Solved

ISA SERVER 2006

Posted on 2011-09-02
8
196 Views
Last Modified: 2012-05-12
We have an external https url to access, but it need a smart card authentication. I just test this with user without proxy and it´s work well.
I when i try with user that have proxy i receive a failed connection Agent
Error when i monitore by isa the pc
IP->0->SSL-Tunnel->failed Connection Agent-> anonimous
0
Comment
Question by:godinhadas
8 Comments
 
LVL 10

Expert Comment

by:simonlimon
ID: 36480137
So you are accessing an external site, not on your network through a proxy server?

Are you using HTTPS inspection with the TMG or are you using ISA 2006?
0
 

Author Comment

by:godinhadas
ID: 36482703
I am access an external site. this site is important for us to access and we are using  Https inspection with isa 2006
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 36482721
My first suggestion would be to exclude this site from HTTPS inspection.

I would say that HTTPS inspection with client certificates should not work.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36482764
adding to that, ISA does not have https capability. only TMG.

as a workaround you can add it as exception on IE proxy exception list.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:godinhadas
ID: 36483138
I just try to create a exception but when we try to open the site look for certificate and smart card and doesnt open
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 36489061
Smart Card Auth to "what"?  The Site or the Proxy?  You don't get both.  They are two entirely different things.

If the Site is what the Smart Card is for, then it is only going to authenticate to the site,...not the proxy,...you will have to authenticate to the proxy separately.   If you can come up with a way to do that then the proxy will have to be used anonymously for that particular site.
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 36494449
can u share rule with us
0
 

Author Closing Comment

by:godinhadas
ID: 37213109
wqe solve the problem
0

Featured Post

Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now