• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problem after upgrade to ISA2006 SP1

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> Problem after upgrade to ISA2006 SP1 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problem after upgrade to ISA2006 SP1 - 21.Jul.2008 11:44:54 AM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
I have a strange problem ever since upgrading ISA 2006 to SP1.
ISA not a domain member, set as a front firewall and using the LDAPS.
Exchange2003 SP2 published behind it, Outlook Anywhere rules created. Everything worked perfect before SP1.
Now the problem is: you open up Outlook 2007, the pop-up with login name and pass shows up. If you enter a wrong password it keeps trying and trying until in the end the account gets locked out in Active Directory.
Before if you typed in a wrong password the pop-up kept coming back alowwing you to re-enter it. Not any more.

Anyone else seeing this problem?
Post #: 1
RE: Problem after upgrade to ISA2006 SP1 - 22.Jul.2008 11:31:05 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Are there any entries in the ISA firewall's log files to help troubleshoot this?

Anything showing up in the Event Viewer?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to remushociota)
Post #: 2
RE: Problem after upgrade to ISA2006 SP1 - 22.Jul.2008 2:49:34 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Hey Tom before anything else let me tell you that I am able to reproduce this on my test environment and I can say for sure it is linked with SP1 for ISA 2006.
Do you know if there is any way I can contact Microsoft and let them know about this issue?

I created in my virtual machines the same scenario as online: ISA non domain member. Authentication made via LDAPS. Exchange2003 with SP2 (all installed on 1 server here, meaning DC and exchange) and a client XP with Outlook 2007 trying to connect via Outlook Anywhere.
Without the SP1 installed if in the initial pop-up that comes up when you open Outlook to enter your username and password you put a wrong password then the pop-up comes up again and you can retype.
After SP1 is installed if I put a wrong password the pop-up does not come up anymore... and it tries and tries with that wrong password until the account is locked out in AD as I have set it to lock out after 5 attempts.
If I put the right password in it works fine even after SP1. It is just that case with the wrong password that is affected.

I am sure this is an issue, if you want I can put my test environment online and give you access and you can take a look for yourself as I think this is an interesting finding. Let me know and I can PM you my email address with the details.

< Message edited by remushociota -- 22.Jul.2008 3:24:07 PM >

(in reply to tshinder)
Post #: 3
RE: Problem after upgrade to ISA2006 SP1 - 22.Jul.2008 3:18:37 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
I can't find anything relevant in logs...
In ISA it starts with a few of these:

Denied Connection ISA 7/22/2008 3:09:15 PM
Log type: Web Proxy (Reverse)
Status: 12232 The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. 
Rule: ex
Source: (192.168.1.108)
Destination: (192.168.1.50:443)
Request: RPC_IN_DATA http://mail.domain.com/rpc/rpcproxy.dll?mail.domain.com:6002
Filter information: Req ID: 06d4f7d9; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: MSRPC
Object source: (No source information is available.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 360 ms
MIME type: 

and

Denied Connection ISA 7/22/2008 3:09:15 PM
Log type: Web Proxy (Reverse)
Status: 12232 The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. 
Rule: ex
Source: (192.168.1.108)
Destination: (192.168.1.50:443)
Request: RPC_OUT_DATA http://mail.domain.com/rpc/rpcproxy.dll?mail.domain.com:6002
Filter information: Req ID: 06d4f7db; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: MSRPC
Object source: (No source information is available.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 280 ms
MIME type:

and the same but for port 6001


and then I get the

Initiated Connection ISA 7/22/2008 3:09:16 PM
Log type: Firewall service
Status: 
Rule: [System] Allow access to directory services for authentication purposes
Source: Local Host (10.0.0.1:1226)
Destination: Internal (mail.domain.com 10.0.0.4:636)
Protocol: LDAPS
User: 
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0 ms Original Client IP: 10.0.0.1
Client agent:  

And then nothing relevant. Again this is a setup that works 100% if you enter the right password.

< Message edited by remushociota -- 22.Jul.2008 3:20:07 PM >

(in reply to remushociota)
Post #: 4
RE: Problem after upgrade to ISA2006 SP1 - 23.Jul.2008 9:12:27 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Interesting. I'll see if anyone else has had a similar problem. Try uninstalling SP1 and see if you have the same problem.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to remushociota)
Post #: 5
RE: Problem after upgrade to ISA2006 SP1 - 23.Jul.2008 10:57:29 AM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Ok Tom I just uninstalled SP1, restarted and the problem is gone.
Now if I enter a wrong pass the pop-up comes up again and I get to re-enter it.
So for sure it is linked to SP1.
Let me know your findings please.

thanks,
remus

(in reply to tshinder)
Post #: 6
RE: Problem after upgrade to ISA2006 SP1 - 23.Jul.2008 1:52:25 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Hey Tom because I was so sure this is a bug in the new SP1 I decided to go ahead and run it through Ms Support. Yes yes I paid the 99$, you guys can thank me later :)
As of matter of fact it seems they will refund me the fee as it seems to be a problem in ISA per the escalation engineer reply to my email:

Hi Remus,

This case has been escalated to me. I am the escalation engineer for ISA server team. I will be the point of contact moving forward. Already I have identified some root cause for this issue. I will analyze the provided traces and will keep you posted.

Once I have the result of all my debugging, then I will start working with isa developer and if we come up with a hotfix, I will send it to you.

Thanks so much for reporting this problem to Microsoft.


So guys once I have it you will have it :)

(in reply to remushociota)
Post #: 7
RE: Problem after upgrade to ISA2006 SP1 - 24.Jul.2008 9:36:26 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Remus,

We won't thank you later, we'll thank you now!

Yes please, let us know what you find out.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to remushociota)
Post #: 8
RE: Problem after upgrade to ISA2006 SP1 - 24.Jul.2008 9:40:03 AM   
Jim Harrison

 

Posts: 271
Joined: 5.May2001
From: Redmond, WA
Status: offline
It's a bug.

Call CSS and add yourself to the lucky list.

Jim

_____________________________

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
My ISAServer.org Stuff
My Site

(in reply to tshinder)
Post #: 9
RE: Problem after upgrade to ISA2006 SP1 - 24.Jul.2008 2:36:51 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Ok today the escalation engineer sent me a what is called "private hotfix". I installed it and it fixes the problem.
His suggestion is to wait for production for an hotfix update which will undergo some QA from Ms first... so as soon as I have that one I will let you know also.

Speaking of which... is there any really easy way to keep up with what Ms releases in terms of hotfixes for ISA 2006 sp1?
He said they are cumulative so what should we do? Go on their website and search for them every 2 months or so?

(in reply to Jim Harrison)
Post #: 10
RE: Problem after upgrade to ISA2006 SP1 - 3.Aug.2008 9:58:02 PM   
remushociota

 

Posts: 64
Joined: 12.Apr.2004
Status: offline
Ms issued me the official hotfix however it is on a temp server with a ZIP with password and I don't know if it's ok to make that public now.
However the KB Article Number this issue will be found under is 956269. In about 2-3 weeks they said...

Hope this helps other people as well,

remus

P.S. They just called me now and told me that the KB article containing my fix and another one (some other problem in SP1) will be found under KB 956269.

< Message edited by remushociota -- 4.Aug.2008 1:36:04 PM >

(in reply to remushociota)
Post #: 11
RE: Problem after upgrade to ISA2006 SP1 - 5.Aug.2008 10:41:37 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Remus,

Thanks!!! Great work.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to remushociota)
Post #: 12
RE: Problem after upgrade to ISA2006 SP1 - 4.Sep.2008 3:29:53 AM   
sunnyyupi

 

Posts: 1
Joined: 4.Sep.2008
Status: offline
Thanks for valuable news, but sorry that since not found the KB 956269..., but I've very urgent to need this fix, may you share?

(in reply to remushociota)
Post #: 13
RE: Problem after upgrade to ISA2006 SP1 - 4.Sep.2008 4:12:29 AM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Please call Microsoft support (http://support.microsoft.com/contactus/?ws=support) and ask to get hotfix KB 956269.

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to sunnyyupi)
Post #: 14
RE: Problem after upgrade to ISA2006 SP1 - 10.Sep.2008 9:03:12 AM   
shekharsahab

 

Posts: 4
Joined: 4.Jan.2008
Status: offline
Got that patch , however my problem is still the same

https://abc.mail.com/exchange/  is not working and going in loop whereas https://abc.mail.com/owa/ works .

(in reply to elmajdal)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> Problem after upgrade to ISA2006 SP1 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts