• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cleitn not auto detecting ISA server.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Cleitn not auto detecting ISA server. Page: [1]
Login
Message << Older Topic   Newer Topic >>
Cleitn not auto detecting ISA server. - 20.Jun.2006 3:39:14 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
I recently posted to the General forum about some problems that I’m having with a roll out of the ISA client but after doing some more research it all basically comes down to one problem.
 
We would like to install the Firewall client for ISA 2004 over GPO to make the rollout as smooth as possible but on any machine we test this with the system boots up and unable to automatically detect the ISA server and thus can’t pull down settings or block web-traffic.  We’ve made sure the server is set to publish automatic discovery information, we’ve made sure the WPAD information is out there BOTH on DNS and DHCP.  Still not able to detect the server on the client.
 
Ideas?
Post #: 1
RE: Cleitn not auto detecting ISA server. - 20.Jun.2006 3:55:35 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
The devil is in the details.

Please answer the following with actual details, not made up stuff:
What did you setup in DNS?
What did you setup in DHCP?
What port is WPAD listening on?
What SP level is ISA?
Did you apply SkipAuthenticationForRoutingInformation?
What does the FWCTool report?
What do you get if you type the WPAD URL in your browser?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to StarMedTechGuy)
Post #: 2
RE: Client not auto detecting ISA server. - 20.Jun.2006 4:40:55 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
I will certainly answer those questions to the best of my ability.  Keep in mind I’m about as green as green gets with ISA.
 
1) We followed the instruction in the book “ISA Server 2004 Unleashed” by Sams.  We created a host record and linked the server name to the IP address, then created the CNAME record, entered Wpad as the alias name and then entered the fully qualified domain name for the server.
 
2) Same run down for DHCP, followed the instructions in the SAMS books.  Went to DHCP console, right clicked on server, selected predefined options, hit add, put Wpad in for the name of the option, data type set as string, code: 252, in the string field entered “http://<IP ADDRESS OF ISA SERVER>/wpad.dat.
 
3) I’m assuming you’re referring to the port number listed when you select the options for “Publish Automatic Discovery information” in the ISA server.  That port number is 80.
 
4) I thought that someone had installed the service pack (I wasn’t the one that installed ISA on the server) but that may have not been the case.  I went to the help/about section and it listed the version number as 4.0.2163.213 but made no mention of a service pack being installed.  I’m assuming you will tell me to install the service pack, but I will hold off until you actually tell me to incase there is more that I should know.
 
5) To be honest... I don’t know what “SkipAuthenticationForRoutingInformation” is so I can only assume that this hasn’t been applied.
 
6) Have never used a FWCTool.
 
7) This page cannot be displayed.  Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.  Error Code: 400 Bad Request. The data is invalid. (13)

(in reply to LLigetfa)
Post #: 3
RE: Client not auto detecting ISA server. - 20.Jun.2006 5:17:14 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Help About on ISA 2K4/SP2 reports Version: 4.0.2165.594 but I don't recall what SP1 reports.  SkipAuthenticationForRoutingInformation needs at least SP1.
http://support.microsoft.com/default.aspx?scid=kb;en-us;885683
FWCTool may be downloaded from Microsoft and is a must have to troubleshoot WPAD issues.
http://www.microsoft.com/downloads/details.aspx?FamilyID=f20f6267-273d-4870-b1e8-799b261b4786&DisplayLang=en

Did you enter the URL http://<IP ADDRESS OF ISA SERVER>/wpad.dat when you got your 400 error?  Is the URL in your DHCP option all in lowercase?

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to StarMedTechGuy)
Post #: 4
RE: Client not auto detecting ISA server. - 20.Jun.2006 6:50:02 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
Just to be sure I just went ahead and loaded SP2, The version number went from 4.0.2163.213 to 4.0.2165.594, but had no luck after that.
 
Went to the SkipAuthenticationForRoutingInformation site that you linked to and that did it for me.
 
The only thing left for me to do now is to configure the MSI so it doesn’t have IE go through a proxy and so that it doesn’t give end users the ability to disable the client an I’ll be set.  I think I found a good article in regard to the user access to client issue and supposedly that’s resolved by just restarting the computer again so we’ll see about that.  But do you know of any ways (or any good articles or forum entries that mention how) to edit the MSI appropriately so that it will not enable the client computer to look to the ISA server for proxy settings?
 
Thanks again for all your help so far!

(in reply to LLigetfa)
Post #: 5
RE: Client not auto detecting ISA server. - 20.Jun.2006 8:27:01 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
I don't know why you would want to disable proxy in IE.  I like to have FWC autodetect and I configure FWC to set IE to GetRoutingScript.  THat gives you the best of both worlds.  IE using WP will log the domain names in the URLs rather than just the IPs.

I know not of a clean way of preventing the users from disabling FWC but if they do, they get denied access to the internet so they don't mess with it.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to StarMedTechGuy)
Post #: 6
RE: Client not auto detecting ISA server. - 20.Jun.2006 8:39:38 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
Well what I’ve noticed is that if the proxxy settings are still in place a user can get on the net but it pops up a windows asking for username, password and domain.  Plus there is a little checkbox on the lower left to have the computer document what you have entered for future reference.  On my test machine I have only had to enter this once but on production machines or users who have volunteered to be guinea pigs we have been experiencing times where this pops up over and over and over again.
 
Once I go into IE and disable automatically detect settings that problem goes away and the firewall agent continues to block the websites that need to be blocked.  The problem is that I’ve noticed if I disable that option and it’s not automatically getting settings, some ASP pages won’t work at all.
 
So honestly, if I could keep that box that asks for username, password and domain from popping up I would have no problem going with the detect settings option.
 
Thoughts?

(in reply to LLigetfa)
Post #: 7
RE: Client not auto detecting ISA server. - 20.Jun.2006 8:48:16 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Change your authentication to only integrated and the prompts should go away.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to StarMedTechGuy)
Post #: 8
RE: Client not auto detecting ISA server. - 20.Jun.2006 10:29:33 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
Ok... is that something I have to do on the client end, or the server end?  Anf where would I do that in either case?

(in reply to LLigetfa)
Post #: 9
RE: Client not auto detecting ISA server. - 20.Jun.2006 11:45:17 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
Never mind.  I looked up the help file and found what you had mentioned and I’m going to try this out and see what happens.  If I have any other questions I’ll let you know.
 
Thanks once again.  You’ve been an awesome help!

(in reply to LLigetfa)
Post #: 10
RE: Client not auto detecting ISA server. - 20.Jun.2006 11:50:50 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

ORIGINAL: LLigetfa

Change your authentication to only integrated and the prompts should go away.




_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to LLigetfa)
Post #: 11
RE: Client not auto detecting ISA server. - 21.Jun.2006 12:06:22 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
quote:

The problem is that I've noticed if I disable that option and it's not automatically getting settings, some ASP pages won't work at all.


have u applied the hotfix for SP2 ??

Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2

You may receive a blank page when your browser submits a POST request to an ASP Web page through ISA Server 2004

HTH





< Message edited by elmajdal -- 21.Jun.2006 12:08:03 AM >


_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to StarMedTechGuy)
Post #: 12
RE: Client not auto detecting ISA server. - 22.Jun.2006 3:11:10 PM   
StarMedTechGuy

 

Posts: 15
Joined: 19.Jun.2006
From: Kansas City, Mo
Status: offline
I installed SP2 while trying to resolve the previous issue and the ASP issue went away as well so I’m assuming SP2 fixed it.  Thank you very much for the information anyway!

(in reply to elmajdal)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Cleitn not auto detecting ISA server. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts