URL with and without readable information (Full Version)

All Forums >> [ISA 2006 Firewall] >> Logging and Reporting



Message


jtheboywonder -> URL with and without readable information (27.Jan.2011 2:55:37 PM)

I have two questions really from the group:

1. Why is it that for some if not most communication you get a full URL string with CMD, USER, DEVICEID and DEVICETYPE, but on some connections you get a random (I am assuming encrypted or something) set of characters similar to kqcHjOrfaGqNims4ElJneBDcZLdYCU1A= ??? The username still shows, source and destinations still show, and activity still happens, but why is there no insight (unless you read code) on these connections? I am assuming this is a code reference because i can see a couple of patters such as CU1A at the end of the strings and what appears to be an encoded username at the beginning, but how would you view this? Am I overlooking the obvious?

2. With that in mind, I think I am getting an error by certain devices when they attempt to make a connection but wait too long (maybe this is a device setting) all of which have a higher than average processing time (although there are longer connections that are successful) and all of which have the randomized character sting as described above, and give a failed connection attempt of 10054 as listed below? Any ideas on the source of the error and how to see if it really is a problem or an expected behavior?

Log type: Web Proxy (Reverse)
Status: 10054 An existing connection was forcibly closed by the remote host.
Rule: ActiveSync for mobileUsersRule
Source: External (xxx.xxx.xxx.xxx)
Destination: (xxx.xxx.xxx.xxx:443)
Request: POST http://aserver.com/Microsoft-Server-ActiveSync?UAwF4MCQi9DVbHYhfIIrwBGHGbosCU1A=
Filter information: Req ID: 119a25e2; Compression: client=Yes, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: (LDAP)username

Additional information
Client agent:
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x8 (Request includes the AUTHORIZATION header.)
Processing time: 68437 ms
MIME type:




Page: [1]