It is only using http to download the update files. The old proxy server was
a single NIC ISA 2004 proxy server.... now we have a new server running ISA
2006 with dual NIC's and is providing firewall capabilities also.
There is no authentication required on the proxy server at this point... but
it will be required soon... In anticipation of this I have created a separate
allowing unauthenticated internet access.
Post by Phillip WindellYou won't be able to require it. It will have to stay without
authentication.
You will need run it throught the SecureNAT Service which doesn't require
anything beyond having the ISA in the LAN's "routing path" to the Internet.
The Rule should limit the source and destinations to the specific IP#s
involved and the Users portion of the Rule will need to be "All Users",..you
have no choice about that,..it must be "All Users".
You might be able to use the Firewall Client Software on the Server and let
it run against the same Access Rule,..this would allow the machine to not
have ISA in the LAN's "routing path" to the Internet,...but personally, I
think you best bet is going to be the SecureNAT Service.
With ISA2004 I have real doubts that it was really working [as you think it
was]. Because it was a single Nic ISA you therefore would have had a
Firewall on the LAN that was most likely the Default Gateway of the machine
or the Firewall was in the LAN's "routing path" to the Internet. The whole
"proxy setting thing" on the server was probably just flat out
failing,..which means the server would send the web request directly to the
Firewall which allowed it out to the Internet, effectively "ignoring" the
ISA,...so you would have no "visible" indication that it was not working as
you expected. But now that the ISA is running in a more proper dual nic
mode there is no way to "get around" the ISA if things fail becuase the ISA
is litterally physically "in the way",...so now when it fails it is visibly
obvious.
1. CERN Compliant Web Poxy
2. Winsock Proxy
3. NAT Server (same as typical "hardware firewalls")
It is all three types of Firewalls all rolled into a single product. Which
"component" of ISA that you use depends on how you setup the Client and the
ISA to interact with each other. It is possible for a Client to work as all
three types at the same time and will switch between the "modes" uniquely
for each connection "session" that the Client is involved in at the moment.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
Post by PhilScottCan I just say that this is now starting to go off in the wrong tangent. The
problem is not with my ISA Firewall or my rules or how it accesses the
Internet. The problem is with my server and this application.
The application on this server is trying to send HTTP requests for automatic
updates to a proxy server that now no longer exists. I am trying to update
this server with the new proxy server settings for the LOCALSYSTEM account
(no other account is affected), but every attempt is failing. There are no
problems with accessing the Internet on this server once I am logged in, but
when NO ONE is logged in and it is trying to update the application
automatically it uses the LOCALSYSTEM account (the account to which the
application's service runs!) to download updates. The LOCALSYSTEM Proxy
(settings in the registry key mentioned previously) is set to the OLD ISA
SERVER. NO HTTP REQUESTS ARE HITTING OUR CURRENT ISA SERVER AT ALL. Are you
able to help me with this?
Post by Phillip WindellThen I guess not.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Hi,
I had the same issue with old proxy settings on my production servers
in the
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings. If I deleted or change the proxy server key it would
repopulate on reboot. I resolved the issue by exporting the
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
settings from a from a known good new server build. Deleting the
problematic internet setting keys and sub keys (after a backup), then
importing the known good registry settings.
Regards Sapper
--
Sapper
------------------------------------------------------------------------
Sapper's Profile: http://forums.techarena.in/members/sapper.htm
View this thread: http://forums.techarena.in/windows-server-help/1043388.htm
http://forums.techarena.in
Post by SapperHi Everyone,
Just an update, the above registry import worked for a while but after
a few days the behaviour reoccurred.
We finally had success with the following.
? Searched the sysvol on our DC for cs folder
? Found Connect.set & cs.dat files in the cs folder.
? Identified the policy ID that the files belonged to
\\servername\sysvol\domainname\Policies\{1FB2E411-2CEF-4324-9C04-730889F5A071}\User\MICROSOFT\IEAK\BRANDING\cs.
? Identified the policy within AD
? Removed and recreated the policy
On the servers that were affected
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\DefaultConnectionSettings
Clear the ProxyEnable & ProxyServer Values
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings
Reboot server and check the .default registry settings.
Regards
Sapper
--
Sapper
------------------------------------------------------------------------
Sapper's Profile: http://forums.techarena.in/members/sapper.htm
View this thread: http://forums.techarena.in/windows-server-help/1043388.htm
http://forums.techarena.in
Post by SapperHi Everyone,
Just an update, the above registry import worked for a while but after
a few days the behaviour reoccurred.
We finally had success with the following.
? Searched the sysvol on our DC for cs folder
? Found Connect.set & cs.dat files in the cs folder.
? Identified the policy ID that the files belonged to
\\servername\sysvol\domainname\Policies\{1FB2E411-2CEF-4324-9C04-730889F5A071}\User\MICROSOFT\IEAK\BRANDING\cs.
? Identified the policy within AD
? Removed and recreated the policy
On the servers that were affected
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\DefaultConnectionSettings
Clear the ProxyEnable & ProxyServer Values
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings
Reboot server and check the .default registry settings.
Regards
Sapper
--
Sapper
------------------------------------------------------------------------
Sapper's Profile: http://forums.techarena.in/members/sapper.htm
View this thread: http://forums.techarena.in/windows-server-help/1043388.htm
http://forums.techarena.in
Submitted via EggHeadCafe
Microsoft SQL Server Developer For Beginners
http://www.eggheadcafe.com/training-topic-area/SQL-Server-Developer/5/SQL-Server.aspx