Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ISA 2006 gives 12202 error (403 forbidden)

Status
Not open for further replies.

JonathanHaddock

IS-IT--Management
Nov 29, 2007
26
GB
Hi everyone,

I'm new to ISA Server 2006 and have been reading the SAMS Guide (Microsoft ISA Server 2006 Unleashed) to learn up on it.

I've got my SSL certificate installed and have setup the ISA server in unihomed mode (i.e. only 1 network card). According to my book, in unihomed mode all listeners should point to to the All Networks (and localhost) network so I have configured them thus.

Using the Publish a website wizard I've specified a couple of websites to publish. I then test from the ISA server itself and get the following error:

Code:
Denied Connection HANNAH 22/04/2009 14:57:43 
Log type: Web Proxy (Forward) 
Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).  
Rule: Default rule 
Source: Local Host (10.49.248.90) 
Destination: Internal (vle.bartoncourt.org 10.49.160.24:80) 
Request: GET [URL unfurl="true"]http://10.49.160.24/[/URL] 
Filter information: Req ID: 0a70a5c1; Compression: client=No, server=No, compress rate=0% decompress rate=0% 
Protocol: http 
User: anonymous 
 Additional information 
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 ms
MIME type:

For some reason only the Default Rule is being applied (or at least it's the default rule that's blocking my request). Any advice on why this is the case please?

Thanks in advance,
jonathan

Jonathan Haddock
Network Manager
Barton Court Grammar School
 
Speaking from memory on ISA 2004 here, but I believe its pretty much the same for 2006...some of what I mention is required for certificate functionality and will be the same despite the version of ISA:

Ok first, the subject of your certificate needs to match the name you are attempting to access the web site with (this would be the web servers certificate). Second, the ISA server needs to have the web servers certificate and private key installed in its local machine store in order to validate the certificate itself. Third, you should try your damndest to get off a single homed model...not sure if this changed for 2006, but in ISA 2004, this was an unsupportable configuration by MS (well, best effort support anyways). Fourth, the packet you show above is requesting http, and not https. Fifth, the rules are applied in a top down order..meaning, if your most restrictive rule is at the top of your rules list, then it will block all subsequent connections, as it wont bother to read the lower rules....

-Brandon Wilson
MCSE:Security00/03
MCSA:Messaging00
MCSA:Security03
A+

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top