?
Solved

error code 64

Posted on 2006-05-22
14
Medium Priority
?
971 Views
Last Modified: 2013-11-16
dear all,

with the refrence to this URL :-

http://www.experts-exchange.com/Security/Firewalls/Q_21483635.html

i have the same Problem .

here is my setup :-
--------------------

 I have an ISA 2004 Server SP 2, (  but i do not know if its  setup  as a Proxy Server or as a firewall), and a Fortigate firewall.

the ISA Server Work as Secure NAT or NAT Client for the Fortigate.

the Fortigate - Internal IP Address is :-  192.168.1.100 / 24 .

The ISA Server Has 2 Nic as the Following :-

1- First Nic have this IP ( 172.16.1.3 / 16 , No GW ), and its Connected to OUR LAN.
2- Second NIC Have this IP ( 192.168.1.22 / 24 , GW 192.168.1.100 , DNS 213.255.237.11 ). this is ISP DNS.
3- All the Clients Gateway is 172.16.1.3
4- All the Clients are configured to work as Web Proxy client , and not Firewall Client . " by putting the ISA internal IP on Proxy server in the Web Browser " .

The ISA is ISA 2004 Std SP2.


  My problem is that certain links on sites will not work and come up as page cannot be displayed.  For example when logging into yahoo mail, I go and click the inbox and it times out.  Several other sites including ebay do it as well.  I believe it is a problem with "redirecting pages" and the ISA is screwing something up.

 When bypassing the ISA server it works fine (while still going through the Fortigate ).  So the problem lies with the ISA.  Also this is a network issue and not individual machines, al machines are doing this.  Any suggestions or comments?  Anyone seeing this problem too?  

Extra info:
ISA 2004 is one a WIndows 2003, SP1 machine.  
This is what the page says:
 
"""Network Access Message: The page cannot be displayed  
 
Explanation: The request timed out before the page could be retrieved.

Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
Contact website: You may want to contact the website administrator to make sure the Web page still exists. You can do this by using the e-mail address or phone number listed on the website home page.
If you are still unable to view the requested page, try contacting your administrator or Helpdesk.
 
Technical Information (for support personnel)
Error Code 64: Host not available
Background: The gateway or proxy server lost connection to the Web server.
Date: 7/7/2005 8:32:30 PM
Server: isa1.peabody-ma.gov
Source: Remote server  """

i tried the registry solution but it still.

0
Comment
Question by:rolamohammed
  • 6
  • 4
10 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16744836
If its secureNAT, its a firewall. You cannot use SecureNAT with Proxy only... It would crawl into a corner and curl up.

You say all clients are web proxy so you are using port 8080 in your IE settings as opposed to transparent proxy that uses port 80?

I would be interested in your rules here.
What are your outgoing rules? Are you allowing access for everyone of restricting by user groups/AD? machine? IP addresses?

Cheers
keith
ISA MCT
0
 

Author Comment

by:rolamohammed
ID: 16745697
Thanks for your reply.

what do you mean by :-

if its secureNAT, its firewall ?

what do you mean ?

i made access rule to open internet for all users without any restriction , please help .
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16745730
You stated that you did not know if you are in proxy or firewall mode. SecureNAT cannot work with ISA in a Proxy configuration, only in firewall configuration.

Is your access rule at position 1 in the list?
What protocols have you put in your access rule? All protocols/traffic?

What bandwidth internet connection do you have?
What is the router outside of your ISA server that connects you to the Internet?
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16764397
Any update?
0
 

Author Comment

by:rolamohammed
ID: 16774339
512 / 128

the total users who is using it is :-

70 Users

please update me
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16774952
No, you need to update me first Rola.

As above, Is your access rule at position 1 in the list?
What protocols have you put in your access rule? All protocols/traffic?
0
 

Author Comment

by:rolamohammed
ID: 16783093
here is a complete senario

============

 in My company some Problems with My ISA SERVER 2004 Std.



First Part is Talking about How is My Infrastructure Going on .

Second Part is The 2  Problems which is i am Facing it & some solutions recommended .



First Part:-

1- I have here ISA server 2004 Std with 2 NIC. the First NIC is Connected to My HW Firewall which is Fortigate from Fortinet like CISCO PIX Firewall , with this IP Address :- ( 192.168.1.20 / 24 , DGW : 192.168.1.100 , DNS: 213.255.237.8 ) .

2- The IP-Address of Fortigate is 192.168.1.100.

3- The Second Nic of ISA is have this IP-Address ( 172.16.1.3 / 16 , No GW , DNS 172.16.1.1 " Local " ).

4- All the Clients are connected to ISA Server as NAT Clients " Secure NAT Client ", so all the Clients have the Internal IP Address of ISA as there GW.

5- All the Clients also, Connected to Internet through WEB Proxy as well, " All clients have 172.16.1.3 in the Web Browser it self ".

6- My E-mail server is Hosted OUTSIDE on MY ISP and all of the Users are using POP3 Accounts  & we do not have at all any Internal Mail Server like Exchange server in My Company .

7- On ISA Server i have the following Roles in its order as i will mention it Now :-



   7.1- First Role is to Open Internet for All Users .

   7.2- Second Role is To Publish Our POP3 Server which we are connect to it From " Internal " to " External ".

   

---------------------------------------------------------------------------------------------------------------

Second Part : what is the Problems which we have :-



1- we were have delay - big delay in browsing internet - and we correct by some modification in Registry and i change the Value of it from 1 to be 0 or from 0 to 1 , i can not remmber it.



2- the delay is still . " Our Internet Speed is 512 / 128 "



3- Now the Big Problems is, when any One of the User try to download file " what ever the size is " , he cant and found that , the Brown Page is display for him and say " Page Timed Out " , or even when he try to send attachment from WEB Browser, he get the Same message .



the message is :-



Technical Information ( for support personel )



        Error Code 1460 : TimeOut.

        Background : The Gateway Could not receive a timely response from the Web site you are trying to access , DNS server, or another Gateway server . this might indicate that the Network in Congested .



4- if we convert the Users to be on OUR HW Firewall instead of ISA Server, No Problems from this Type at all reported to us .



i think, there is something need to be modify in registry regarding Timed Out , or i am wrong .



Please Give me your Opinion regarding First Problem ?



--------------------------------------------------------------------------------------------------------------



Second Problem :-



as i said before, all the Users " 70 " users are connected to the internet and have ability to browse internet and also connected to POP3 Server through ISA server and all of them connected to ISA Server as SECURE NAT CLIENT & WEB PROXY CLIENT in the Same time, and no user at all connected to ISA as Firewall Client.



Now, in order to make a control over the Internet, i want to block Browsing ( HTTP & HTTPS ) only and let them only have the ability to use POP3 & SMTP , but NO Internet at all on PC'S .



so my question is " CAN I DO THAT in ISA SERVER which i have or NOT ? " and if i disable the HTTP & HTTPS only and allow POP3 & SMTP , is there any thing will happen or is there any Problem will appear ?



Please Update me regarding First Problem & Second Prooblem as well .
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16783218
1. Please confirm whether you are using port 8080 or port 80 in the IE proxy settings on your clients. If it is 8080, have you created a new protocol called web proxy (tcp 8080 outbound) and added it to the list of allowed traffic protocols in rule 1?

2. You should not be publishing your pop server if it is external. Add the pop and smtp protocols to your rule 1 and delete the publishing rule from internal to external.

3. In the ISA GUI.
Click on monitoring - logging. Click on start query. we can now watch whats happens with the traffic.

4. In your rule 1, add local host into the FROM list.

5. On the ISA server itself. perform some tests twice......
First tests, On the isa server, set the IE proxy settings to use 172.16.1.3 port 8080 and see if you can reproduce the issues.
second tests, remove the settings from the ie proxy on the ISA server. See if you can reproduce the issues.

0
 

Author Comment

by:rolamohammed
ID: 16788651
i will do it & i will update you.

but can i ask you a question, why there is a long time untill i got reply from this subject, compared with other things as well ?

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16796076
PS. I had a holiday in Luxor a few years ago and our hotel was in the middle of the Nile.  It is a beautiful country.

We do not allow personal email addresses in the comments. You never know who else may read these questions and answers and may use your personal addresses inappropriately. This is for your protection.

As soon as you have an update from the test above, let me know and I will try and help you further :)

Keith
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question