Links not working when publishing a flash swf file with ISA server 2006

GSALTechnicians
GSALTechnicians used Ask the Experts™
on
We have our intranet published via ISA server 2006 using forms based authentication. It has always worked fine, translating internal links (eg http://intranet/default.html) to an external address when accessed from home (eg https://intranet.ourcompany.co.uk/default)
The intranet developers have now changed the front page to a flash swf file containing all the links and these  are not being translated by the publishing rule - when accessed from home 'http://intranet/default.html' still appears as 'http://intranet/default.html' which obviously doesn't work. Anyone know what I need to change to get the links in the flash swf file to be translated to correct external addresses as they are in the html page?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011

Commented:
The right way to do it has probably already passed by and is too late.  What you should have done it use Split-DNS so that the Intranet Site uses the same domain name as it does from the external Internet (intranet.ourcompany.co.uk).  Since it would use the same name no matter where the user is comming from the whole problem would simply never have existed.
As it is now all you can do is try to patch it up by using the Link Translation features in the Publishing Rule Properties.

Author

Commented:
Maybe that would have been the best way to do it but publishing the intranet was never envisaged years aog when it was first set up. The problem we have is that the link translation works perfectly from the old intranet homepage with is a plain html page, it is only a problem now that this has been replaced with a flash page. I assume that the publishing rule looks at the code for the page and translates any links it finds in accordance with the setting within the rule, but I assume that it treats the swf file that is embedded in the home page simply as an image rather than looking at it as a seperate piece of code. What I need is a way to make it look at  the code within the swf and translate those links as well.
Most Valuable Expert 2011

Commented:
I believe you are correct in how ISA sees the Flash component.
The only option I see is to go with the Split-DNS.  Then have the Flash component edited to use the Public FQDN in the links.  The Split-DNS will make sure that the internal users resolve that FQDN correctly to the private IP of the Site so that they go directly to the correct IP# and not try to make a "u-turn" through the firewall and trhe publishing rule.
The Split-DNS is very simple to do, you guys just have to be willing to do it.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
thanks for your comments, I am happy to go with the split DNS. Do you know of a guide for setting it up or is it as simple as adding a record into our internal dns for intranet.oucompany.co.uk pointing to the ip address of the intranet server?
Most Valuable Expert 2011
Commented:
It don't have any articles, and the ones I have seen seem to overcomplicate the explaination.  I can explain it here just as easy.  Their are two types, a "single zone" and a multi-zone.  If your AD Name is spelled the same as the Public Name then it is a single zone,...but if the spelling is different than it is a multi-zone.
If you spell your internal Active Directory Domain name the same way as you external Public FQDN,..then yes, you just add either CNAMEs or Host Records in your existing Zone. If it is a CNAME then point it to the correct internal Host record,..if it is a Host Rocords than give it the correct IP# for the external resource.
If you do not spell the Public FQDN the same as your AD Domain Name then you will create a new Zone for the Public Name.  There are some things to keep in mind when creating it:
1. It is a Standard Zone
2. It is not Active Directory enabled
3. It should not accept Dynamic Updates
4. The is really no point in creating any Reverse Lookup Zones, so don't bother with those.
Then just create the records in the Zone.  Remember that as far as your LAN's Hosts are concerned,...this AD/DNS server now becomes authoritative for your Public FQDN,...but that does not mean anything to users out in "Internet Land" , they still consider the DNS Hosting service (your ISP?) to be the authoritative DNS for the Public FQDN.  all this means is that you have to now account for all the Puplic Hosts on the AD/DNS server if you have any (www.ourcompany.co.uk,   ftp.ourcompany.co.uk   mail.ourcompany.co.uk). If these exist then create records for them.
You have to use the right IP# for you records.  If the "real" machine is on the internal LAN then you can just use a CNAME and point it to the correct Hosts Record in the AD Zone.  If the "real" machine sits out on the Internet with a Public IP# then you have to use a Host Record ("A" Record) and use the correct Public IP#.
You could probably have all this done in 20 minutes or less.
Most Valuable Expert 2011

Commented:
Do forget that after this is done that the link in that Flash thing needs to be adjusted to reflect the Public spelling of the link.
It is also possible (can't say for sure) but you may no longer need the Link translation settings in the Publishing Rule since everyone will access everthing on this site via the Public spelling of everything,...you no longer have to juggle two different namespace spellings.

Author

Commented:
Thank you for the very quick and easy to follow solution.

Author

Commented:
Sorry to resurrect this but I have hit a new problem. I have the split dns setup and it sort of works. From an external machines all works fine. From an internal machine, we get a login box when trying to access one of the links - entering the username as domain\username it works ok. Have i messed something in the setup of the split dns for the authentcation?
Most Valuable Expert 2011

Commented:
That is another IE "thing".  Someone who is more intimately and emotionaly involved with IE and its different versions might be able to help better than I, but,...IE will refuse to use Integrated Authentication if it thinks the Site is out on the Internet.  I think it uses some of the same screwed up logic where it arbitrarily decares a Site to be out on the Internet if you use an IP# in the Address bar instead of a "machine name".
I would suggest one of two things:
1. Add the Site's FQDN to the Intranet Zone in IE (not Internet Zone).  Do this from the "Advanced" button.  Use the format *.mysite.com
2. Use can have user on the LAN use the Netbios Name instead of the DNS FQDN.
Either of those two will probably keep IE "happy" and it will use Integrated Authentication like it should.  But if someone more skilled with the details of IE has other suggestions that is fine.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial