Welcome to ISAserver.org

Anonymous Access Problems

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> General >> Anonymous Access Problems

Page: [1]

Message

<< Older Topic Newer Topic >>

Anonymous Access Problems - 3.Oct.2003 9:38:00 AM

Red

Posts: 17
Joined: 26.Apr.2002
Status: offline

Hi all again!

Right, having sorted out my DNS, erm, issues (Thanks again spouseele) I now move on to the logging.

At the moment, all access through the Web Proxy is being logged as anonymous. I followed the instructions in this article http://www.isaserver.org/tutorials/disableanonoutbound.html to the word, but as soon as I add "Domain Users" to the Applies To list any attempt to connect to any website gives a Forbidden error message. The rest of the Site & Content Rule is still set exactly as it was when ISA was installed (only a couple of days ago).

As soon as a connection to a website is attempted, I can see the session in ISA with user name as it should be instead of anonymous (GREAT!), but as I said, the page is said to be forbidden. (NOT GREAT!)

Any advice would be gratefully received.

Thanks

Dave

Post #: 1

Featured Links*

RE: Anonymous Access Problems - 3.Oct.2003 11:59:00 AM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Dave,

if something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.

A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called "Firewall and Web Proxy log fields", a must read. Additional information can be found in the following articles:
- http://support.microsoft.com/default.aspx?scid=kb;en-us;284818
- http://support.microsoft.com/default.aspx?scid=kb;en-us;193625
- http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/windows_sockets_error_codes_2.asp

BTW --- which method did you use for getting the DNS working? If you have *not* implemented the DNS caching-only server, then make sure the DNS protocol and site&content rules are still in place.

HTH,
Stefaan

(in reply to Red)

Post #: 2

RE: Anonymous Access Problems - 3.Oct.2003 12:40:00 PM

Red

Posts: 17
Joined: 26.Apr.2002
Status: offline

Hi Stefaan,

Thanks for the info, I'll have an investigate later.

RE the DNS, i went down the route without the cache-only dns server and all the rules are setup as described. Is all working great now and seems really quick. The only problems right now are this logging issue and the fact that any time I restart the ISA machine, I have to restart the DNS Server service on our DC for the DNS forwarding to kick back in. Weird.

thanks for all the advice.

Dave

(in reply to Red)

Post #: 3

RE: Anonymous Access Problems - 3.Oct.2003 1:18:00 PM

spouseele

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline

Hi Dave,

OK, let us know how it goes! [Wink]

Just keep in mind that in the logging Rule#1 = protocol rule and Rule#2 = site&content rule. The other very important field is the Result code.

Another interesting article to read is http://www.isaserver.org/tutorials/The_Mystery_of_the_HTTP_Redirector_and_SiteContent_Rules.html . [Smile]

Concerning your DNS issue, I suggest you post that problem in the topic http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=8;t=000505 . Normally Tom is watching the topics bound to one of his articles.

HTH,
Stefaan

[ October 03, 2003, 01:20 PM: Message edited by: spouseele ]

(in reply to Red)

Post #: 4