Windows Thread, ISA server blocking https in Technical; The last few days i have been getting error messages on my 2004 isa box where its not letting me ...
9th January 2009, 11:19 AM #1
ISA server blocking https
The last few days i have been getting error messages on my 2004 isa box where its not letting me access any https pages.
The strange thing is that i had this yesterday, rebooted the server and it was fine for about 2 hours.
I have tried rebooting the server, restarting services. I dont know why its suddenly started to do this as i havent made any changes to it in about a 6 months. Screenshot attached of the error.
9th January 2009, 11:37 AM #2
Can you access the SSL sites from the ISA box directly as it may be being refused by your upstream network.
ISA 2004 "502 Proxy Error. Connection refused(10061) : error, connection, isa, proxy
The 10061 error suggests that your upstream device is not operating (for ssl) so the traffic is going out 'as is'. ie it is going out as proxied traffic from the ISA rather than https traffic.
9th January 2009, 12:07 PM #3
Yeh i can access the ssl sites fine from the isa box or i use my machine on its second nic that is configured straight into countys network rather than the internal one here.
I have looked in the event log of both the server and the isa logs and they are both reporting that the upstream server is not available.
I cant ping the county proxy from my machine i just get time outs. But if i use my other connection it gets perfect ping results.
Im guessing that i should be able to ping the county proxy server from behind the isa server? it does find the correct ip address for it.
9th January 2009, 12:36 PM #4
I think that ages ago there was some kind of problem with SSL proxying from squid and ISA thanks to an update but I can't remember the details.
Originally Posted by DSapseid
If the logs are reporting that it is not avalible that is the first place that I would look, reset all of the upstream proxy details to make sure that they are correct and make sure that you have all of the ISA 2004 updates installed. I would also try installing ISA on a secondary box and seeing if that worked ok as the ISA configuration could have become corrupted.
Do you use any extra third party filters like Surfcontrol () as these are really talented at completely hosing an ISA installation at random times.
You would only be able to ping the proxy throught the ISA server if you have enabled ICMP traffic through it.
9th January 2009, 12:41 PM #5
Right i think i may have sussed what it was. It was symantec endpoint protection! It was seeing county's proxy server asking for information (which it does now because of data transfer or something) but it saw it as a malicious attack and blocked it the ip address for 10mins this then stopped the isa from accessing the ip for the proxy and killed the https. Have just turned of certain parts of the symantec and all looks ok so far *touch wood*.
Will keep checking it for the next few hours but looks like it.
9th January 2009, 02:55 PM #6
I experienced this after an ISA 2004 service pack, I think it was SP2 never could figure out the problem just removed the SP
9th January 2009, 03:07 PM #7
Please tell me your not running the firewall parts of that on the ISA box. That could have huge issues. You only need AV on ISA (and to run the hardening tool for ISA )
Originally Posted by DSapseid
By Paid_Peanuts in forum Windows
Last Post: 7th December 2007, 06:46 PM
By drewinc in forum Windows
Last Post: 11th June 2007, 12:37 PM
By Norphy in forum Windows
Last Post: 26th May 2006, 01:14 PM
By indiegirl in forum Windows
Last Post: 21st March 2006, 03:54 PM
By markwilliamson2001 in forum Windows
Last Post: 4th October 2005, 05:28 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)