA 2006 EE Server on Workgroup (currently using only 1 array but will be putting in more) with Port 443 open
3. ISA 2006 EE Server is configured as a uni-homed network for reverse-proxy
Network Rules
Local Host Access - Relation : Route Source : Local Host Destination : All Networks (and Local Host)
Internet Access - Relation : NAT Source : Internal Destination : External
Firewall Policy Rules
Name : ABC
Action : Allow
From : Anywhere
To : Companyurl (no computer name or IP defined) with Forward original host header and Requests appear to come from ISA checked
Traffic : HTTPS
Listener : WEB-HTTPS
Network : All Networks (and Local Host)
Connections : Enable SSL on 443
Certificate : Single certificate for this Web Listener (certificate bears the name of the
Companyurl)
Authentication : SSL Client Certificate Authentication (Advanced setting is default)
Forms : Greyed out
SSO : Greyed out
Public Name : Requests for the following Website - company url and external ip (for testing)
Paths : /foldername/* (tested /foldername) - external path and internal has the same
Authentication Delegation : No delegation, and client cannot authenticate directly
Application Setting : Greyed out
Bridging : Web Server - Redirect requests to SSL Port 443 using the same cert as above
Users : All Authenticated Users
Schedule : Default setting
Link Translation : Default setting
I have an additional Access Rule in the Enterprise Policy other than the Default one
Name : External - ISA
Action : Allow
Protocols : HTTPS
From : All Networks (and Local Host)
To : Local Host
Users : All Users
Schedule : Default setting
Content Type : Default setting
My host file in system32\drivers\etc has
Webserver internal IP pointing to company url
Nslookup
Companyurl shows Webserver internal IP
Webserver internal IP shows FDQN of the webserver residing in company domain
Webserver
There are other sites sharing the same webserver and default website
Default Web Site
Website access - 80 and 443 set with host header (Companyurl pointing to webserver internal ip at Port 80)
Only Read, Log visit and Index Resource checked
Default Apps name with Scripts only in Execute permissions
Enable annoymous access checked using IUSR user with no authenticated access config
Certificate installed with Companyurl certificate
Virtual Directory
Only Read, Log visit and Index Resource checked
No Apps name with Scripts only in Execute permissions
Documents - pointing to default.cfm
Enable annoymous access checked using IUSR user with no authenticated access config
Certificate installed with Companyurl certificate
Internal Access
When internal users type in https://Companyurl/folder, its running fine. When you ping the Companyurl, you will get the webserver internal ip
External Access
When users trying to access https://Companyurl/folder , I will get the following sequence
1. Users will be prompted to choose a certificate for authentication although there are no certs in the box
2. When user click ok, user will get Page cannot be displayed with Error code: 401 Unauthorized.The server requires authorization to fulfill
the request. Access to the Web Server is denied. Contact the server administrator (12209)
Checking on the logfile generated shows
SourceIP anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.14322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) 2008-07-14 15:39:21 ISAServername - - ISADMZIP 443 - 327 - - GET - - 64 ABC Req ID: 0aed01a0; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% - - 0x2 Failed -
SourceIP anonymous Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.14322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) 2008-07-15 00:39:51 ISAServername - Companyurl ISADMZIP 443 1 327 2335 https GET http://Companyurl/folder - 12239 ABC Req ID: 0aed01a2; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% - - 0x0 Denied -
Checking on the monitoring log in ISA
Date Time ClientIP ISADMZIP 443 - Failed Connection Attempt ABC
- 64
anonymous - - http://Companyurl/folder ISAServername Web Proxy Filter
Date Time ClientIP ISADMZIP 443 HTTPS Initiated Connection -
0x0 ERROR_SUCCESS -
- Internal Local Host - ISAServername Firewall
Date Time ClientIP ISADMZIP 443 HTTPS Closed Connection -
0x80074e21FWX_E_ABORTIVE_SHUTDOWN -
- Internal Local Host - ISAServername Firewall
Date Time ClientIP ISADMZIP 443 https Denied Connection ABC
- 12239 The server requires authorization to fulfill the request. Access to Web Server is denied. Contact the server administrtor
anonymous - - http://Companyurl/folder ISAServername Web Proxy Filter
Date Time ClientIP ISADMZIP 443 HTTPS Initiated Connection -
0x0 ERROR_SUCCESS -
- Internal Local Host - ISAServername Firewall
Date Time ClientIP ISADMZIP 443 HTTPS Closed Connection -
0x80074e21FWX_E_ABORTIVE_SHUTDOWN -
- Internal Local Host - ISAServername Firewall
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
