Failed SSL Connections in Log File! (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting



Message


laney0906 -> Failed SSL Connections in Log File! (13.Apr.2005 1:40:00 PM)

Hi all,

Does anyone know why the abvoe error is happening.

It occurs when accessing certain SSL sites through a web proxy client connected to our ISA 2004 Std server.

Most of the sites work ok on SSL expect for certain aspects of the site. The example site is www.ryanair.com. The last stage of using this site requires the site to authorise a credit card connection. When it does this it takes an age to respond and doesn't fully process the request.

The ISA server is configured for anonymous connections due to the fact that we use a 3rd party Web filtering tool

We upstream to another proxy for web access, the ISA is configured to tunnel SSL requests as HTTP

Normal HTTP access in the log displays ok, but when the client intiates an ssl tunnel errors start to appear and failed connections appear in the log

The log shows the following entry when it is taking an age to respond

(client IP) anonymous N 11/04/05 15:51:15 w3proxy ISAPROXY - (upstream proxy address) (upstream proxy address) 8080 - 3308 3915 SSL-tunnel TCP - - - Upstream 995 - Internet Access - Internal External 0x108 Failed

I have replaced the client ip and upstream proxy address for security reasons, but the rest of the log entry is as displayed

This issue did not occur when we ran MS Proxy 2.0 with the upstream server or ISA Server 2000 with the upstream

If anyone can help with this I'd be eternally grateful. As Im beginning to think ISA Server 2004 is quite frankly AWFUL!




kcadmin -> RE: Failed SSL Connections in Log File! (22.Apr.2005 3:59:00 PM)

I'm having a similar issue. It affects only one site, but it's an important one! It fails on the first rule (allow all internal traffic from all users to the ISA server it's self).

Other secure sites work fine. Please help. Log below.

0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) No Proxy ISASERVER securesite.com TCP Internet - - - - - - 0 0 1031 0 10051 0x0 0x40 Web Proxy Filter 4/22/2005 8:38:14 AM destination IP client's ip 443 SSL-tunnel securesite.com:443 anonymous Failed Connection Attempt Allow all internal to Local Host Internal Internal




Guest -> RE: Failed SSL Connections in Log File! (19.May2005 10:03:00 AM)

This has nothing to do with your upstream proxy setup. The problem exists even in the most basic of ISA set ups. Our user's visit a lot of banking / planning / mapping websites. You can imagine the hell we are experiencing when it comes to https websites!




internetuser -> RE: Failed SSL Connections in Log File! (31.May2005 7:18:00 AM)

anybody found a solution to this ?

I find that its only a handful off websites do this, but important ones. which handle important data. hence people are not happy about it going on.




Frank_Bough -> RE: Failed SSL Connections in Log File! (14.Jun.2005 6:32:00 PM)

In internet options, Advanced, select 'use http 1.1 through proxy'.




Page: [1]