Search Results

Search found 407 results on 17 pages for 'isa'.

Page 3/17 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How do I ensure my C# software can access the internet in a Citrix + ISA environment?

    - by TomFromThePool
    Hi everyone, A client recently informed us that deployment of our software in their environment has failed due to a proxy error when the software attempts to access the internet. The client has a combination of Citrix and Microsoft's ISA server. The software allows the use of a proxy and the ability to manually enter authentication information, or automatically retrieve the current system proxy settings. The error returned is the standard 407 authentication error, but the client assures us that they have entered the authentication information required. They have also shown us the snippet of the ISA error logs which identify the client as Anonymous and the authentication protocol as Basic. I have a few questions I suppose: How should I go about dealing with the ISA server in my code? I have no real experience with this environment and am assuming that the ISA server is treated like any other proxy. If I am mistaken, what should I be doing? Does ISA allow the administrator to disallow specific authentication protocols - and if this is the case and 'Basic' auth is disallowed, would it still return a 407 error? Could the Citrix environment have caused this issue? Is there any particular way to ensure that my software will work in such an environment? Code-samples would be much appreciated. I have neither a Citrix test server or an ISA server at my disposal to carry out testing on this so I am currently trying to identify possible causes before I make the case for investment in a more robust testing environment. Thanks for any help!

    Read the article

  • How to configure apache to basic authentication or allow when ntlm while proxying?

    - by trotzim
    Here is my study case: browser --- apache proxy --- ISA server --- internet The ISA server requires an authentication. The issue is to allow HTTPS through the two proxies. A configuration that works with HTTP is something like this: (yes, I don't want to use ProxyPass but ProxyRequests) <virtualhost *:8080> ... SetEnv auth-proxy-chain on ... ProxyRequests On ProxyRemote * http://isaproxy:80 ... <proxy *> AuthName "ISA server auth" AuthType Basic [here a module to authenticate] require valid-user Allow from all </proxy> ... </virtualhost> The user can authenticate on the apache proxy then the authentication chain is sent to the ISA server that allows the HTTP trafic. But, while the browser switchs to HTTPS, the ISA server "speaks" NTLM and breaks the authentication on the apache proxy. If I try to use the SSPI module (ntlm) with something like this: blablabla <proxy *> AuthName "ISA server auth" AuthType ntlm [ SSPI stuff ] Require valid-user Allow from all </proxy> The apache server reject the authentication (or the ISA server I don't really know). I use wireshark to look at the nominal process while using directly the ISA server as proxy. The first auth-chain is a BASIC type then it switchs to NTLM (and the challenge continues with NTLM). How should I configure apache that it transfers the NTLM authentication to the ISA proxy without checking it(*)? Or to rewrite headers to force BASIC authentication? (*) It seems not to be as easy as it seems...

    Read the article

  • ISA 2006 Ent with NLB configuration

    - by Nagori
    Hello We have created to virtual machines and installed ISA 2006 Ent and enable NLB configuration, each machine has two NIC one connected to LAN and other connected to DMZ, we are not able to ping DMZ subnet IP of ISA from another machine which is on same DMZ subnet even though we have diable the all ISA services (including firewall). But we can ping LAN IP from all our internal subnets and this ping is working with ISA services are started or stop status Thank you

    Read the article

  • ISA Proxy server

    - by user59931
    Have a proxy at work that runs Microsoft ISA. i used to be able to connect using 11.10 with firefox no problem at all. i could either put the settings in firefox or the settings in ubuntu network proxy settings. this would give me a connection no problem ( slow due to the work network being really lame) since i upgraded with 12.10 firefox just crashes if i have any proxy settings (manual added the proxy settings). if i connect to a diffrent network without the proxy settings it works fine and doesn't crash i tried chrome to see if that would work... simular problem. chrome doesn't crash but is so slow it just times out all the time and can take 10min for a page to load.... not really sure where to go with this? i have tried a clean install of 12.04 on 2 diffrent computers and also both tried just upgrading from 11.10. Only answer i can see at the moment is role back to 11.10 :( i have tried all sorts like turning of IPv6 to see if that would make any diffrence but no joy... really am lost now. whats weird is the repositys are also really really slow through 12.04. 50 megs took an hour to download (ISA server has Ubuntu rep servers enables without authenication). really am lost

    Read the article

  • How to block bittorrent but allow web surfing using ISA Server?

    - by nray
    Given a public WiFi hotspot behind an ISA Sever and a single Internet address, which rules or content filters would be useful to achieve this configuration? Allow anonymous users to surf the web, chat over IM, and connect to their diffrent workplace VPNs Restrict Bittorrent and other P2P clients from attracting the attention of MediaSentry and others.

    Read the article

  • Are there other application layer firewalls like Microfot TMG (ISA) that do advanced http rules?

    - by Bret Fisher
    Since the old days ISA and now TMG have had several great features that I often want to deploy to my customers because of the enhanced functionality and security, but often the cost of an additinal server HW, Windows Server, and TMG license is too much to justify when compaired to a $300-500 appliance. Are there other gateway firewalls that can perform one or more of these application layer features: pre-auth incoming http traffic against AD/LDAP before sending packets to internal server (forms auth or basic creds popup)? read host headers of incoming http traffic (even on https) to a single public IP and route packets to different internal servers based on that host header?

    Read the article

  • Blocking of certain file downloads

    - by Philip Fourie
    I have a problem where I cannot completely download a certain file from a server. The file is 1.9MB in size but only 68% is downloaded and then it hangs. I tried and these cases, which failed: Downloaded the file with HTTP Downloaded the file with FTP Moved the file to different FTP and web servers behind the ISA firewall Tried with IIS 6.0 & IIS 7.0 Multiple download clients. Which included FireFox, FileZilla (on Windows) and wget (on Linux) This worked: Downloading other files from the same location on the server. Both bigger and smaller and in size than the original. FTP and HTTP worked. Earlier version of this file (.DLL) works. It is as if the content of this file has an influence on this file being served. Network architecture: Client Machine - Internet (ISP) - ISA Server - IIS 7.0 The only constants are the ISP, Cisco router and the ISA server. Is it possible that something is rejecting the download because of the contents of the file? I am hoping ISA is the culprit... I am not a ISA expert is there somewhere I can look to establish if it is indeed ISA causing this? Update: Splitting the file into two parts with a hex editor results in one half of the file being served correctly and the other part not. Zipping the file results in the file being downloaded successfully. However this is not an option for this particular scenario. Renaming the file and its extension also doesn't work. Update 2009/10/22: It does NOT seems to be ISA that is causing this problem. We connected a laptop (running IIS) on an available public IP and still the file download to 68% before it hanged. The two remaining components are the ISP and the Cisco 800 series router. Anyone knows about an issue on the router perhaps?

    Read the article

  • IIS cannot access itself

    - by dave
    We are on a corporate network that uses ISA and I am having issues trying to not have requests go through ISA. I have IIS7 on my local Windows 7 machine that has websites and a service layer. The websites access the service layer using a xxxx.servicelayer.local address that is set up in my HOSTS file to point to 127.0.0.1. I have Windows Firewall client which I have disabled. I have tried both adding this address into IE so that it does not go through ISA and also disabled this section altogether. When the website (which is actually IIS making the request to itself) tries to access the service layer I receive an ISA error that proxy authentication has failed. Considering that everything I can see to configure is set to not go through the proxy, ISA, I cannot see how this is actually going through the proxy and giving this error. Is there something within Windows 7 that forces the proxy setting, some sort of caching or similar?

    Read the article

  • DotNetOpenAuth OpenID on ISA 2006 Reverse Proxy problem

    - by userb00
    I am trying to host my site that uses DotNetOpenAuth (OpenID) behind ISA 2006 (reverse proxy), and after it authenticated with a provider (such as Google), and it returns with a URL with %253A in the URL. However, ISA HTTP filter rejects the request. What I need to do is, on ISA web publishing rule, right click config HTTP policy properties uncheck "Verify Normalization" and it worked. Is this a problem on ISA 2006 generally? Are other firewalls having similar problems? Or, is it an OpenID or DotNetOpenAuth issue? Is it safe to disable Normalization checking on ISA? According to MSDN, quote "Web servers receive requests that are URL encoded. This means that certain characters may be replaced with a percent sign (%) followed by a particular number. For example, %20 corresponds to a space, so a request for http://myserver/My%20Dir/My%20File.htm is the same as a request for http://myserver/My Dir/My File.htm. Normalization is the process of decoding URL-encoded requests. Because the % can be URL encoded, an attacker can submit a carefully crafted request to a server that is basically double-encoded. If this occurs, Internet Information Services (IIS) may accept a request that it would otherwise reject as not valid. When you select Verify Normalization, the HTTP filter normalizes the URL two times. If the URL after the first normalization is different from the URL after the second normalization, the filter rejects the request. This prevents attacks that rely on double-encoded requests. Note that while we recommend that you use the Verify Normalization function, it may also block legitimate requests that contain a %."

    Read the article

  • Error accessing uncompiled pages using ISA Server 2006 SP1

    - by Bravax
    We are in the processing of configuring a portal to use ISA Server as our front end security provider. So we are using ISA Server 2006 SP1. Unfortunately when we access .net applications through ISA Server, the first time they are accessed. i.e. They are not compiled yet, the following error appears: Error Code: 500 Internal Server Error. The parameter is incorrect. (87) In the ISA Monitoring logs, this shows: Failed Connection Attempt Log type: Web Proxy (Reverse) Status: 87 The parameter is incorrect. Once the application is compiled, the error never appears. Does anyone know how to resolve this, so the site works correctly the first time? Some additional information: The websites accessed are running on windows server 2008 64 bit - standard edition, and occurs for Sharepoint as well as standard .net websites. ISA Server is running on Windows server 2003 R2 SP2 Standard eidtion The firewall on the windows server 2008 box allows all access. (To rule this out.) Nothing odd appears in the IIS logs or firewall logs.

    Read the article

  • Can I get sensible labels for lm-sensors output for "applesmc-isa-0300"?

    - by TK Kocheran
    2011 8,3 Macbook Pro running 64bit 11.10. When I run sensors from the lm-sensors package, I get a lot of information, but no way to understand it: coretemp-isa-0000 Adapter: ISA adapter Physical id 0: +53.0°C (high = +86.0°C, crit = +100.0°C) Core 0: +53.0°C (high = +86.0°C, crit = +100.0°C) Core 1: +52.0°C (high = +86.0°C, crit = +100.0°C) Core 2: +50.0°C (high = +86.0°C, crit = +100.0°C) Core 3: +49.0°C (high = +86.0°C, crit = +100.0°C) applesmc-isa-0300 Adapter: ISA adapter Left side : 2001 RPM (min = 2000 RPM) Right side : 2001 RPM (min = 2000 RPM) TB0T: +33.2°C TB1T: +33.2°C TB2T: +29.0°C TC0C: +52.8°C TC0D: +47.2°C TC0E: +51.8°C TC0F: +53.0°C TC0J: +1.0°C TC0P: +44.5°C TC1C: +52.0°C TC2C: +52.0°C TC3C: +52.0°C TC4C: +52.0°C TCFC: +0.2°C TCGC: +51.0°C TCSA: +52.0°C TCTD: +0.0°C TG0D: +44.5°C TG0P: +43.2°C THSP: +37.5°C TM0S: +57.5°C TMBS: +0.0°C TP0P: +50.0°C TPCD: +55.0°C The core temp info is really useful and I'm pretty sure that Left/Right Side refers to the two fans within, but otherwise, I have no idea what this information means. Is there something I can use to normalize this information?

    Read the article

  • Unable to Sign in to the Microsoft Online Services Signin application from Windows 7 client located behind ISA firewall

    - by Ravindra Pamidi
    A while ago i helped a customer troubleshoot authentication problem with Microsoft Online Services Signin application.  This customer was evaluating Microsoft BPOS (Business Productivity Online Services) and was having trouble using the single sign on application behind ISA 2004 firewall.The network structure is fairly simple with single Windows 2003 Active Directory domain and Windows 7 clients. On a successful logon to the Microsoft Online Services Signin application, this application provides single signon functionality to all of Microsoft online services in the BPOS package. Symptoms:When trying to signin it fails with error "The service is currently unavailable. Please try again later. If problems continue, contact your service administrator". If ISA 2004 firewall is removed from the picture the authentication succeeds.Troubleshooting: Enabled ISA Server firewall logging along with Microsoft Network Monitor tool on the Windows 7 Client while reproducing the issue. Analysis of the ISA Server Firewall logs and Microsoft Network capture revealed that the Microsoft Online Services Sign In application when sending request to ISA Server does not send the domain credentials and as a result ISA Server responds with an error code of HTTP 407 Proxy authentication required listing out the supported authentication mechanisms.  The application in question is expected to send the credentials of the domain user in response to this request. However in this case, it fails to send the logged on user's domain credentials. Bit of researching on the Internet revealed that The "Microsoft Online Services Sign In" application by default does not support Outbound Internet Proxy authentication. In order for it to send the logged on user's domain credentials we had to make  changes to its configuration file "SignIn.exe.config" located under "Program Files\Microsoft Online Services\Sign In" folder. Step by Step details to configure the configuration file are documented on Microsoft TechNet website given below.  Configure your outbound authenticating proxy serverhttp://www.microsoft.com/online/help/en-us/helphowto/cc54100d-d149-45a9-8e96-f248ecb1b596.htm After the above problem was addressed we were still not able to use the "Microsoft Online Services Sign In" application and it failed with the same error.  Analysis of another network capture revealed that the application in question is now sending the required credentials and the connection seems to terminate at a later stage. Enabled verbose logging for the "Microsoft Online Services Sign In" application and then reproduced the problem. Analysis of the logs revealed a time difference between the local client and Microsoft Online services server of around seven minutes which is above the acceptable time skew of five minutes. Excerpt from Microsoft Online Services Sign In application verbose log:  1/26/2012 1:57:51 PM Verbose SingleSignOn.GetSSOGenericInterface SSO Interface URL: https://signinservice.apac.microsoftonline.com/ssoservice/UID1/26/2012 1:57:52 PM Exception SSOSignIn.SignIn The security timestamp is invalid because its creation time ('2012-01-26T08:34:52.767Z') is in the future. Current time is '2012-01-26T08:27:52.987Z' and allowed clock skew is '00:05:00'.1/26/2012 1:57:52 PM Exception SSOSignIn.SignIn  Although the Windows 7 Clients successfully synchronized time to the domain controller for the domain, the domain controller was not configured to synchronize time with external NTP servers. This caused a gradual drift in time on the network thus resulting in the above issue. Reconfigured the domain controller holding the PDC FSMO role to synchronize time with external time source ( time.nist.gov ) and edited the system policy on the ISA server firewall to allow NTP traffic to time.nist.gov Configure the time source for the forest:Windows Time Servicehttp://technet.microsoft.com/en-us/library/cc794937(WS.10).aspx Forced synchronization of Windows time using the command w32tm /resync on the domain controller and later on the clients each of which had corrected the seven minutes difference. This resolved the problem with logon to Microsoft Online Services Sign In.

    Read the article

  • Windows Media Player 11 fails to authenticate with proxy (ISA)

    - by Ed Manet
    We have some users who need to use a 3rd party site that embeds Windows Media Player streaming video into a web page. Our users go through an ISA proxy server to connect to the Internet. The browser has no problems accessing the site through the proxy. When Media Player loads, we get prompted for network credentials, but the authentication fails. If we set up Internet Explorer 8 to not use the proxy, Media Player has no problem. Media Player is configured to use the RTSP/TCP and HTTP protocols, but not the RTSP/UDP protocol. Is this necessary? Is there a registry key I can use to enable it? Is this more of a proxy server issue? The proxy guy says it's a desktop issue.

    Read the article

  • iis not listening on port 80

    - by user57467
    We have server 2003 and ISA 2004 with IIS 6 on same machnie. Everything worked well till yesterday, when we try to make some new rule in ISA..but this is a long story... Unfortunatelly something happend with our intranet site. Our site is on the port 80, but if we try to open on this client machines then we got and error page (which error page is our provider): 403-forbidden; Remote host not listening, the remote host is not prepared to acceppt the connection request. On the server i can open the site with port 80. If i change the port number in the iis and try to open the site with the port, then works well. I try to shut down IIS and start apache with a simple page. On the server works well but in clients the problem is the same, so i think this is not an IIS related problem. In the ISA we have a web pub rule, with port 80, no auth. Im pulling out my hair, please help. after uninstall and reinstall ISA, de sites work well, till i configure the upstream proxy in the conf/network/web chaining menu and then everything went same... So something wrong with the web-proxy / upstream function... (all my http request forward to my upstream proxy). That was the set long time ago...but a few day ago somehing went wrong... I think maybee our ISP spoiled something..tomorrow i try to figure out... But one more thing: I make a new rule before the default rule in the conf/network/web chaining menu. Every request go to the server not redirected.. Redirect to upstream server.... So if the request goes to our server (our site) then handled locally, and if not then go to upstream proxy and voilllaaa....i tougth... But unfortunatelly: our website work well, but internet work extreamly slowly..:( Maybee with single adapter i can made this? I have to handle all request locally or i have to send all to upstream? I cant filter it?

    Read the article

  • Is it possible to configure TMG to impersonate a domain user for anonymous requests to a website?

    - by Daniel Root
    I would like to configure Forefront Threat Management Gateway (formerly ISA server) to impersonate a specific domain user for any anonymous request to a particular listener. For example, for any anonymous request to http://www.mycompany.com, I would like to serve up http://myinternal as though MYDOMAIN/GuestAccount were accessing the site. Is this even possible in ISA/TMG? If so, where do I go to configure this?

    Read the article

  • iis not listening on port 80

    - by Holian
    Hello, We have server 2003 and ISA 2004 with IIS 6 on same machnie. Everything worked well till yesterday, when we try to make some new rule in ISA..but this is a long story... Unfortunatelly something happend with our intranet site. Our site is on the port 80, but if we try to open on this client machines then we got and error page (which error page is our provider): 403-forbidden; Remote host not listening, the remote host is not prepared to acceppt the connection request. On the server i can open the site with port 80. If i change the port number in the iis and try to open the site with the port, then works well. I try to shut down IIS and start apache with a simple page. On the server works well but in clients the problem is the same, so i think this is not an IIS related problem. In the ISA we have a web pub rule, with port 80, no auth. Im pulling out my hair, please help.

    Read the article

  • sensors reporting weird temperatures

    - by Felix
    lm-sensors is reporting weird temps for me: $ sensors coretemp-isa-0000 Adapter: ISA adapter Core 0: +38.0°C (high = +72.0°C, crit = +100.0°C) coretemp-isa-0001 Adapter: ISA adapter Core 1: +35.0°C (high = +72.0°C, crit = +100.0°C) coretemp-isa-0002 Adapter: ISA adapter Core 2: +32.0°C (high = +72.0°C, crit = +100.0°C) coretemp-isa-0003 Adapter: ISA adapter Core 3: +42.0°C (high = +72.0°C, crit = +100.0°C) w83627dhg-isa-0290 Adapter: ISA adapter Vcore: +1.10 V (min = +0.00 V, max = +1.74 V) in1: +1.62 V (min = +0.06 V, max = +0.17 V) ALARM AVCC: +3.34 V (min = +2.98 V, max = +3.63 V) VCC: +3.34 V (min = +2.98 V, max = +3.63 V) in4: +1.83 V (min = +1.30 V, max = +1.15 V) ALARM in5: +1.26 V (min = +0.83 V, max = +1.03 V) ALARM in6: +0.11 V (min = +1.22 V, max = +0.56 V) ALARM 3VSB: +3.30 V (min = +2.98 V, max = +3.63 V) Vbat: +3.18 V (min = +2.70 V, max = +3.30 V) fan1: 0 RPM (min = 0 RPM, div = 128) ALARM fan2: 1117 RPM (min = 860 RPM, div = 8) fan3: 0 RPM (min = 10546 RPM, div = 128) ALARM fan4: 0 RPM (min = 10546 RPM, div = 128) ALARM fan5: 0 RPM (min = 10546 RPM, div = 128) ALARM temp1: +88.0°C (high = +20.0°C, hyst = +4.0°C) ALARM sensor = diode temp2: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = diode temp3: +121.5°C (high = +80.0°C, hyst = +75.0°C) ALARM sensor = thermistor cpu0_vid: +2.050 V Please note temp3. How can I know what temp3 is, and why it is so high? The system is really stable (which I guess it wouldn't be at those temps). Also, note the really decent core temps, which suggest a healthy system as well. My guess is that the readout is wrong. On another computer it reported temperatures below 0 degrees centigrade, which was not possible, considering the environment temperature of ~22-24. Is this some known bug/issue? Should I try some Windows programs (like CPU-Z) and see they give similar results?

    Read the article

  • AuthResend query string being appended to URL

    - by Alastair Pitts
    One of our clients is having an issue where POSTBACK seems to be broken when they connect to our Sharepoint application. When they navigate to a URL, an erroneous query string gets appended to the URL, so the end of the URL becomes: .../default.aspx&AuthResend1908BC2350124b5095AB75012FA405BA this isn't something that appears on any other clients computers or ours internally. This is the only difference and it seems to be breaking their pages. I had a quick Google and it seems that it's to do with a Microsoft ISA server, but I have no experience with that. Is this a bug or setting on their ISA server?

    Read the article

  • Two VPN (internet) connections rounting (win2003)

    - by tmp3128
    Here is my setup: - win2003 server (ISA installed) with 3 NICs:   1) internal network   2) ISP 1 (default) network (DHCP enabled)   3) ISP 2 (backup) network (DHCP enabled) - several "normal" PC within internal net - one "special" PC within internal net Both ISP 1 and ISP 2 provide access to internet and their resources thru their VPN connections. The goal is to enable all "normal" PCs to use internet from ISP_1's VPN connection and "special" should use only ISP_2's VPN connection. Futhermore all "normal" and "special" PCs should have access to several servers accesible only thru ISP_2's VPN connection. I have some thoughts how to achieve this but I want to be certain because everything should be configured as quickly as posible, avoiding significant downtime. windows-server-2003 isa routing vpn

    Read the article

  • Can arbitrary email addresses be stored in AD userPrincipalName?

    - by Rob Potter
    I have a web app that is front-ended by ISA, natively authenticating against AD. All users currently log on with sAMAccountName. I would like to allow users to provide a personal email address and be able to authenticate against this instead. From what I understand the AD userPrincipalName is typically used for an internally generated logon name, which by convention, is often their internally generated email address. The web app that I have is web scale (circa 3 million accounts*) and not an internal, corporate app, so the email addresses will be from diverse domains. Can I just set the AD userPrincipalName attribute to the user's email address, and then will ISA natively authenticate against this attribute instead? I heard rumours of AD having a maximum number of domain suffixes that it allows in AD userPrincipalName...? (presumably it catalogues them). [*I realise that AD is not the ideal authentication directory for a user population of this scale.]

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >