• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall Client autoconfig

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall Client autoconfig Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall Client autoconfig - 10.Jan.2005 5:18:00 PM   
Kerry.Kriegel

 

Posts: 30
Joined: 17.Sep.2004
From: Racine, Wisconsin
Status: offline
I have ISA2004 on Win2003 server. I configured the Internal network to autodiscover on port 80 (as I want to use DNS to the clients). While watching the monitor, I could see clients being denied to "get wpad.dat" on port 80. So, even though I told ISA to publish the information, I made an "allow all users, local host, HTTP protocol" rule. Clients were still being denied, so I did a netstat -a | find ":80" and see that ISA is not listening on port 80.

Any ideas?
Post #: 1
RE: Firewall Client autoconfig - 11.Jan.2005 1:45:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Wanman,

Did you enable autodiscovery on that Network? You can do that in the Properties dialog box for the ISA firewall Network from which the results are arriving.

Thanks!
Tom

(in reply to Kerry.Kriegel)
Post #: 2
RE: Firewall Client autoconfig - 12.Jan.2005 12:36:00 AM   
Kerry.Kriegel

 

Posts: 30
Joined: 17.Sep.2004
From: Racine, Wisconsin
Status: offline
Yes. The autodiscover is enabled for port 80. If I open a browser and go to http://isaserver/wpad.dat I receive the "File open or save" dialog box. Same thing for wspad.dat.

(in reply to Kerry.Kriegel)
Post #: 3
RE: Firewall Client autoconfig - 12.Jan.2005 8:36:00 AM   
ianfermo

 

Posts: 235
Joined: 7.Nov.2004
From: Zamboanga, Philippines
Status: offline
Hi,

Try to download autodiscovery script on www.isatools.org

Run this script on ISA box.

Cheers,

(in reply to Kerry.Kriegel)
Post #: 4
RE: Firewall Client autoconfig - 12.Jan.2005 4:58:00 PM   
Kerry.Kriegel

 

Posts: 30
Joined: 17.Sep.2004
From: Racine, Wisconsin
Status: offline
Thanks for the link to the tools. I ran the script and it does not get very far. The output is -

Request: http://wpad/wpad.dat

Status = 401; Unauthorized ( The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. )
WWW-Authenticate: Negotiate
WWW-Authenticate: Kerberos
WWW-Authenticate: NTLM
Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2057

This raises a few points.
1. I do NOT have IIS on the ISA box.
2. I did NOT create a "Web Server Publishing Rule".
3. There is a "System Policy Rule" (out of the box - rule # 30) that is disabled. The name is "Allow MS Firewall Control communication to selected computers". When you look at the description, and the parameters - this name makes no sense.
4. After setting my Internal network to AutoDiscovery and publish on port 80, do I need an additional rule?

Thanks for any help here. I really want to make this autoconfig work.

(in reply to Kerry.Kriegel)
Post #: 5
RE: Firewall Client autoconfig - 13.Jan.2005 11:41:00 PM   
Kerry.Kriegel

 

Posts: 30
Joined: 17.Sep.2004
From: Racine, Wisconsin
Status: offline
Hurray!

Not sure if it is the right answer or not, but IT WORKED.

I created a Publish HTTP server rule and used the ISA server "inside" IP address in my "firewall client" listener on port 80. Autodiscover now works.

(in reply to Kerry.Kriegel)
Post #: 6
RE: Firewall Client autoconfig - 14.Jan.2005 5:54:00 AM   
manguonden

 

Posts: 59
Joined: 10.May2004
From: Viet Nam
Status: offline
quote:
Originally posted by WANMAN:
Hurray!

Not sure if it is the right answer or not, but IT WORKED.

I created a Publish HTTP server rule and used the ISA server "inside" IP address in my "firewall client" listener on port 80. Autodiscover now works.

Hi, WANMAN
My system config you can follow me
1. Config ISA Server
Enable Auto network
2. Config DHCP
Add scope wpad: wpad, string, 252, http://name my server.my domain:port/wpad.dat
3. Config DNS
Add host wpad.my domain
It work fine

(in reply to Kerry.Kriegel)
Post #: 7
RE: Firewall Client autoconfig - 17.Jan.2005 5:26:00 PM   
Kerry.Kriegel

 

Posts: 30
Joined: 17.Sep.2004
From: Racine, Wisconsin
Status: offline
The problem seems to come from the fact that my third part Web Monitoring software (SurfControl) requires that the Internal network have the Require All Users to Authenticate check box checked for name resolution.

By publishing the localhost server on port 80, and creating an allow anyone from Internal access, I seem to have gotten around the problem.

(in reply to Kerry.Kriegel)
Post #: 8
RE: Firewall Client autoconfig - 21.Feb.2005 5:42:00 PM   
jokan7

 

Posts: 19
Joined: 8.May2001
From: Florida - USA
Status: offline
Thanks WanMan,

Your fix worked for me. I also have surfcontrol and couldnt get the autodiscovery to work, and Surfcontrol was no help at all.

Thanks again.

(in reply to Kerry.Kriegel)
Post #: 9
RE: Firewall Client autoconfig - 23.Mar.2005 5:51:00 AM   
Geeth

 

Posts: 2
Joined: 23.Mar.2005
From: Srilanka
Status: offline
Hi All ,
I want to use web proxy client to use with my Proxy server ( ISA 2000 ). I checked all from the below given link. But still i cant understand what is this wpad.dat & where can i save this . what are the contents of this file. If any body have idea of this . PLs reply.

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/automaticdiscovery.mspx

Geeth

(in reply to Kerry.Kriegel)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Firewall Client autoconfig Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts