Anyone have issues with logging into Yahoo games? I have an access rule for the games ports (initial:11000-12000 outbound; secondary:11000-12000 inbound), however, when I try to login to yahoo games it asks me to verify my password and when I do, it just keeps prompting me to verify over and over again.
I've been monitoring the ISA server and don't see any denials and am now a bit perplexed.
That was really strange... When I was done typing the previous message, I went back to the browser window that kept prompting me for my password over and over, and it was logged in. I did see it post back asking for me to enter my password again, so I know it wasn't just taking a long time to process or anything...
Hmmm, well, it's still an issue, just don't know how to explain it now. :/
The site may require direct access and bypassing the Web Proxy filter. In your AR, go to the Properties dialog box and click the Protocols tab. Then click the HTTP protocol and click Edit. Click the Parameters tab and then remove the checkmark for the Web Proxy filter.
You might want to do this just for selected sites, so you can create a domain set with the sites that you want to allow direct access for (by Web Proxy) and set those in the "To" tab.
I finally got the chance to try your suggestion out, however, it didn't work out. It almost seems like it's either a Yahoo problem or just a bug in the beta.
I did notice that if I went to Yahoo's main page and logged, then went to the game site, it would *sometimes* let me in without the repeated prompts to verify my password. It only happens on that site as well. All other sites, including ones that require authentication, work just fine.
Maybe Microsoft just dislikes Yahoo or something!
Thanks for your suggestion Tom, I really appreciate it! BTW, I loved your ISA 2000 book, can't wait for the update!
Yahoo issues have always been a popular topic around here. I don't use any of the Yahoo services, so its been hard for me to figure out what's going on with them. Another thing you might try is to configure the Web Proxy client settings for the Internal Network so that the Web Proxy clients bypass the Web Proxy filter for the *.yahoo.com domains.
I did try playing around with the web filters a bit, when that didn't initially work, I deleted all the protocols that I defined for Yahoo, then just made a policy for all outbound protocols to *.yahoo.com and that worked fine. I think what is actually happening is that there are several more ports that Yahoo needs for certain areas of their web site that they don't publish in their help files.
I guess if I want to make this a more secure policy, I'm going to have sit and watch everything that goes through to Yahoo and see what ports they are using. Anyway, in the meantime this will work fine too. This is only a test server, but I know once it moves into production, I'll have 200 users complaining about Yahoo, just like when ISA 2000 went into place.
Thanks for all your help! It's always great getting your advice!
I just wanted to post a quick follow up to the above. Today, I was playing around and found that Yahoo started doing the same thing to me again as far as consistently prompting me for my password after I tried logging in (even with the wide open policy to *.yahoo.com).
After going through the logs, what I realized that it wasn't necessarily the ports that was preventing me from logging on, but the cache. I created a cache policy to prevent any caching of *.yahoo.com and got right on after that. I didn't do a lot of testing with it after that, but it did work. So, if anyone else is having any difficulty with Yahoo, give that a try first, that might just work for you.