Firewall Client Blocking Outgoing Requests (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client



Message


llong -> Firewall Client Blocking Outgoing Requests (9.May2006 2:53:55 AM)

I have a web application I have built that calls an external sql server database, calls UPS via HTTP for shipping quotes and calls a payment processor via HTTP. When I run the web application from inside Visual Studio 2005 using the visual studio localhost, the application runs fine. When I publish the web application to the the IIS on the same computer, when I run the web application from there I can't access the external database, UPS or the payment processor.

The error I recieve for the external database call is that the SQL Server database does not allow remote connections, and the UPS call says it can't connect to the remote server.

I few months ago when I first had this problem, I found that if I un-installed the ISA Firewall Client from my machine, everything worked fine. But all of the sudden today, I could not access the external database, or even Remote desktop to the database server. So I re-installed the ISA 2004 Firewall client on my machine and I am back to square one, it seems I can access anything external ONLY when the web app is when published from IIS and it still works fine from within Visual Studio.

What could be blocking my access?

Any ideas?




davehocking -> RE: Firewall Client Blocking Outgoing Requests (29.Sep.2006 6:11:51 PM)

I am experiencing the exact same problem, but have a little more information to add to the mix, hopefully someone will have an idea or some experience that might help.

I have noticed that rather than using TCP:1433 (MS SQL) for the connection, the firewall clients try to connect to the SQL server on TCP:445 and TCP:139 (Windows file sharing ports). The connections are denied by the default rule (Result Code: 0xc0004000d FWX_E_POLICY_RULES_DENIED)

Sadly, disabling the Firewall Client isn't enough, so even if we could figure out how to get the client to disable itself for the "aspnet_wp" application, I doubt it would make a difference.

Stopping the Firewall Service does work however, except this isn't a useful work-around.

I can confirm that once the firewall client service is stopped, the ISA server 'sees' proper SQL traffic on TCP:1433 and the correct rule is used to allow the traffic.

We have verified that this is a Firewall Client issue using a packet capture from  the affected client. When the service is running, the box only attempts to use TCP:445 and TCP:139. No SQL traffic is ever sent by the client.

Any help on this matter would be greatly appreciated, somehow I doubt I'll get very far with MS Tech Support for ISA (previous experience of the Indian call centres hasn't been great).

Cheers folks,
Dave

Thanks in advance,
Dave




Page: [1]