ISA Clients >> ISA 2000- SSL stopped working (HELP!)

by R3JhaGFt » Fri, 11 Feb 2005 03:37:02 GMT

No changes were made to my knowledge but all SSL connections are no longer
working. They work fine from the ISA Server itself but none of the clients
that are using the Firewall client. All other machines on network are fine
so I don't think it's upsteam.

Here are links to the configuration.

http://www.technoboob.com/images/SiteRules.jpg
http://www.technoboob.com/images/ProtocolRules.jpg
http://www.technoboob.com/images/FilterRules.jpg

Similar Threads

1. IE6 behind ISA stops working, automatically changes to port 8083, SSL still works

Hi everyone,

The crosspost is due to not being able to identify the root cause of this 
problem. (IE6 or ISA)

Setup: W2K3 Server, IE6, ISA 2004

My browser stops browsing after a period and I get page not found until my 
machine is restarted. When I look at the ISA log, I notice attempts to 
communicate using port 8083. Browsing on SSL 447 works without issue. This 
problem affects any applications attempting to reach the internet (port 80) 
are translated to port 8083.

I was wondering if this is a known issue for IE or ISA. Any ideas on the 
issue are appreciated.

Thanks,
B.

More information:
1. All applications trying to connect to the internet are affected e.g. 
SharpReader and Firefox
2. SSL communication on port 447 is unaffected.
2. ISA and IE6 are setup for auto-discovery, but the wpad.dat file 
definitely only contains 8080 (see below for more information) ISA is setup 
for port 8080, with discovery on port 80. I downloaded the wpad.dat file 
from both ports and it matches the data below.
3. Changing IE6 to use a specified proxy, and removing the auto-detect takes 
away to problem, but does not work for all my situations (e.g. VPN to 
another network) and does not work every time.

---------   WPAD contents start

//Copyright (c) 1997 Microsoft Corporation
BackupRoute="DIRECT";
UseDirectForLocal=true;
function MakeIPs(){
}
DirectIPs=new MakeIPs();
cDirectIPs=0;
function MakeNames(){
this[0]="*.mydomain.com";
this[1]="*.mydomain.com";
}
DirectNames=new MakeNames();
cDirectNames=2;
HttpPort="8080";
cNodes=1;
function MakeProxies(){
this[0]=new Node("myisaserver.mydomain.com",0,1.000000);
}
Proxies = new MakeProxies();
function Node(name, hash, load){
 this.name = name;
 this.hash = hash;
 this.load = load;
 this.score = 0;
 return this;
}
function FindProxyForURL(url, host){
 var urlhash, urllower, ibest, bestscore, list, i, j, port=HttpPort;
 urllower = url.toLowerCase();
 if((urllower.substring(0,5)=="rtsp:")  ||
    (urllower.substring(0,6)=="rtspt:") ||
    (urllower.substring(0,6)=="rtspu:") ||
    (urllower.substring(0,4)=="mms:")   ||
    (urllower.substring(0,5)=="mmst:")  ||
    (urllower.substring(0,5)=="mmsu:"))
    return "DIRECT";
 if (UseDirectForLocal && isPlainHostName(host))
  return "DIRECT";
 if (cDirectNames > 0)
  for (i = 0; i < cDirectNames; i++)
   if (shExpMatch(host, DirectNames[i]))
    return "DIRECT";
 if (cDirectIPs > 0)
  for (i = 0; i < cDirectIPs; i += 2)
   if (isInNet(host, DirectIPs[i], DirectIPs[i+1]))
    return "DIRECT";
 urlhash = HashString(url);
 for (i = 0; i < cNodes; i++)
  Proxies[i].score = Proxies[i].load * Scramble(MakeInt(urlhash ^ 
Proxies[i].hash));
 list = "";
 for (j = 0; j < cNodes; j++) {
  for (bestscore = -1, i = 0; i < cNodes; i++) {
   if (Proxies[i].score > bestscore) {
    bestscore = Proxies[i].score;
    ibest = i;
   }
  }
  Proxies[ibest].score = -1;
  list = list + "PROXY " + Proxies[ibest].name + ":" + port + "; ";
 }
 list = list + BackupRoute;
 return list;
}
function HashString(url){
 var h = 0;
 var slashes = 0;
 for (var i = 0; i < url.length; i++) {
  var c = url.charAt(i);
  if (c == '/')
   slashes++;
  if (slashes < 3)
   c = c.toLowerCase();
  h += (((h & 0x1fff) << 19) | ((h >> 13) & 0x7ffff)) + CharToAscii(c);
  h = MakeInt(h);
 }
 return h;
}
function Scramble(h){
 h += ((h & 0xffff) * 0x1965) + ((((h >> 16) & 0xffff) * 0x1965) << 16) + 
(((h & 0xffff) * 0x6253) << 16);
 h = MakeInt(h);
 h += (((h & 0x7ff) << 21) | ((h >> 11) & 0x1fffff));
 return MakeInt(h);
}
var Chars =" 
!\"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~???????????????????????? 
 
";
function CharToAscii(c){
 return Chars.indexOf(c) + 32;
}
function MakeInt(x){
 if (x<< 0) {
  return x + 4294967296;
 } else if (x>>= 4294967296) {
  return x - 4294967296;
 }
 return x;
}
 ------- WPAD contents end


2. OWA: SSL-Bridging works with ISA 2000 but not with ISA 2006

3. OWA and ISA 2000 stops working after Server 2003 upgrade on Exchan

Hi,

We have just conducted a upgrade to Server 2003 on our Exchange 
Server(running Exchange 2003).  We are using OWA w/ FBA.  We can access the 
OWA page within the network however, we can no longer do so from outside of 
the network.  Our firewall is ISA 2000 runing on Server 2003.  When we try to 
access OWA from outside we are prompted for our credentials. However, we 
input the credential and still cannot see the FBA page.  

Nothing has changed on the ISA server.

Thanks

Jack

4. Download Manager, Win Messenger, UPS, Stopped working with ISA 2000

5. ISA 2000 Suddenly stopped working

I first installed ISA Server 2000 4 years ago on my Multihomed machine.
It worked almost flawlessly until yesterday. Suddenly, none of my
client PC's (which have the client installed) can access the internet.
Furthermore, I had enabled internet access on the ISA server. Now I
cannot access the internet on the ISA box unless I disable the internal
NIC. Can anyone help me with this?

Thanks.

6. April 2004 Hotfixes causes ISA Web Proxy to stop accepting incoming requests SSL/Non SSL