• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Auto Discovery Not Working

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Auto Discovery Not Working Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Auto Discovery Not Working - 3.Jun.2009 8:21:23 AM   
jpdw

 

Posts: 43
Joined: 27.Jan.2009
Status: offline
I have followed the steps to setting up ISA to automatically give proxy settings to users that use our network.

I used Shinder's book "How to cheat a configuring ISA Server 2004"

Neither Webproxy users or Firewall clients want to automatically discover ISA Server and I FOLLOWED the steps.

It Did Not Want To Work.

Is there a reason for this or does ISA once again need to have a third party program to make this feature actually work.
Post #: 1
RE: Auto Discovery Not Working - 10.Jun.2009 11:46:24 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Open a web browser on a client.   Go to /wpad.dat">http://<yourISAserver>/wpad.dat
What do you get?
Repeat the above using the same Client with /wspad.dat">http://<yourISAserver>/wspad.dat
What do you get?

_____________________________

Phillip Windell

(in reply to jpdw)
Post #: 2
RE: Auto Discovery Not Working - 10.Jun.2009 12:12:58 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Formatting gone a bit screwy Phil

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to pwindell)
Post #: 3
RE: Auto Discovery Not Working - 10.Jun.2009 12:22:47 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Yes it is.
It didn't look like that when I typed it in and sent it.

_____________________________

Phillip Windell

(in reply to Jason Jones)
Post #: 4
RE: Auto Discovery Not Working - 10.Jun.2009 2:23:34 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Just a reminder....if you are using a Windows Server 2008 DNS server, or if you have the MS09-008 update applied to your Windows Server 2003 DNS server, WPAD will not work as expected.  By defaul, Server 2008 (and Server 2003 with MS09-008 update) employ a global query block list that prevents registration and operation of entries for WPAD and ISATAP.  More information here...

http://download.microsoft.com/download/5/3/c/53cdc0bf-6609-4841-a7b9-cae98cc2e4a3/DNS_Server_Global_%20Query_Block%20List.doc

http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx

http://support.microsoft.com/kb/968732/

http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx



_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to jpdw)
Post #: 5
RE: Auto Discovery Not Working - 10.Jun.2009 2:58:08 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ah, yes. Thanks very much Richard. I keep forgetting about that.

Irony alert!
The KB article will not "print" with IE7,...at least not mine.  I open it with Firefox,..it prints just fine.
I've been seeing this kind of crap with a lot of the pages on MS's site lately.

_____________________________

Phillip Windell

(in reply to richardhicks)
Post #: 6
RE: Auto Discovery Not Working - 10.Jun.2009 4:47:57 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
That is ironic. 

This new DNS functionality is certainly a welcome security feature, but it does tend to bite people trying to implement it.  Not sure if that's what the trouble is here, but I thought it was worth mentioning.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to pwindell)
Post #: 7
RE: Auto Discovery Not Working - 11.Jun.2009 4:09:11 AM   
jpdw

 

Posts: 43
Joined: 27.Jan.2009
Status: offline
 If I type /wpad.dat">http://<my isaserver>/wpad.dat or http://<my isaserver>/wpad.dat

I get a HTTP 404 error that it could not find the page.

If a type http://wpad.IsaServerName.local I get a page that says Welcome to Windows SBS 2003 with icons to choose if I want to go to my company website, network configuration wizard, remote web workplace etc.

I also dont have the DNS security update MS09-008 update block list thing installed on my server.

What I also found strange is that if I install the firewall client on a workstation. The firewall client does not want to automatically find my Isa Server, I have to do it manually. If the workstation is restarted, I have to connect manually with the firewall client again.


(in reply to jpdw)
Post #: 8
RE: Auto Discovery Not Working - 11.Jun.2009 5:21:43 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
It doesn't look like you have enabled WPAD properly.

Try following this:

http://technet.microsoft.com/en-us/library/cc713344.aspx

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to jpdw)
Post #: 9
RE: Auto Discovery Not Working - 11.Jun.2009 5:45:50 AM   
jpdw

 

Posts: 43
Joined: 27.Jan.2009
Status: offline
Jason according to the articel from this link http://technet.microsoft.com/en-us/library/cc713344.aspx

I notice that Im missing a wpad.dat file that should be in my root folder of ISA installation.

How do I create a wpad.dat configuration file or can i download one, how do you do this?

The alternative is to either move the wpad.dat file to another system but I rather have it on the ISA server.

Thanks for your help.

(in reply to jpdw)
Post #: 10
RE: Auto Discovery Not Working - 11.Jun.2009 6:59:23 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
It is created automatically by ISA when you enable the Publish automatic discovery information option in ISA.

The file is not "visible" in the file system with ISA.

You can only acces it using the http://ISA-Server-Name/wpad.dat or http://ISA-Server-Name/wspad.dat references.

This assumes that you have left the automatic discovery port on port 80.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to jpdw)
Post #: 11
RE: Auto Discovery Not Working - 11.Jun.2009 8:13:30 AM   
jpdw

 

Posts: 43
Joined: 27.Jan.2009
Status: offline
I changed the port vaules on the webproxy autodiscovery and the DHCP to 8080

and am now able to view the wpad.dat files.

However the workstations on my network are still not able to discover ISA through IE using automatic detection except for my PC.


(in reply to jpdw)
Post #: 12
RE: Auto Discovery Not Working - 11.Jun.2009 9:54:17 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Put it back on 80.
DNS will not work with it on 8080.

ISA is supposed to be listening for "web requests" on 8080
Make sure you have not changed that to 80.

ISA listens web requests on 8080
ISA listens for WPAD script requests on 80
DHCP will use WPAD on any port,...but DNS will not and will only work on 80
Without DNS working with WPAD no Static Machines will work with WPAD leaving only the DHCP Clients.

_____________________________

Phillip Windell

(in reply to jpdw)
Post #: 13
RE: Auto Discovery Not Working - 11.Jun.2009 10:21:26 AM   
jpdw

 

Posts: 43
Joined: 27.Jan.2009
Status: offline
I have changed the webproxy auto discovery port back to 80 for the DNS server and I left the DHCP server to http://issachar:8080/wpad.dat

and since I have changed the DHCP port to 8080 from 80 I was able to download the wpad.dat or wspad.dat.

Im not able to browse automaitcally from IE yet from any other workstation on our network except my own workstation.

How that happened? I do not know, I was enabling and disabling automatic detection in my IE browser a couple of times and it worked all of a sudden but this process has failed on other workstations.

Thansk for the help, really appreciate it.

But why would only my machine work and not the others?

I have a XP home SP2 worksation and all the others are Vista basic SP2 or XP home SP3 and XP Pro SP2 & 3


(in reply to jpdw)
Post #: 14
RE: Auto Discovery Not Working - 11.Jun.2009 10:31:58 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:

I have changed the webproxy auto discovery port back to 80 for the DNS server and I left the DHCP server to http://issachar:8080/wpad.dat


No.  You..can't..do...that.

ISA will only publish the autodetection information on one port,..one,...just one.

ISA is supposed to be listening for "web requests" on 8080
Make sure you have not changed that to 80.

ISA listens web requests on 8080
ISA listens for WPAD script requests on 80
DHCP will use WPAD on any port,...but DNS will not and will only work on 80
Without DNS working with WPAD no Static Machines will work with WPAD leaving only the DHCP Clients.

_____________________________

Phillip Windell

(in reply to jpdw)
Post #: 15
RE: Auto Discovery Not Working - 11.Jun.2009 10:49:38 AM   
jpdw

 

Posts: 43
Joined: 27.Jan.2009
Status: offline
On my Internal Properties of my Netwroks Configuration of ISA

Autodiscovery Port is set to 80 (This is for the DNS if I set this to 8080 as u said, the wpad for DNS wont work for static machines.)

The Web Proxy HTTP Port is set to 8080

The DHCP 252 wpad entry is set to http://issachar:8080/wpad.dat

The DHCP entry was set to http://issachar:80/wpad.dat 
and when it was set as so, I would get a page does not exist error if I typed
http://issachar:80/wpad.dat in my IE browser from any workstation on my network.

But when I changed the DHCP wapd entry to http://issachar:8080/wpad.dat
and typed http://issachar:8080/wpad.dat in IE on any workstation on my network I would get a pop up asking me if I would like to save the wpad.dat file to a certain destination.

Also my workstation is the only workstation on the network where the Autodiscovery in my web browser is working now except the other workstations on the network as a explained in previous post.

Why would it be working like this?


(in reply to jpdw)
Post #: 16
RE: Auto Discovery Not Working - 11.Jun.2009 11:12:54 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok,...for the moment,..forget about DHCP and DNS.  Neiter of those have any effect on typing http://issachar:8080/wpad.dat  or http://issachar80/wpad.dat into a browser and getting the correct response.  You also don't need the http://issachar:80/wpad.dat ,..the 80 is assumed,...all it takes is http://issachar/wpad.dat  and you should get the correct response.

Make sure the auto discovery is on 80 and the Web Proxy is 8080 one more time than reboot the ISA.

I you can't get the correct response with http://issachar/wpad.dat then you are just wasting your time and you aren't going to get anywhere.  There is no point in even reading any further.

When you finally get that part to work correctly,...then handle DNS and DHCP this way.

DNS:
Create a CNAME that points toward the ISA's Host Record.    The name of the CNAME needs to specifically be "wpad" and it must be lower case.

DHCP:
Configure the 252 entry according to the AD Zone name with the "wpad" CNAME.  For example, if your AD Zone is mycompany.loc then the entry would be:  http://wpad.mycompany.loc/wpad.dat .   Notice that I did not put in a port number. 

Now you should be able to type http://wpad.mycompany.loc/wpad.dat into a browse and get the Open/Save prompt

Yes, yes, I know many articles show a port and many show 8080, but I am telling you to ignore that.  You have to remeber that other non-MS proxy servers may listen for web requests on 80 (not 8080 like ISA) and therfore they logically would use 8080 for the autodetection,...and so that is why a lot of material is written the way it is.  Obviously those done that way are only going to work with DHCP Clients because it won't work using DNS which is what you need for Statically addressed clients






_____________________________

Phillip Windell

(in reply to jpdw)
Post #: 17
RE: Auto Discovery Not Working - 11.Jun.2009 11:33:38 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
The technet article provided above shows you what you need to do step-by-step - why not just follow that????



_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to pwindell)
Post #: 18
RE: Auto Discovery Not Working - 11.Jun.2009 11:43:14 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It's because my writng style, grammer, and especially personality is so much more exciting than those dry technet articles  


_____________________________

Phillip Windell

(in reply to Jason Jones)
Post #: 19
RE: Auto Discovery Not Working - 11.Jun.2009 12:44:34 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: pwindell

It's because my writng style, grammer, and especially personality is so much more exciting than those dry technet articles  



I imagined that your patience level was close to breaking point

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to pwindell)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> Auto Discovery Not Working Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts