I am having a problem with accessing online clipart files from office.microsoft.com through Word 2003.
When a user opens word and then does a search for clipart online, Microsoft Word 2003 locks up. When I remove the proxy in IE and allow the workstation direct access out they have no problem connecting.
Does anybody know what type of rule, or how I can allow access through the web proxy server to get this to work properly?
I am using Microsoft ISA 2004 EE server, clients are web proxy clients.
Make sure the Firewall client is installed, and then configure the *.microsoft.com sites for Direct Access. That way you still get authenticated access controls and bypass MS site issues with Web proxy devices in the path.
Thanks for the help. I can certainly install the firewall client, but was hoping not to. I also have Macintosh computers running Office 2004 for Mac in my environment. Since the MS Firewall client is only for Windows machines, this may be a problem also huh?
I have the same problem with Real Player in essance. Since those applications do not pass the authentication information to ISA, the ISA server rejects the connection attempt. The more I look at things, the more I think that I will have to disable the authentication features of ISA server. That is too bad, becuase I like the reporting and monitoring features that are based on user logins, etc., but I must have everything work properly. By the way, I work for a large k-12 school corporation in Indiana, so security is always a constant challenge with so many smart and enterprising young wannabe hackers out here.
I will shoot out the firewall client to workstations and try this. Thanks.
P.S. I find it amazing that you are able and willing to help so many users out here with your expertise. Being an author of great books, and also helping out the common admin out here is really nice of you. Thanks so much for your help and sharing your knowledge.
I have configured the sites for direct access and setup the firewall client as a test on a machine. I can eventually get to the clipart material, however it is very slow (like several minutes).
I keep seeing the following in my log:
0.0.0.0 ClipOrganizer No Proxy r.office.microsoft.com TCP GET - - - - - - 11/30/2005 7:22:25 PM 0 1 4699 334 0x0 0x0 11/30/2005 2:22:25 PM <CLIENT IP ADDRESS> <ISA SERVER INT ADDRESS> 80 http Denied Connection 12209 anonymous Internal http://r.office.microsoft.com/r/hlidAwsDglx<NAME OF ISA SERVER> Web Proxy Filter
(I removed the IP addresses for this post)
If I could just create a user named "anonymous" with no password and have that be used for the authentication, I could create a rule just for specific sites I guess that will allow this user "anonymous" access just to certain sites. That would work fine. But where could I create this user account? I wish that I could just disable authentication just for certain sites that I specify, that would help a lot I think. Even with the firewall client installed, it still did not help. As a matter of fact I cannot find anydifference if I have the client installed or just specify the proxy in the browser. Perhaps I do not have the firewall client properly enabled on the server itself. Time to crack open the "Configuring ISA 2004 Server" book!
Ok, I think I have figured it out. The change was not immediate. I also did not close out the browser. Removing proxy settings (even if it is the same server) and then restarting the web browser seemed to help out here. I am not sure why that is. But now it is working just fine. Thanks for your help Tom!