[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA2004 doesnt authenticate users

Posted on 2006-03-22
5
Medium Priority
?
727 Views
Last Modified: 2012-06-22
SBS SP1, ISA2004 SP1
Just had a problem where ISA stopped access to external web sites.
Monitoring showed Failure by SBS Internet Access Rule.  users were only trying as 'anonymous'
----Log show...
Event Type:      Warning
Event Source:      Microsoft ISA Server Web Proxy
Event Category:      None
Event ID:      14148
Description:
The Web Proxy filter failed to bind its socket to 192.168.1.1 port 80.  This may have been caused by another service that is already using the  same port or by a network adapter that is not functional.  To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties
 indicates the cause of the failure.
0000: 40 27 07 80               @'.?  
---------------------------------------
I have 'fixed' problem by creating a new policy allowing 'all users' to access external via HTTP , HTTPS

--- fails on SBS Internet acccess policy------------------
Original Client IP      Client Agent      Authenticated Client      Service      Server Name      Referring Server      Destination Host Name      Transport      MIME Type      Object Source      Source Proxy      Destination Proxy      Bidirectional      Client Host Name      Filter Information      Network Interface      Raw IP Header      Raw Payload      Source Port      Processing Time      Bytes Sent      Bytes Received      Result Code      HTTP Status Code      Cache Information      Error Information      Log Record Type      Log Time      Destination IP      Destination Port      Protocol      Action      Rule      Client IP      Client Username      Source Network      Destination Network      HTTP Method      URL
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      192.168.1.1      TCP      -      Internet                              -                        0      1      316      390            304       0x40801002      0x180      Web Proxy Filter      22/03/2006 7:37:06 PM      192.168.1.1      80      http      Allowed Connection      SBS Protected Networks Access Rule      192.168.1.59      anonymous      Internal      Local Host      GET      http://192.168.1.1/scripts/tglmenu.js
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -                                    -                        0      1      2244      483            12202 The ISA Server denied the specified Uniform Resource Locator (URL).       0x0      0x0      Web Proxy Filter      22/03/2006 7:37:09 PM      66.102.7.104      80      http      Denied Connection      SBS Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/
192.168.1.59      -                  NEWK            -      TCP                  -      -            -            -      -      -      1897      16      0      2244      0x80074e24             0x0      0x0      Firewall      22/03/2006 7:37:09 PM      66.102.7.104      80      HTTP      Closed Connection      Blocked Web Sites      192.168.1.59      -      Internal      External            
192.168.1.59      -                  NEWK            -      TCP                  -      -            -            -      -      -      1897      16      0      0      0x0             0x0      0x0      Firewall      22/03/2006 7:37:09 PM      66.102.7.104      80      HTTP      Initiated Connection      Blocked Web Sites      192.168.1.59      -      Internal      External            
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      192.168.1.1      TCP      -      Internet                              -                        0      15      317      393            304       0x40801002      0x180      Web Proxy Filter      22/03/2006 7:37:06 PM      192.168.1.1      80      http      Allowed Connection      SBS Protected Networks Access Rule      192.168.1.59      anonymous      Internal      Local Host      GET      http://192.168.1.1/scripts/ibqsearch.js

---- All users allowed ----
Original Client IP      Client Agent      Authenticated Client      Service      Server Name      Referring Server      Destination Host Name      Transport      MIME Type      Object Source      Source Proxy      Destination Proxy      Bidirectional      Client Host Name      Filter Information      Network Interface      Raw IP Header      Raw Payload      Source Port      Processing Time      Bytes Sent      Bytes Received      Result Code      HTTP Status Code      Cache Information      Error Information      Log Record Type      Log Time      Destination IP      Destination Port      Protocol      Action      Rule      Client IP      Client Username      Source Network      Destination Network      HTTP Method      URL
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -      Internet                              -                        0      266      4015      483            200       0x60020000      0x580      Web Proxy Filter      22/03/2006 7:41:24 PM      66.102.7.104      80      http      Allowed Connection      All Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -      Not Modified                              -                        0      1      187      465            0       0x2      0x80      Web Proxy Filter      22/03/2006 7:41:22 PM      192.168.1.1      80      http      Allowed Connection      All Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/intl/en_au/images/logo.gif
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -      Internet                              -                        0      234      4015      353            200       0x60020000      0x580      Web Proxy Filter      22/03/2006 7:41:22 PM      66.102.7.104      80      http      Allowed Connection      All Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/
192.168.1.59      -                  NEWK            -      TCP                  -      -            -            -      -      -      1903      11000      3861      1669      0x80074e20             0x0      0x0      Firewall      22/03/2006 7:41:02 PM      192.168.1.1      445      Microsoft CIFS (TCP)      Closed Connection      Allow access from trusted computers to the Firewall Client installation share on ISA Server      192.168.1.59      -      Internal      Local Host            


But i want to get the probem fixed.
 I have rerun CIEW wizard.
 Had to reapply IP's to HTTP.SYS
 Reset IIS
 Stop MSFireWall
 Restart IIS
0
Comment
Question by:Robberbaron (robr)
  • 2
4 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16284320
Sounds like IIS is using port 80.  Usually you would run your proxy on 8080.  

Open IE on your server and enter http://127.0.0.1:80 in the address bar.  Do you get your local default website? (By default you would... so this is why I would be surprised that ISA EVER worked on port 80).

Jeff
TechSoEasy
0
 
LVL 32

Author Comment

by:Robberbaron (robr)
ID: 16341336
IIS was certainly using 80. ISA on 8080.  It seems the ISA autodetect was clashing. I found a page on M&M SBS site setting it up. They used port 85 (was set to 80). This has fixed my failure to start problem.

Further digging indicates that the consultant never configured ISA for auth access as it breaks an app.
I'm going though the process of isolating and allowing just this one app.

I'll ask for Q to be closed.
thanks
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16352141
Sorry, that was a typo in my response... I had meant to say "Sounds lke "ISA" is using port 80".   Even though you say ISA is on 8080, I would check to make sure that it really is configured that way.

Jeff
TechSoEasy
0
 

Accepted Solution

by:
GranMod earned 0 total points
ID: 16514294
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
Loops Section Overview
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question