Robberbaron (robr)
asked on
ISA2004 doesnt authenticate users
SBS SP1, ISA2004 SP1
Just had a problem where ISA stopped access to external web sites.
Monitoring showed Failure by SBS Internet Access Rule. users were only trying as 'anonymous'
----Log show...
Event Type: Warning
Event Source: Microsoft ISA Server Web Proxy
Event Category: None
Event ID: 14148
Description:
The Web Proxy filter failed to bind its socket to 192.168.1.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties
indicates the cause of the failure.
0000: 40 27 07 80 @'.?
-------------------------- ---------- ---
I have 'fixed' problem by creating a new policy allowing 'all users' to access external via HTTP , HTTPS
--- fails on SBS Internet acccess policy------------------
Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 192.168.1.1 TCP - Internet - 0 1 316 390 304 0x40801002 0x180 Web Proxy Filter 22/03/2006 7:37:06 PM 192.168.1.1 80 http Allowed Connection SBS Protected Networks Access Rule 192.168.1.59 anonymous Internal Local Host GET http://192.168.1.1/scripts/tglmenu.js
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - - 0 1 2244 483 12202 The ISA Server denied the specified Uniform Resource Locator (URL). 0x0 0x0 Web Proxy Filter 22/03/2006 7:37:09 PM 66.102.7.104 80 http Denied Connection SBS Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/
192.168.1.59 - NEWK - TCP - - - - - - 1897 16 0 2244 0x80074e24 0x0 0x0 Firewall 22/03/2006 7:37:09 PM 66.102.7.104 80 HTTP Closed Connection Blocked Web Sites 192.168.1.59 - Internal External
192.168.1.59 - NEWK - TCP - - - - - - 1897 16 0 0 0x0 0x0 0x0 Firewall 22/03/2006 7:37:09 PM 66.102.7.104 80 HTTP Initiated Connection Blocked Web Sites 192.168.1.59 - Internal External
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 192.168.1.1 TCP - Internet - 0 15 317 393 304 0x40801002 0x180 Web Proxy Filter 22/03/2006 7:37:06 PM 192.168.1.1 80 http Allowed Connection SBS Protected Networks Access Rule 192.168.1.59 anonymous Internal Local Host GET http://192.168.1.1/scripts/ibqsearch.js
---- All users allowed ----
Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - Internet - 0 266 4015 483 200 0x60020000 0x580 Web Proxy Filter 22/03/2006 7:41:24 PM 66.102.7.104 80 http Allowed Connection All Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - Not Modified - 0 1 187 465 0 0x2 0x80 Web Proxy Filter 22/03/2006 7:41:22 PM 192.168.1.1 80 http Allowed Connection All Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/intl/en_au/images/logo.gif
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - Internet - 0 234 4015 353 200 0x60020000 0x580 Web Proxy Filter 22/03/2006 7:41:22 PM 66.102.7.104 80 http Allowed Connection All Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/
192.168.1.59 - NEWK - TCP - - - - - - 1903 11000 3861 1669 0x80074e20 0x0 0x0 Firewall 22/03/2006 7:41:02 PM 192.168.1.1 445 Microsoft CIFS (TCP) Closed Connection Allow access from trusted computers to the Firewall Client installation share on ISA Server 192.168.1.59 - Internal Local Host
But i want to get the probem fixed.
I have rerun CIEW wizard.
Had to reapply IP's to HTTP.SYS
Reset IIS
Stop MSFireWall
Restart IIS
Just had a problem where ISA stopped access to external web sites.
Monitoring showed Failure by SBS Internet Access Rule. users were only trying as 'anonymous'
----Log show...
Event Type: Warning
Event Source: Microsoft ISA Server Web Proxy
Event Category: None
Event ID: 14148
Description:
The Web Proxy filter failed to bind its socket to 192.168.1.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties
indicates the cause of the failure.
0000: 40 27 07 80 @'.?
--------------------------
I have 'fixed' problem by creating a new policy allowing 'all users' to access external via HTTP , HTTPS
--- fails on SBS Internet acccess policy------------------
Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 192.168.1.1 TCP - Internet - 0 1 316 390 304 0x40801002 0x180 Web Proxy Filter 22/03/2006 7:37:06 PM 192.168.1.1 80 http Allowed Connection SBS Protected Networks Access Rule 192.168.1.59 anonymous Internal Local Host GET http://192.168.1.1/scripts/tglmenu.js
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - - 0 1 2244 483 12202 The ISA Server denied the specified Uniform Resource Locator (URL). 0x0 0x0 Web Proxy Filter 22/03/2006 7:37:09 PM 66.102.7.104 80 http Denied Connection SBS Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/
192.168.1.59 - NEWK - TCP - - - - - - 1897 16 0 2244 0x80074e24 0x0 0x0 Firewall 22/03/2006 7:37:09 PM 66.102.7.104 80 HTTP Closed Connection Blocked Web Sites 192.168.1.59 - Internal External
192.168.1.59 - NEWK - TCP - - - - - - 1897 16 0 0 0x0 0x0 0x0 Firewall 22/03/2006 7:37:09 PM 66.102.7.104 80 HTTP Initiated Connection Blocked Web Sites 192.168.1.59 - Internal External
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 192.168.1.1 TCP - Internet - 0 15 317 393 304 0x40801002 0x180 Web Proxy Filter 22/03/2006 7:37:06 PM 192.168.1.1 80 http Allowed Connection SBS Protected Networks Access Rule 192.168.1.59 anonymous Internal Local Host GET http://192.168.1.1/scripts/ibqsearch.js
---- All users allowed ----
Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - Internet - 0 266 4015 483 200 0x60020000 0x580 Web Proxy Filter 22/03/2006 7:41:24 PM 66.102.7.104 80 http Allowed Connection All Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - Not Modified - 0 1 187 465 0 0x2 0x80 Web Proxy Filter 22/03/2006 7:41:22 PM 192.168.1.1 80 http Allowed Connection All Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/intl/en_au/images/logo.gif
0.0.0.0 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Proxy NEWK - 66.102.7.104 TCP - Internet - 0 234 4015 353 200 0x60020000 0x580 Web Proxy Filter 22/03/2006 7:41:22 PM 66.102.7.104 80 http Allowed Connection All Internet Access Rule 192.168.1.59 anonymous Internal External GET http://66.102.7.104/
192.168.1.59 - NEWK - TCP - - - - - - 1903 11000 3861 1669 0x80074e20 0x0 0x0 Firewall 22/03/2006 7:41:02 PM 192.168.1.1 445 Microsoft CIFS (TCP) Closed Connection Allow access from trusted computers to the Firewall Client installation share on ISA Server 192.168.1.59 - Internal Local Host
But i want to get the probem fixed.
I have rerun CIEW wizard.
Had to reapply IP's to HTTP.SYS
Reset IIS
Stop MSFireWall
Restart IIS
ASKER
IIS was certainly using 80. ISA on 8080. It seems the ISA autodetect was clashing. I found a page on M&M SBS site setting it up. They used port 85 (was set to 80). This has fixed my failure to start problem.
Further digging indicates that the consultant never configured ISA for auth access as it breaks an app.
I'm going though the process of isolating and allowing just this one app.
I'll ask for Q to be closed.
thanks
Further digging indicates that the consultant never configured ISA for auth access as it breaks an app.
I'm going though the process of isolating and allowing just this one app.
I'll ask for Q to be closed.
thanks
Sorry, that was a typo in my response... I had meant to say "Sounds lke "ISA" is using port 80". Even though you say ISA is on 8080, I would check to make sure that it really is configured that way.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open IE on your server and enter http://127.0.0.1:80 in the address bar. Do you get your local default website? (By default you would... so this is why I would be surprised that ISA EVER worked on port 80).
Jeff
TechSoEasy