Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

problems publishing a library externally over ssl

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> problems publishing a library externally over ssl Page: [1]
Login
Message << Older Topic   Newer Topic >>
problems publishing a library externally over ssl - 2.Oct.2008 7:43:45 AM   
lordasb

 

Posts: 2
Joined: 17.Jun.2008
Status: offline 		Ok trying to work from basics on this.

I have got the following to work inside the school

The internal auto login versions below

http://scr01/oliver/gateway/gateway.exe?application=Oliver&displayform=frame
http://oliver.thomasdeaconacademy.peterborough.sch.uk/oliver/gateway/gateway.exe?application=Oliver&displayform=frame

now the external works at
https://scr01/oliverexternal/gateway/gateway.exe?application=Oliver&displayform=frame
https://oliver.thomasdeaconacademy.peterborough.sch.uk/oliverexternal/gateway/gateway.exe?application=Oliver&displayform=frame

from the wi01 server we get the following

https://10.48.0.16/oliverexternal/gateway/gateway.exe?application=Oliver&displayform=frame

shows the following




There is a problem with this website's security certificate.










The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.






We recommend that you close this webpage and do not continue to this website.






Click here to close this webpage.






Continue to this website (not recommended).













More information

·  If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
·  When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
·  If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.

When you click the link – to go though
Technical Information (for support personnel)

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
https://oliver.thomasdeaconacademy.peterborough.sch.uk/oliverexternal/gateway/gateway.exe?application=Oliver&displayform=frame
shows the following
This problem can be caused by a variety of issues, including:

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
If this is an HTTPS (secure) address, click tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
Now i looked on the wi01 server this is looking to pcc mis for dns

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig

Windows IP Configuration


Ethernet adapter Teamed NIC:

  Connection-specific DNS Suffix  . :
  IP Address. . . . . . . . . . . . : 10.48.0.12
  Subnet Mask . . . . . . . . . . . : 255.255.254.0
  Default Gateway . . . . . . . . . : 10.48.0.1

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

  Host Name . . . . . . . . . . . . : WI01
  Primary Dns Suffix  . . . . . . . :
  Node Type . . . . . . . . . . . . : Unknown
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Teamed NIC:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : HP Network Team #1
  Physical Address. . . . . . . . . : 00-19-BB-35-FA-62
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 10.48.0.12
  Subnet Mask . . . . . . . . . . . : 255.255.254.0
  Default Gateway . . . . . . . . . : 10.48.0.1
  DNS Servers . . . . . . . . . . . : 193.61.85.3
                                      193.61.85.4

C:\Documents and Settings\Administrator>

Which should resolve the oliver.tda.pb.sch.uk to 193.61.85.246, which in turn is asa’ed to 10.48.0.16 via nat, so it hits the .16 address of the isa01 server.

Now i can see traffic hitting the .16 of isa from perimeter network and from my home address of 81.187.168.52 in the logging when doing

Please see attached notepad file for details of connections from wi01 to 10.48.0.16, the first 2 lines show when you hit enter on the address bar in IE, i don’t know why its saying about alan as a rule.

The next few lines are where it trys to offer a connection to the oliver but fails offing the default rule as the one blocking it.

The lissener is setup on port 10.48.0.16 asking for no login details so it should be requested by the oliver system, all this is over a ssl link.

Do you have any ideas? Hope i have given you enough info to understand what i am trying to do.

With thanks
andy


below is the contents of the notepad

Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
10.48.0.12    ISA01 -  TCP -      -    25/09/2008 10:52:20 42612 0 0 0 0x0 ERROR_SUCCESS  0x0 0x0 Firewall - 25/09/2008 11:52:20 10.48.0.16 443 ALaN 80,443 Initiated Connection  10.48.0.12  Perimeter Network Local Host - -
10.48.0.12    ISA01 -  TCP -      -    25/09/2008 10:52:20 42612 0 500 1129 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN  0x0 0x0 Firewall - 25/09/2008 11:52:20 10.48.0.16 443 ALaN 80,443 Closed Connection  10.48.0.12  Perimeter Network Local Host - -
0.0.0.0 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Yes Reverse Proxy ISA01  10.48.0.16 TCP   - -  - Req ID: 0da0cd08; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% - - - 25/09/2008 10:52:31 0 1 2264 303  12202 The ISA Server denied the specified Uniform Resource Locator (URL).  0x0 0x0 Web Proxy Filter  25/09/2008 11:52:31 10.48.0.16 443 https Denied Connection Default rule 10.48.0.12 anonymous Perimeter Network  GET http://10.48.0.16/oliverexternal
10.48.0.12    ISA01 -  TCP -      -    25/09/2008 10:52:32 42621 0 0 0 0x0 ERROR_SUCCESS  0x0 0x0 Firewall - 25/09/2008 11:52:32 10.48.0.16 443 ALaN 80,443 Initiated Connection  10.48.0.12  Perimeter Network Local Host - -
10.48.0.12    ISA01 -  TCP -      -    25/09/2008 10:52:32 42621 0 393 290 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN  0x0 0x0 Firewall - 25/09/2008 11:52:32 10.48.0.16 443 ALaN 80,443 Closed Connection  10.48.0.12  Perimeter Network Local Host - -
10.48.0.12    ISA01 -  TCP -      -    25/09/2008 10:52:32 42622 0 0 0 0x0 ERROR_SUCCESS  0x0 0x0 Firewall - 25/09/2008 11:52:32 10.48.0.16 443 ALaN 80,443 Initiated Connection  10.48.0.12  Perimeter Network Local Host - -
10.48.0.12    ISA01 -  TCP -      -    25/09/2008 10:52:32 42622 0 806 2695 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN  0x0 0x0 Firewall - 25/09/2008 11:52:32 10.48.0.16 443 ALaN 80,443 Closed Connection  10.48.0.12  Perimeter Network Local Host - -


what i cant work out is that the https is not getting carried over from outside to inside.

any advice
thanks
andy
Post #: 1
RE: problems publishing a library externally over ssl - 2.Oct.2008 10:51:32 AM   
lordasb

 

Posts: 2
Joined: 17.Jun.2008
Status: offline 		Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Authentication Server Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322) Yes Reverse Proxy ISA01 http://oliver.thomasdeaconacademy.peterborough.sch.uk/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=3 oliver.thomasdeaconacademy.peterborough.sch.uk TCP   - -  - Req ID: 0eb43168; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=yes - - - 02/10/2008 14:04:10 0 1 2264 477  12202 The ISA Server denied the specified Uniform Resource Locator (URL).  0x0 0x0 Web Proxy Filter  02/10/2008 15:04:10 10.48.0.16 80 http Denied Connection Default rule 81.187.168.50 tda\aba External  GET http://oliver.thomasdeaconacademy.peterborough.sch.uk/

(in reply to lordasb)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> problems publishing a library externally over ssl Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts