Export (0) Print
Expand All

ISA Server diagnostic logging troubleshooting scenarios

This document provides diagnostic logging samples for use when troubleshooting Microsoft Internet Security and Acceleration (ISA) Server traffic. The following five sample scenarios are provided:

  • Troubleshooting a forward proxy access rule for which name resolution does not succeed
  • Troubleshooting a reverse proxy Web publishing scenario when client authentication does not succeed and a path is configured incorrectly
  • Troubleshooting forward Web proxy with authentication
  • Troubleshooting reverse Web publishing when both links are HTTPS
  • Troubleshooting a slow connection to an external Web server

Each scenario provides a diagnostic log sample that shows the traffic flow of the request.

This document includes the following scenarios:

Two diagnostic log samples are provided for comparison. The first sample shows the traffic flow when name resolution for forward proxy succeeds. The second shows the flow when name resolution fails.

Lab setup

Use the following lab scenario:

Computer configuration Computer name IP address

Web proxy client

Lcl-st

40.0.202.1

Server

Anet-srv

70.0.11.1

ISA Server

Fw-a2

40.0.2.1, 70.0.2.1

There is a single access rule allowing HTTP from the Internal network to the External network.

Example 1: Running the baseline diagnostic log with successful name resolution for forward Web proxy

After you turn on diagnostic logging and make the forward request, results appear in the diagnostic log summary, a sample of which is in the following table. The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-01-21 18:03:07

1

96d070e2

Web Proxy

Web Proxy properties: Client IP address: 40.0.202.1 Client port: 3341 Local IP address: 40.0.2.1 Local port: 8080 SecureNAT client: false Web proxy client: true Inbound traffic: false

<This entry is important. It provides a unique context ID (96d070e2),

The context ID allows you to filter other non-relevant traffic.>

2008-01-21 18:03:07

2

96d070e2 96d070e3

Web Proxy

HTTP method: GET

Check all the lines that start with the context ID. In this example, the context ID is 96d070e2.

2008-01-21 18:03:07

3

96d070e2 96d070e3

Web Proxy

ISA Server started checking the policy rules for a Web request.

2008-01-21 18:03:07

4

96d070e2 96d070e3

Web Proxy

Target URL: /

2008-01-21 18:03:07

5

96d070e2 96d070e3

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-01-21 18:03:07

6

96d070e2 96d070e3

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

<Verify whether Domain Name System (DNS) is in the ISA Server DNS cache.>

2008-01-21 18:03:07

7

96d070e2 96d070e3

Web Proxy

ISA Server failed to perform DNS name resolution and will attempt to continue with the available information. Error: No such host is known.

2008-01-21 18:03:07

8

96d070e2 96d070e3

Web Proxy

ISA Server started checking the access rules.

2008-01-21 18:03:07

9

96d070e2 96d070e3

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-01-21 18:03:07

10

96d070e2 96d070e3

Firewall service

The Firewall service is performing rule evaluation.

2008-01-21 18:03:07

11

96d070e2 96d070e3

Firewall service

Protocol: HTTP

2008-01-21 18:03:07

12

96d070e2 96d070e3

Firewall Engine

Packet properties: Source IP address: 40.0.202.1 Source array network: Internal Destination IP address: 0.0.0.0 Destination array network:

<In the packet details, note that the IP address 0.0.0.0 appears because the name "anet-srv" is not resolved.>

2008-01-21 18:03:07

13

96d070e2 96d070e3

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 18:03:07

14

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

<This is the first rule to be matched.>

2008-01-21 18:03:07

15

96d070e2 96d070e3

Firewall service

Source does not match the packet.

<Rule was not matched.>

2008-01-21 18:03:07

16

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:03:07

17

96d070e2 96d070e3

Firewall service

Source does not match the packet.

2008-01-21 18:03:07

18

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:03:07

19

96d070e2 96d070e3

Firewall service

The source port does not match the rule.

2008-01-21 18:03:07

20

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule MyhttpRule.

<This is the rule for which traffic should be allowed. Name resolution has not yet occurred.>

2008-01-21 18:03:07

21

96d070e2 96d070e3

Firewall service

The destination requires name resolution.

2008-01-21 18:03:07

22

96d070e2 96d070e3

Firewall service

The rule MyhttpRule requires name resolution for evaluation.

2008-01-21 18:03:07

23

96d070e2 96d070e3

Firewall service

The rule MyhttpRule requires DNS name resolution.

2008-01-21 18:03:07

24

96d070e2 96d070e3

Web Proxy

The access rule MyhttpRule denies the Web request.

<The Web proxy filter, rather than the Firewall service, is handling the rule because the Web proxy filter will attempt to resolve the name "anet-srv". The policy rule engine assumes a positive response and then informs the Web proxy that the rule might pass.>

2008-01-21 18:03:07

25

96d070e2 96d070e3

Web Proxy

ISA Server attempted to evaluate the policy rules without resolving the name of the requested destination.

2008-01-21 18:03:07

26

96d070e2 96d070e3

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

2008-01-21 18:03:07

27

96d070e2 96d070e3

Web Proxy

ISA Server succeeded to perform DNS name resolution for the host name h_name: anet-srv h_aliases: h_addr_list: 70.0.11.1.

<DNS resolution has succeeded.>

2008-01-21 18:03:07

28

96d070e2 96d070e3

Web Proxy

ISA Server started rechecking the access rules after resolving the name of the requested destination through a DNS query.

2008-01-21 18:03:07

29

96d070e2 96d070e3

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-01-21 18:03:07

30

96d070e2 96d070e3

Firewall service

The Firewall service is performing rule evaluation.

<If it fails, the policy rule engine attempts to perform rule evaluation once more by using the real resolved name.>

2008-01-21 18:03:07

31

96d070e2 96d070e3

Firewall service

Protocol: HTTP

2008-01-21 18:03:07

32

96d070e2 96d070e3

Firewall Engine

Packet properties: Source IP address: 40.0.202.1 Source array network: Internal Destination IP address: 70.0.11.1 Destination array network: External

<These are the updated details for the packet.>

2008-01-21 18:03:07

33

96d070e2 96d070e3

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 18:03:07

34

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:03:07

35

96d070e2 96d070e3

Firewall service

Source does not match the packet.

2008-01-21 18:03:07

36

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:03:07

37

96d070e2 96d070e3

Firewall service

Source does not match the packet.

2008-01-21 18:03:07

38

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:03:07

39

96d070e2 96d070e3

Firewall service

The source port does not match the rule.

2008-01-21 18:03:07

40

96d070e2 96d070e3

Firewall service

ISA Server is evaluating the rule MyhttpRule.

2008-01-21 18:03:07

41

96d070e2 96d070e3

Firewall service

The rule MyhttpRule matches the packet. The packet is allowed.

2008-01-21 18:03:07

42

96d070e2 96d070e3

Firewall service

The rule MyhttpRule allowed the packet.

<The rule is allowed.>

2008-01-21 18:03:07

43

96d070e2 96d070e3

Web Proxy

The access rule MyhttpRule allows the Web request.

2008-01-21 18:03:07

44

96d070e2 96d070e3

Web Proxy

ISA Server started to check the Web chaining rules.

2008-01-21 18:03:07

45

96d070e2 96d070e3

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 70.0.11.1 in the packet.

The packet may be passed to an upstream server.

2008-01-21 18:03:07

46

96d070e2 96d070e3

Firewall service

The Web chaining rule Default rule matches the packet.

2008-01-21 18:03:07

47

96d070e2 96d070e3

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-01-21 18:03:07

48

96d070e2 96d070e3

Web Proxy

ISA Server is directing the Web request to the IP address 0.0.0.0.

2008-01-21 18:03:07

49

96d070e2 96d070e3

Firewall service

ISA Server is looking for a cache rule that matches the destination 70.0.11.1 in the Web request.

Cache rules are checked to determine whether to return a cached response.

2008-01-21 18:03:07

50

96d070e2 96d070e3

Firewall service

The cache rule Default rule matches the Web request.

2008-01-21 18:03:07

51

96d070e2 96d070e3

Web Proxy

The Web request matches the cache rule Default rule.

2008-01-21 18:03:07

52

96d070e2 96d070e3

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-01-21 18:03:07

53

96d070e2 96d070e3

Web Proxy

ISA Server will connect to the Web server anet-srv on the IP address 70.0.11.1 and port 80.

<ISA Server connects to the server.>

2008-01-21 18:03:07

54

96d070e2 96d070e3

Web Proxy

Target URL: /

2008-01-21 18:03:07

55

96d070e2 96d070e3

Web Proxy

Web response properties: Response status: 200 Response MIME content type: text/html Response Via header: NULL HTTP Server header: Microsoft-IIS/5.0

<A 200 OK status message is issued. The traffic has passed.>

Example 2: Running the diagnostic log when name resolution fails

By removing "anet-srv" from the host's file and running diagnostic logging again, you can examine the log summary when name resolution does not succeed. The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-01-21 17:51:21

1

96d070e0

Web Proxy

Web Proxy properties: Client IP address: 40.0.202.1 Client port: 3337 Local IP address: 40.0.2.1 Local port: 8080 SecureNAT client: false Web proxy client: true Inbound traffic: false

<The context ID of the original packet.>

2008-01-21 17:51:21

2

96d070e0 96d070e1

Web Proxy

HTTP method: GET

2008-01-21 17:51:21

3

96d070e0 96d070e1

Web Proxy

ISA Server started checking the policy rules for a Web request.

2008-01-21 17:51:21

4

96d070e0 96d070e1

Web Proxy

Target URL: /

2008-01-21 17:51:21

5

96d070e0 96d070e1

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-01-21 17:51:21

6

96d070e0 96d070e1

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

2008-01-21 17:51:21

7

96d070e0 96d070e1

Web Proxy

ISA Server failed to perform DNS name resolution and will attempt to continue with the available information. Error: No such host is known.

2008-01-21 17:51:21

8

96d070e0 96d070e1

Web Proxy

ISA Server started checking the access rules.

2008-01-21 17:51:21

9

96d070e0 96d070e1

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-01-21 17:51:21

10

96d070e0 96d070e1

Firewall service

The Firewall service is performing rule evaluation.

2008-01-21 17:51:21

11

96d070e0 96d070e1

Firewall service

Protocol: HTTP

2008-01-21 17:51:21

12

96d070e0 96d070e1

Firewall Engine

Packet properties: Source IP address: 40.0.202.1 Source array network: Internal Destination IP address: 0.0.0.0 Destination array network:

2008-01-21 17:51:21

13

96d070e0 96d070e1

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 17:51:21

14

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 17:51:21

15

96d070e0 96d070e1

Firewall service

Source does not match the packet.

2008-01-21 17:51:21

16

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 17:51:21

17

96d070e0 96d070e1

Firewall service

Source does not match the packet.

2008-01-21 17:51:21

18

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 17:51:21

19

96d070e0 96d070e1

Firewall service

The source port does not match the rule.

2008-01-21 17:51:21

20

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule MyhttpRule.

2008-01-21 17:51:21

21

96d070e0 96d070e1

Firewall service

The destination requires name resolution.

2008-01-21 17:51:21

22

96d070e0 96d070e1

Firewall service

The rule MyhttpRule requires name resolution for evaluation.

2008-01-21 17:51:21

23

96d070e0 96d070e1

Firewall service

The rule MyhttpRule requires DNS name resolution.

2008-01-21 17:51:21

24

96d070e0 96d070e1

Web Proxy

The access rule MyhttpRule denies the Web request.

2008-01-21 17:51:21

25

96d070e0 96d070e1

Web Proxy

ISA Server attempted to evaluate the policy rules without resolving the name of the requested destination.

2008-01-21 17:51:21

26

96d070e0 96d070e1

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

2008-01-21 17:51:21

27

00006c93

Firewall Engine

The Firewall Engine is performing rule evaluation.

<The Firewall engine tries to resolve the name "anet-srv".>

2008-01-21 17:51:21

28

00006c93

Firewall Engine

ISA Server is looking for an applicable network rule.

2008-01-21 17:51:21

29

00006c93

Firewall Engine

The packet was sent to or from the Local Host network. Therefore, an implicit network rule with a route relationship between the source and destination is applied.

2008-01-21 17:51:21

30

00006c93

Firewall Engine

ISA Server will check only rules that are associated with the protocol Ping.

2008-01-21 17:51:21

31

00006c93

Firewall Engine

ISA Server is evaluating the rule Allow ICMP (PING) requests from selected computers to ISA Server.

2008-01-21 17:51:21

32

00006c93

Firewall Engine

Source does not match the packet.

2008-01-21 17:51:21

33

00006c93

Firewall Engine

ISA Server is evaluating the rule Allow ICMP requests from ISA Server to selected servers.

2008-01-21 17:51:21

34

00006c93

Firewall Engine

Source does not match the packet.

2008-01-21 17:51:21

35

00006c93

Firewall Engine

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 17:51:21

36

00006c93

Firewall Engine

Source does not match the packet.

2008-01-21 17:51:21

37

00006c93

Firewall Engine

ISA Server is evaluating the rule Default rule.

2008-01-21 17:51:21

38

00006c93

Firewall service

The rule Default rule matches the packet. The packet is denied.

2008-01-21 17:51:21

39

00006c93

Firewall Engine

The rule Default rule matches the packet. The packet is denied.

2008-01-21 17:51:24

40

00006c94

Firewall Engine

The Firewall Engine is performing rule evaluation.

2008-01-21 17:51:24

41

00006c94

Firewall Engine

ISA Server is looking for an applicable network rule.

2008-01-21 17:51:24

42

00006c94

Firewall Engine

The packet was sent to or from the Local Host network. Therefore, an implicit network rule with a route relationship between the source and destination is applied.

2008-01-21 17:51:24

43

00006c94

Firewall Engine

ISA Server will check only rules that are associated with the protocol Ping.

2008-01-21 17:51:24

44

00006c94

Firewall Engine

ISA Server is evaluating the rule Allow ICMP (PING) requests from selected computers to ISA Server.

2008-01-21 17:51:24

45

00006c94

Firewall Engine

Source does not match the packet.

2008-01-21 17:51:24

46

00006c94

Firewall Engine

ISA Server is evaluating the rule Allow ICMP requests from ISA Server to selected servers.

2008-01-21 17:51:24

47

00006c94

Firewall Engine

Source does not match the packet.

2008-01-21 17:51:24

48

00006c94

Firewall Engine

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 17:51:24

49

00006c94

Firewall Engine

Source does not match the packet.

2008-01-21 17:51:24

50

00006c94

Firewall Engine

ISA Server is evaluating the rule Default rule.

2008-01-21 17:51:24

51

00006c94

Firewall service

The rule Default rule matches the packet. The packet is denied.

2008-01-21 17:51:24

52

00006c94

Firewall Engine

The rule Default rule matches the packet. The packet is denied.

2008-01-21 17:51:35

53

96d070e0 96d070e1

Web Proxy

ISA Server failed to perform DNS name resolution and will attempt to continue with the available information. Error: The requested name is valid, but no data of the requested type was found.

<ISA Server failed to resolve the name "anet-srv".>

2008-01-21 17:51:35

54

96d070e0 96d070e1

Web Proxy

ISA Server started to check the Web chaining rules.

<Web chaining rules are checked because an upstream server may be able to resolve the name.>

2008-01-21 17:51:35

55

96d070e0 96d070e1

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 0.0.0.0 in the packet.

2008-01-21 17:51:35

56

96d070e0 96d070e1

Firewall service

The Web chaining rule Default rule matches the packet.

2008-01-21 17:51:35

57

96d070e0 96d070e1

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-01-21 17:51:35

58

96d070e0 96d070e1

Web Proxy

ISA Server will assume that the destination is in the External network and recheck the access rules because the requested destination was not resolved as an internal resource.

2008-01-21 17:51:35

59

96d070e0 96d070e1

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-01-21 17:51:35

60

96d070e0 96d070e1

Firewall service

The Firewall service is performing rule evaluation.

2008-01-21 17:51:35

61

96d070e0 96d070e1

Firewall service

Protocol: HTTP

2008-01-21 17:51:35

62

96d070e0 96d070e1

Firewall Engine

Packet properties: Source IP address: 40.0.202.1 Source array network: Internal Destination IP address: 0.0.0.0 Destination array network: External

2008-01-21 17:51:35

63

96d070e0 96d070e1

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 17:51:35

64

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 17:51:35

65

96d070e0 96d070e1

Firewall service

Source does not match the packet.

2008-01-21 17:51:35

66

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 17:51:35

67

96d070e0 96d070e1

Firewall service

Source does not match the packet.

2008-01-21 17:51:35

68

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 17:51:35

69

96d070e0 96d070e1

Firewall service

The source port does not match the rule.

2008-01-21 17:51:35

70

96d070e0 96d070e1

Firewall service

ISA Server is evaluating the rule MyhttpRule.

2008-01-21 17:51:35

71

96d070e0 96d070e1

Firewall service

The rule MyhttpRule matches the packet. The packet is allowed.

2008-01-21 17:51:35

72

96d070e0 96d070e1

Firewall service

The rule MyhttpRule allowed the packet.

2008-01-21 17:51:35

73

96d070e0 96d070e1

Web Proxy

The access rule MyhttpRule allows the Web request.

2008-01-21 17:51:35

74

96d070e0 96d070e1

Web Proxy

ISA Server is directing the Web request to the IP address 0.0.0.0.

<The web request is discarded.>

2008-01-21 17:51:35

75

96d070e0 96d070e1

Firewall service

ISA Server is looking for a cache rule that matches the destination 0.0.0.0 in the Web request.

2008-01-21 17:51:35

76

96d070e0 96d070e1

Firewall service

The cache rule Default rule matches the Web request.

2008-01-21 17:51:35

77

96d070e0 96d070e1

Web Proxy

The Web request matches the cache rule Default rule.

2008-01-21 17:51:35

78

96d070e0 96d070e1

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-01-21 17:51:50

79

96d070e0 96d070e1

Web Proxy

ISA Server rejected the request with the HTTP status code 0 and will return the following error message to the Web client. \"No data record is available. \"

<ISA Server dropped the packet and sent an error message to the client.>

Three diagnostic log samples are provided so you can compare them. The first baseline sample shows the traffic flow when a Web publishing request succeeds, the second shows the flow when authentication fails, and the third shows how a request fails when a Web publishing path is configured incorrectly.

Lab setup

Use the following lab scenario:

Computer configuration Computer name IP address

Web client

Anet-srv

70.0.11.1

Web server

Lcl-dc

40.0.0.2

ISA Server

Fw-a2

40.0.2.1, 70.0.2.1

There is a single Web publishing rule that forwards Web requests to the computer Lcl-dc/sports.

Example 1: Running the baseline diagnostic log with a successful Web publishing request

Turn on diagnostic logging, and then make a client request for Lcl-dc publishing that uses Web publishing. The results appear in the diagnostic log summary. The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-01-21 18:50:52

9

96d070f4

Web Proxy

Web Proxy properties: Client IP address: 70.0.11.1 Client port: 3144 Local IP address: 70.0.2.1 Local port: 80 SecureNAT client: false Web proxy client: false Inbound traffic: true

2008-01-21 18:50:52

10

96d070f4 96d070f5

Web Proxy

HTTP method: GET

2008-01-21 18:50:52

11

96d070f4 96d070f5

Web Proxy

ISA Server started checking the policy rules for a Web request.

2008-01-21 18:50:52

12

96d070f4 96d070f5

Web Proxy

Target URL: /sports/

2008-01-21 18:50:52

13

96d070f4 96d070f5

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-01-21 18:50:52

14

96d070f4 96d070f5

Web Proxy

ISA Server started checking Web publishing rules.

2008-01-21 18:50:52

15

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow access to directory services for authentication purposes.

2008-01-21 18:50:52

16

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

17

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow remote management from selected computers using MMC.

2008-01-21 18:50:52

18

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

19

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow remote management from selected computers using Terminal Server.

2008-01-21 18:50:52

20

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

21

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow RADIUS authentication from ISA Server to trusted RADIUS servers.

2008-01-21 18:50:52

22

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

23

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow Kerberos authentication from ISA Server to trusted servers.

2008-01-21 18:50:52

24

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

25

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow DNS from ISA Server to selected servers.

2008-01-21 18:50:52

26

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

27

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow DHCP requests from ISA Server to all networks.

2008-01-21 18:50:52

28

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

29

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow DHCP replies from DHCP servers to ISA Server.

2008-01-21 18:50:52

30

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

31

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow ICMP (PING) requests from selected computers to ISA Server.

2008-01-21 18:50:52

32

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

33

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow ICMP requests from ISA Server to selected servers.

2008-01-21 18:50:52

34

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

35

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow Microsoft CIFS from ISA Server to trusted servers.

2008-01-21 18:50:52

36

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

37

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:50:52

38

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

39

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow NetBIOS from ISA Server to trusted servers.

2008-01-21 18:50:52

40

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

41

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow RPC from ISA Server to trusted servers.

2008-01-21 18:50:52

42

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

43

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:50:52

44

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

45

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow NTP from ISA Server to trusted NTP servers.

2008-01-21 18:50:52

46

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

47

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow SMTP from ISA Server to trusted servers.

2008-01-21 18:50:52

48

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

49

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:50:52

50

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

51

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule lcl-dc.

2008-01-21 18:50:52

52

96d070f4 96d070f5

Firewall service

The rule lcl-dc matches the packet. The packet is allowed.

<The packet is allowed as expected.>

2008-01-21 18:50:52

53

96d070f4 96d070f5

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-01-21 18:50:52

54

96d070f4 96d070f5

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

<ISA Server checks that no access rule blocks the request.>

2008-01-21 18:50:52

55

96d070f4 96d070f5

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTP.

2008-01-21 18:50:52

56

96d070f4 96d070f5

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 18:50:52

57

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:50:52

58

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

59

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:50:52

60

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

61

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:50:52

62

96d070f4 96d070f5

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:50:52

63

96d070f4 96d070f5

Firewall service

ISA Server is evaluating the rule Default rule.

2008-01-21 18:50:52

64

96d070f4 96d070f5

Firewall service

The rule Default rule matches the packet. The packet is denied.

<No access rule blocks the request.>

2008-01-21 18:50:52

65

96d070f4 96d070f5

Web Proxy

The Web publishing rule lcl-dc will allow the Web request.

2008-01-21 18:50:52

66

96d070f4 96d070f5

Web Proxy

ISA Server is performing DNS name resolution for the host name lcl-dc.

2008-01-21 18:50:52

67

96d070f4 96d070f5

Web Proxy

ISA Server succeeded to perform DNS name resolution for the host name h_name: lcl-dc.Local-Domain.Net h_aliases: h_addr_list: 40.0.0.2.

2008-01-21 18:50:52

68

96d070f4 96d070f5

Web Proxy

ISA Server started to check the Web chaining rules.

2008-01-21 18:50:52

69

96d070f4 96d070f5

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 40.0.0.2 in the packet.

2008-01-21 18:50:52

70

96d070f4 96d070f5

Firewall service

The Web chaining rule Default rule matches the packet.

2008-01-21 18:50:52

71

96d070f4 96d070f5

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-01-21 18:50:52

72

96d070f4 96d070f5

Web Proxy

ISA Server is directing the Web request to the IP address 0.0.0.0.

2008-01-21 18:50:52

73

96d070f4 96d070f5

Firewall service

ISA Server is looking for a cache rule that matches the destination 40.0.0.2 in the Web request.

2008-01-21 18:50:52

74

96d070f4 96d070f5

Firewall service

The cache rule Default rule matches the Web request.

2008-01-21 18:50:52

75

96d070f4 96d070f5

Web Proxy

The Web request matches the cache rule Default rule.

2008-01-21 18:50:52

76

96d070f4 96d070f5

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-01-21 18:50:52

77

96d070f4 96d070f5

Web Proxy

ISA Server will connect to the Web server lcl-dc on the IP address 40.0.0.2 and port 80.

2008-01-21 18:50:52

78

96d070f4 96d070f5

Web Proxy

Target URL: /sports/

2008-01-21 18:50:52

79

96d070f4 96d070f5

Web Proxy

Target Host header: lcl-dc

<The request is sent to the Web server.>

2008-01-21 18:50:52

80

96d070f4 96d070f5

Web Proxy

Web response properties: Response status: 200 Response MIME content type: text/html Response Via header: NULL HTTP Server header: Microsoft-IIS/6.0

<The expected response is received from the Web server.>

Example 2: Running the diagnostic log when authentication fails for a Web publishing rule

When you modify the listener for the Web publishing rule in order to listen for HTTPS traffic only and require Basic authentication, the log summary provides information about why the request fails. The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-01-22 15:31:50

1

9fa4551e

Web Proxy

Web Proxy properties: Client IP address: 70.0.11.1 Client port: 3266 Local IP address: 70.0.2.1 Local port: 443 SecureNAT client: false Web proxy client: false Inbound traffic: true

2008-01-22 15:31:50

2

9fa4551e 9fa4551f

Web Proxy

HTTP method: GET

2008-01-22 15:31:50

3

9fa4551e 9fa4551f

Web Proxy

ISA Server tries to authenticate connected client

2008-01-22 15:31:50

4

9fa4551e 9fa4551f

Web Proxy

ISA Server cannot authenticate the client because the client's request does not contain Proxy-Authorization or Authorization headers.

2008-01-22 15:31:50

5

9fa4551e 9fa4551f

Web Proxy

ISA Server rejected the request with the HTTP status code 401 and will return the following error message to the Web client. \"The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. \"

<HTTP authentication works as expected and returns status code 401 to the client.>

2008-01-22 15:31:50

6

9fa4551e 9fa4551f

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-01-22 15:31:58

7

9fa4551e 9fa45520

Web Proxy

HTTP method: GET

<This is another request. Notice the time difference. We presume that the client entered their credentials.>

2008-01-22 15:31:58

8

9fa4551e 9fa45520

Web Proxy

ISA Server tries to authenticate connected client

2008-01-22 15:31:58

9

9fa4551e 9fa45520

Web Proxy

ISA Server will authenticate the client using Basic authentication.

<The Web listener is matched and requires authentication.>

2008-01-22 15:31:58

10

00000021 0000f120

Firewall service

The Firewall service is performing rule evaluation.

2008-01-22 15:31:58

11

00000021 0000f120

Firewall Engine

Packet properties: Source IP address: 40.0.2.1 Source array network: Local Host Destination IP address: 40.0.0.2 Destination array network: Internal

<Authentication of traffic between ISA Server and its domain controller.>

2008-01-22 15:31:58

12

00000021 0000f120

Firewall service

ISA Server is looking for an applicable network rule.

2008-01-22 15:31:58

13

00000021 0000f120

Firewall service

The packet was sent to or from the Local Host network. Therefore, an implicit network rule with a route relationship between the source and destination is applied.

2008-01-22 15:31:58

14

9fa4551e 9fa45520

Web Proxy

User authentication failed. The request was denied because the password for user MyUser expired. To resolve this problem, the user must request a new password in Active Directory.

<This entry provides information about the problem. Active Directory directory service requires the user to change the password, but ISA Server fails without prompting the user.>

2008-01-22 15:31:58

15

9fa4551e 9fa45520

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-01-22 15:31:58

16

9fa4551e 9fa45520

Web Proxy

ISA Server rejected the request with the HTTP status code 401 and will return the following error message to the Web client. \"The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. \"

2008-01-22 15:31:58

17

9fa4551e 9fa45520

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-01-22 15:32:02

18

9fa45521

Web Proxy

Web Proxy properties: Client IP address: 70.0.11.1 Client port: 3267 Local IP address: 70.0.2.1 Local port: 443 SecureNAT client: false Web proxy client: false Inbound traffic: true Another request. The user probably got the credentials popup again and hit enter…

2008-01-22 15:32:02

19

9fa45521 9fa45522

Web Proxy

HTTP method: GET

2008-01-22 15:32:02

20

9fa45521 9fa45522

Web Proxy

ISA Server tries to authenticate connected client

2008-01-22 15:32:02

21

9fa45521 9fa45522

Web Proxy

ISA Server will authenticate the client using Basic authentication.

2008-01-22 15:32:02

22

9fa45521 9fa45522

Web Proxy

User authentication failed. The request was denied because the password for user MyUser expired. To resolve this problem, the user must request a new password in Active Directory.

<The client attempted to authenticate again. The request failed again.>

2008-01-22 15:32:02

23

9fa45521 9fa45522

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-01-22 15:32:02

24

9fa45521 9fa45522

Web Proxy

ISA Server rejected the request with the HTTP status code 401 and will return the following error message to the Web client. \"The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. \"

2008-01-22 15:32:02

25

9fa45521 9fa45522

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-01-22 15:32:04

26

9fa45523

Web Proxy

Web Proxy properties: Client IP address: 70.0.11.1 Client port: 3268 Local IP address: 70.0.2.1 Local port: 443 SecureNAT client: false Web proxy client: false Inbound traffic: true

2008-01-22 15:32:04

27

9fa45523 9fa45524

Web Proxy

HTTP method: GET

2008-01-22 15:32:04

28

9fa45523 9fa45524

Web Proxy

ISA Server tries to authenticate connected client

2008-01-22 15:32:04

29

9fa45523 9fa45524

Web Proxy

ISA Server will authenticate the client using Basic authentication.

2008-01-22 15:32:04

30

9fa45523 9fa45524

Web Proxy

User authentication failed. The request was denied because the password for user MyUser expired. To resolve this problem, the user must request a new password in Active Directory.

<The client tried to authenticate and failed. After three times, Windows Internet Explorer displays an access denied page.>

2008-01-22 15:32:04

31

9fa45523 9fa45524

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-01-22 15:32:04

32

9fa45523 9fa45524

Web Proxy

ISA Server rejected the request with the HTTP status code 401 and will return the following error message to the Web client. \"The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. \"

2008-01-22 15:32:04

33

9fa45523 9fa45524

Web Proxy

Authentication failed. Error = 0x00002FB1

Example 3: Running the diagnostic log when configuring a Web publishing rule with the wrong path

When a Web publishing rule is configured with the wrong path, the log summary provides information about why the request fails. The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-01-21 18:39:56

1

96d070f1

Web Proxy

Web Proxy properties: Client IP address: 70.0.11.1 Client port: 3142 Local IP address: 70.0.2.1 Local port: 80 SecureNAT client: false Web proxy client: false Inbound traffic: true

<Shows the context ID for the request.>

2008-01-21 18:39:56

2

96d070f1 96d070f2

Web Proxy

HTTP method: GET

2008-01-21 18:39:56

3

96d070f1 96d070f2

Web Proxy

ISA Server started checking the policy rules for a Web request.

2008-01-21 18:39:56

4

96d070f1 96d070f2

Web Proxy

Target URL: /sports

2008-01-21 18:39:56

5

96d070f1 96d070f2

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-01-21 18:39:56

6

96d070f1 96d070f2

Web Proxy

ISA Server started checking Web publishing rules.

<Rule evaluation has begun.>

2008-01-21 18:39:56

7

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow access to directory services for authentication purposes.

2008-01-21 18:39:56

8

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

9

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow remote management from selected computers using MMC.

2008-01-21 18:39:56

10

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

11

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow remote management from selected computers using Terminal Server.

2008-01-21 18:39:56

12

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

13

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow RADIUS authentication from ISA Server to trusted RADIUS servers.

2008-01-21 18:39:56

14

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

15

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow Kerberos authentication from ISA Server to trusted servers.

2008-01-21 18:39:56

16

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

17

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow DNS from ISA Server to selected servers.

2008-01-21 18:39:56

18

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

19

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow DHCP requests from ISA Server to all networks.

2008-01-21 18:39:56

20

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

21

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow DHCP replies from DHCP servers to ISA Server.

2008-01-21 18:39:56

22

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

23

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow ICMP (PING) requests from selected computers to ISA Server.

2008-01-21 18:39:56

24

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

25

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow ICMP requests from ISA Server to selected servers.

2008-01-21 18:39:56

26

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

27

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow Microsoft CIFS from ISA Server to trusted servers.

2008-01-21 18:39:56

28

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

29

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:39:56

30

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

31

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow NetBIOS from ISA Server to trusted servers.

2008-01-21 18:39:56

32

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

33

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow RPC from ISA Server to trusted servers.

2008-01-21 18:39:56

34

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

35

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:39:56

36

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

37

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow NTP from ISA Server to trusted NTP servers.

2008-01-21 18:39:56

38

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

39

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow SMTP from ISA Server to trusted servers.

2008-01-21 18:39:56

40

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

41

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:39:56

42

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

43

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule lcl-dc.

2008-01-21 18:39:56

44

96d070f1 96d070f2

Firewall service

The rule lcl-dc matches the packet. The packet is allowed.

<The packet is allowed as expected.>

2008-01-21 18:39:56

45

96d070f1 96d070f2

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-01-21 18:39:56

46

96d070f1 96d070f2

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

2008-01-21 18:39:56

47

96d070f1 96d070f2

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTP.

2008-01-21 18:39:56

48

96d070f1 96d070f2

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 18:39:56

49

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:39:56

50

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

51

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:39:56

52

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

53

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:39:56

54

96d070f1 96d070f2

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

55

96d070f1 96d070f2

Firewall service

ISA Server is evaluating the rule Default rule.

2008-01-21 18:39:56

56

96d070f1 96d070f2

Firewall service

The rule Default rule matches the packet. The packet is denied.

2008-01-21 18:39:56

57

96d070f1 96d070f2

Web Proxy

The Web publishing rule lcl-dc will allow the Web request.

2008-01-21 18:39:56

58

96d070f1 96d070f2

Web Proxy

ISA Server is performing DNS name resolution for the host name lcl-dc.

2008-01-21 18:39:56

59

96d070f1 96d070f2

Web Proxy

ISA Server succeeded to perform DNS name resolution for the host name h_name: lcl-dc.Local-Domain.Net h_aliases: h_addr_list: 40.0.0.2.

<DNS name resolution is successful.>

2008-01-21 18:39:56

60

96d070f1 96d070f2

Web Proxy

ISA Server started to check the Web chaining rules.

2008-01-21 18:39:56

61

96d070f1 96d070f2

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 40.0.0.2 in the packet.

2008-01-21 18:39:56

62

96d070f1 96d070f2

Firewall service

The Web chaining rule Default rule matches the packet.

2008-01-21 18:39:56

63

96d070f1 96d070f2

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-01-21 18:39:56

64

96d070f1 96d070f2

Web Proxy

ISA Server is directing the Web request to the IP address 0.0.0.0.

2008-01-21 18:39:56

65

96d070f1 96d070f2

Firewall service

ISA Server is looking for a cache rule that matches the destination 40.0.0.2 in the Web request.

2008-01-21 18:39:56

66

96d070f1 96d070f2

Firewall service

The cache rule Default rule matches the Web request.

2008-01-21 18:39:56

67

96d070f1 96d070f2

Web Proxy

The Web request matches the cache rule Default rule.

2008-01-21 18:39:56

68

96d070f1 96d070f2

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-01-21 18:39:56

69

96d070f1 96d070f2

Web Proxy

ISA Server will connect to the Web server lcl-dc on the IP address 40.0.0.2 and port 80.

2008-01-21 18:39:56

70

96d070f1 96d070f2

Web Proxy

Target URL: /sports

2008-01-21 18:39:56

71

96d070f1 96d070f2

Web Proxy

Target Host header: lcl-dc

2008-01-21 18:39:56

72

96d070f1 96d070f2

Web Proxy

Web response properties: Response status: 301 Response MIME content type: text/html Response Via header: NULL HTTP Server header: Microsoft-IIS/6.0

<ISA Server redirects from /sports to /sports/, as requested by Internet Information Services (IIS).>

2008-01-21 18:39:56

73

96d070f1 96d070f3

Web Proxy

HTTP method: GET

2008-01-21 18:39:56

74

96d070f1 96d070f3

Web Proxy

ISA Server started checking the policy rules for a Web request.

2008-01-21 18:39:56

75

96d070f1 96d070f3

Web Proxy

Target URL: /sports/

<The client sends another request. This time with /sports/.>

2008-01-21 18:39:56

76

96d070f1 96d070f3

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-01-21 18:39:56

77

96d070f1 96d070f3

Web Proxy

ISA Server started checking Web publishing rules.

2008-01-21 18:39:56

78

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow access to directory services for authentication purposes.

2008-01-21 18:39:56

79

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

80

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow remote management from selected computers using MMC.

2008-01-21 18:39:56

81

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

82

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow remote management from selected computers using Terminal Server.

2008-01-21 18:39:56

83

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

84

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow RADIUS authentication from ISA Server to trusted RADIUS servers.

2008-01-21 18:39:56

85

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

86

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow Kerberos authentication from ISA Server to trusted servers.

2008-01-21 18:39:56

87

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

88

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow DNS from ISA Server to selected servers.

2008-01-21 18:39:56

89

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

90

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow DHCP requests from ISA Server to all networks.

2008-01-21 18:39:56

91

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

92

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow DHCP replies from DHCP servers to ISA Server.

2008-01-21 18:39:56

93

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

94

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow ICMP (PING) requests from selected computers to ISA Server.

2008-01-21 18:39:56

95

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

96

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow ICMP requests from ISA Server to selected servers.

2008-01-21 18:39:56

97

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

98

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow Microsoft CIFS from ISA Server to trusted servers.

2008-01-21 18:39:56

99

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

100

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:39:56

101

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

102

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow NetBIOS from ISA Server to trusted servers.

2008-01-21 18:39:56

103

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

104

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow RPC from ISA Server to trusted servers.

2008-01-21 18:39:56

105

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

106

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:39:56

107

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

108

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow NTP from ISA Server to trusted NTP servers.

2008-01-21 18:39:56

109

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

110

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow SMTP from ISA Server to trusted servers.

2008-01-21 18:39:56

111

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

112

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:39:56

113

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

114

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule lcl-dc.

2008-01-21 18:39:56

115

96d070f1 96d070f3

Firewall service

The path in the destination URL in the Web request does not match the path specified in the Web publishing rule.

<This entry provides information about why the request failed. /* was not specified at the end of the path.>

2008-01-21 18:39:56

116

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Default rule.

2008-01-21 18:39:56

117

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

118

96d070f1 96d070f3

Firewall service

No matching rule was found.

2008-01-21 18:39:56

119

96d070f1 96d070f3

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-01-21 18:39:56

120

96d070f1 96d070f3

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

2008-01-21 18:39:56

121

96d070f1 96d070f3

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTP.

2008-01-21 18:39:56

122

96d070f1 96d070f3

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-01-21 18:39:56

123

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-01-21 18:39:56

124

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

125

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-01-21 18:39:56

126

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

127

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Allow MS Firewall Control communication to selected computers.

2008-01-21 18:39:56

128

96d070f1 96d070f3

Firewall service

The access rule is ignored because ISA Server looks only for Web publishing rules for an incoming Web request.

2008-01-21 18:39:56

129

96d070f1 96d070f3

Firewall service

ISA Server is evaluating the rule Default rule.

2008-01-21 18:39:56

130

96d070f1 96d070f3

Firewall service

The rule Default rule matches the packet. The packet is denied.

2008-01-21 18:39:56

131

96d070f1 96d070f3

Firewall service

The deny access rule Default rule precedes the publishing rule in the list of policy rules. The packet is blocked.

2008-01-21 18:39:56

132

96d070f1 96d070f3

Web Proxy

The Web publishing rule Default rule will deny the Web request.

2008-01-21 18:39:56

133

96d070f1 96d070f3

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-01-21 18:39:56

134

96d070f1 96d070f3

Web Proxy

ISA Server rejected the request with the HTTP status code 403 and will return the following error message to the Web client. \"The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. \"

<This is the response returned to the client.>

A diagnostic log sample shows the traffic flow when a Web client requests access to the Web server. ISA Server requests authentication from the Web client. The request succeeds.

Lab setup

Use the following lab scenario:

Computer configuration Computer name IP address

Web client

Lcl-clt1

40.0.11.1

Web server

Anet-srv

70.0.11.1

ISA Server

Fw-a2

40.0.2.1, 70.0.2.1

The log summary provides information about traffic from External client request to the Web server intercepted by ISA Server. ISA Server requires authentication from the Web client. The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-04-22 10:16:20

1

057c5086

Web Proxy

Web Proxy properties: Client IP address: 40.0.11.1 Client port: 1489 Local IP address: 40.0.2.1 Local port: 8080 SecureNAT client: false Web proxy client: true Inbound traffic: false

<This is the initial request.>

2008-04-22 10:16:20

2

057c5086 057c5087

Web Proxy

HTTP method: GET

2008-04-22 10:16:20

3

057c5086 057c5087

Web Proxy

ISA Server tries to authenticate connected client

2008-04-22 10:16:20

4

057c5086 057c5087

Web Proxy

ISA Server cannot authenticate the client because the client's request does not contain Proxy-Authorization or Authorization headers.

<ISA Server fails to authenticate the client and sends 407 to the client. (Proxy authentication is required.)>

2008-04-22 10:16:20

5

057c5086 057c5087

Web Proxy

ISA Server rejected the request with the HTTP status code 407 and will return the following error message to the Web client. "The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. (12209)"

2008-04-22 10:16:20

6

057c5086 057c5087

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-04-22 10:16:20

7

057c5086 057c5088

Web Proxy

HTTP method: GET

<ISA Server requests client authentication by using NTLM (3-leg authentication). The following steps describe the NTLM authentication process:

  1. The client first sends a client hello to the server.
  2. The server sends a challenge (with user name and password) to the client.
  3. The client sends a response to the server.
  4. To validate client credentials, the server sends the domain controller the challenge and response received from the client.>

2008-04-22 10:16:20

8

057c5086 057c5088

Web Proxy

ISA Server tries to authenticate connected client

2008-04-22 10:16:20

9

057c5086 057c5088

Web Proxy

ISA Server will authenticate the client using NTLM authentication.

2008-04-22 10:16:20

10

057c5086 057c5088

Web Proxy

Authentication is in progress. Authentication will fail for the current request, but the client should continue to attempt to authenticate on the same connection.

2008-04-22 10:16:20

11

057c5086 057c5088

Web Proxy

ISA Server rejected the request with the HTTP status code 407 and will return the following error message to the Web client. "Access is denied. (5)"

2008-04-22 10:16:20

12

057c5086 057c5088

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-04-22 10:16:20

13

057c5086 057c5089

Web Proxy

HTTP method: GET

<Here, the client sends the response to ISA Server.>

2008-04-22 10:16:20

14

057c5086 057c5089

Web Proxy

ISA Server tries to authenticate connected client

2008-04-22 10:16:20

15

057c5086 057c5089

Web Proxy

ISA Server will authenticate the client using NTLM authentication.

2008-04-22 10:16:20

20

057c5086 057c5089

Web Proxy

Authentication succeeded.

<To validate client credentials, ISA Server sent all information required to the domain controller. This traffic also passes the policy rule engine.>

2008-04-22 10:16:20

21

057c5086 057c5089

Web Proxy

User name: LOCAL-DOMAIN\cadmin1

2008-04-22 10:16:20

22

057c5086 057c5089

Web Proxy

Authentication succeeded.

2008-04-22 10:16:20

23

057c5086 057c5089

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /.

2008-04-22 10:16:20

24

057c5086 057c5089

Web Proxy

The connected client LOCAL-DOMAIN\cadmin1 was authenticated.

2008-04-22 10:16:20

25

057c5086 057c5089

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv

<After passing the “internal listener," ISA Server is ready to perform name resolution and rule evaluation.>

2008-04-22 10:16:20

26

057c5086 057c5089

Web Proxy

ISA Server succeeded to perform DNS name resolution for the host name h_name: anet-srv h_aliases: h_addr_list: 70.0.11.1.

<Name resolution has succeeded.>

2008-04-22 10:16:20

27

057c5086 057c5089

Web Proxy

ISA Server started checking the access rules.

<Rule evaluation (note that the source is moved from the Web proxy to the Firewall service).>

2008-04-22 10:16:20

28

057c5086 057c5089

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-04-22 10:16:20

29

057c5086 057c5089

Firewall service

The Firewall service is performing rule evaluation.

2008-04-22 10:16:20

30

057c5086 057c5089

Firewall service

Protocol: HTTP

2008-04-22 10:16:20

31

057c5086 057c5089

Firewall Engine

Packet properties: Source IP address: 40.0.11.1 Source array network: Internal Destination IP address: 70.0.11.1 Destination array network: External

2008-04-22 10:16:20

32

057c5086 057c5089

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-04-22 10:16:20

33

057c5086 057c5089

Firewall service

ISA Server is evaluating the rule [System] "Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites."

2008-04-22 10:16:20

34

057c5086 057c5089

Firewall service

Source does not match the packet.

2008-04-22 10:16:20

35

057c5086 057c5089

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-04-22 10:16:20

36

057c5086 057c5089

Firewall service

Source does not match the packet.

2008-04-22 10:16:20

37

057c5086 057c5089

Firewall service

ISA Server is evaluating the rule [System] Allow MS Firewall Control communication to selected computers.

2008-04-22 10:16:20

38

057c5086 057c5089

Firewall service

The source port does not match the rule.

2008-04-22 10:16:20

39

057c5086 057c5089

Firewall service

ISA Server is evaluating the rule Allow web traffic for internal clients.

2008-04-22 10:16:20

40

057c5086 057c5089

Firewall service

The rule Allow web traffic for internal clients matches the packet. The packet is allowed.

2008-04-22 10:16:20

41

057c5086 057c5089

Firewall service

The rule Allow web traffic for internal clients allowed the packet.

<The packet is allowed.>

2008-04-22 10:16:20

42

057c5086 057c5089

Web Proxy

The access rule Allow web traffic for internal clients allows the Web request.

2008-04-22 10:16:20

43

057c5086 057c5089

Web Proxy

ISA Server started to check the Web chaining rules.

2008-04-22 10:16:20

44

057c5086 057c5089

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 70.0.11.1 in the packet.

2008-04-22 10:16:20

45

057c5086 057c5089

Firewall service

The Web chaining rule Default rule matches the packet.

2008-04-22 10:16:20

46

057c5086 057c5089

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-04-22 10:16:20

47

057c5086 057c5089

Web Proxy

ISA Server is forwarding the Web request directly to the specified destination.

2008-04-22 10:16:20

48

057c5086 057c5089

Firewall service

ISA Server is looking for a cache rule that matches the destination 70.0.11.1 in the Web request.

<ISA Server is checking the cache rules.>

2008-04-22 10:16:20

49

057c5086 057c5089

Firewall service

Rule does not match the packet.

2008-04-22 10:16:20

50

057c5086 057c5089

Firewall service

The cache rule Default rule matches the Web request.

2008-04-22 10:16:20

51

057c5086 057c5089

Web Proxy

The Web request matches the cache rule Default rule.

2008-04-22 10:16:20

52

057c5086 057c5089

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 10:16:20

53

057c5086 057c5089

Web Proxy

ISA Server will connect to the Web server anet-srv on the IP address 70.0.11.1 and port 80.

<Traffic is passed to the Web server.>

2008-04-22 10:16:20

54

057c5086 057c5089

Web Proxy

ISA Server is forwarding the request to the target host server for the path /.

2008-04-22 10:16:20

55

057c5086 057c5089

Web Proxy

Web response properties: Response status: 200 Response MIME content type: text/html Response Via header: NULL HTTP Server header: Microsoft-IIS/5.0

<A 200 OK status message is issued. The traffic is passed.>

2008-04-22 10:16:21

56

057c5086 057c508a

Web Proxy

HTTP method: GET

<Another request is made for pagerror.gif. This requires another pass through the ISA Server chain.>

2008-04-22 10:16:21

57

057c5086 057c508a

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /pagerror.gif.

2008-04-22 10:16:21

58

057c5086 057c508a

Web Proxy

The connected client LOCAL-DOMAIN\cadmin1 was authenticated.

2008-04-22 10:16:21

59

057c5086 057c508a

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

2008-04-22 10:16:21

60

057c5086 057c508a

Web Proxy

ISA Server succeeded to perform DNS name resolution for the host name h_name: anet-srv h_aliases: h_addr_list: 70.0.11.1.

2008-04-22 10:16:21

61

057c5086 057c508a

Web Proxy

ISA Server started checking the access rules.

2008-04-22 10:16:21

62

057c5086 057c508a

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-04-22 10:16:21

63

057c5086 057c508a

Firewall service

The Firewall service is performing rule evaluation.

2008-04-22 10:16:21

64

057c5086 057c508a

Firewall service

Protocol: HTTP

2008-04-22 10:16:21

65

057c5086 057c508a

Firewall Engine

Packet properties: Source IP address: 40.0.11.1 Source array network: Internal Destination IP address: 70.0.11.1 Destination array network: External

2008-04-22 10:16:21

66

057c5086 057c508a

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-04-22 10:16:21

67

057c5086 057c508a

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-04-22 10:16:21

68

057c5086 057c508a

Firewall service

Source does not match the packet.

2008-04-22 10:16:21

69

057c5086 057c508a

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-04-22 10:16:21

70

057c5086 057c508a

Firewall service

Source does not match the packet.

2008-04-22 10:16:21

71

057c5086 057c508a

Firewall service

ISA Server is evaluating the rule [System] Allow MS Firewall Control communication to selected computers.

2008-04-22 10:16:21

72

057c5086 057c508a

Firewall service

The source port does not match the rule.

2008-04-22 10:16:21

73

057c5086 057c508a

Firewall service

ISA Server is evaluating the rule Allow web traffic for internal clients.

2008-04-22 10:16:21

74

057c5086 057c508a

Firewall service

The rule Allow web traffic for internal clients matches the packet. The packet is allowed.

2008-04-22 10:16:21

75

057c5086 057c508a

Firewall service

The rule Allow web traffic for internal clients allowed the packet.

2008-04-22 10:16:21

76

057c5086 057c508a

Web Proxy

The access rule Allow web traffic for internal clients allows the Web request.

2008-04-22 10:16:21

77

057c5086 057c508a

Web Proxy

ISA Server started to check the Web chaining rules.

2008-04-22 10:16:21

78

057c5086 057c508a

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 70.0.11.1 in the packet.

2008-04-22 10:16:21

79

057c5086 057c508a

Firewall service

The Web chaining rule Default rule matches the packet.

2008-04-22 10:16:21

80

057c5086 057c508a

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-04-22 10:16:21

81

057c5086 057c508a

Web Proxy

ISA Server is forwarding the Web request directly to the specified destination.

2008-04-22 10:16:21

82

057c5086 057c508a

Firewall service

ISA Server is looking for a cache rule that matches the destination 70.0.11.1 in the Web request.

2008-04-22 10:16:21

83

057c5086 057c508a

Firewall service

Rule does not match the packet.

2008-04-22 10:16:21

84

057c5086 057c508a

Firewall service

The cache rule Default rule matches the Web request.

2008-04-22 10:16:21

85

057c5086 057c508a

Web Proxy

The Web request matches the cache rule Default rule.

2008-04-22 10:16:21

86

057c5086 057c508a

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 10:16:21

87

057c5086 057c508a

Web Proxy

ISA Server will connect to the Web server anet-srv on the IP address 70.0.11.1 and port 80.

2008-04-22 10:16:21

88

057c5086 057c508a

Web Proxy

ISA Server is forwarding the request to the target host server for the path /pagerror.gif.

2008-04-22 10:16:21

89

057c5086 057c508a

Web Proxy

Web response properties: Response status: 304 Response MIME content type: NULL Response Via header: NULL HTTP Server header: Microsoft-IIS/5.0

<A 304 status message is received. The Web site was not modified by the Web server. Traffic is passed.>

A diagnostic log sample shows the traffic flow from Web client to Web server, and the traffic is intercepted by ISA Server where both ISA Server and Web server require authenticated access. Authentication is validated by the RADIUS server. When a request is made by an authenticated user, ISA Server requests authentication from Web proxy for client request. The request succeeds.

Lab setup

Use the following lab scenario:

Computer configuration Computer name IP address

Web server

Lcl-st

40.0.202.1

Client

Anet-srv

70.0.11.1

ISA Server

Fw-a2

40.0.2.1, 70.0.2.1

The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-04-22 13:35:59

158

057c50f0

Web Proxy

Web Proxy properties: Client IP address: 70.0.11.1 Client port: 1398 Local IP address: 70.0.2.1 Local port: 443 SecureNAT client: false Web proxy client: false Inbound traffic: true

<This is the initial request.>

2008-04-22 13:36:01

159

057c50f0 057c50f1

Web Proxy

HTTP method: GET

2008-04-22 13:36:01

160

057c50f0 057c50f1

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /.

2008-04-22 13:36:01

161

057c50f0 057c50f1

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 401 (Unauthorized) or 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-04-22 13:36:01

162

057c50f0 057c50f1

Web Proxy

ISA Server started checking Web publishing rules.

2008-04-22 13:36:01

163

057c50f0 057c50f1

Firewall service

ISA Server is evaluating the rule web publishing rule with radius auth.

<During rule evaluation, the policy engine finds the Web publishing rule.>

2008-04-22 13:36:01

164

057c50f0 057c50f1

Firewall service

The rule does not match because the rule requires authentication and no user is specified in the packet.

2008-04-22 13:36:01

165

057c50f0 057c50f1

Firewall service

ISA Server denied a request because policy rule web publishing rule with radius auth requires authentication before allowing traffic.

2008-04-22 13:36:01

166

057c50f0 057c50f1

Firewall service

The rule web publishing rule with radius auth requires user authentication for evaluation.

2008-04-22 13:36:01

167

057c50f0 057c50f1

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-04-22 13:36:01

168

057c50f0 057c50f1

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

2008-04-22 13:36:01

169

057c50f0 057c50f1

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTPS.

2008-04-22 13:36:01

170

057c50f0 057c50f1

Firewall service

ISA Server will check only rules that are associated with the protocol HTTPS.

2008-04-22 13:36:01

171

057c50f0 057c50f1

Firewall service

ISA Server is evaluating the rule Default rule.

2008-04-22 13:36:01

172

057c50f0 057c50f1

Firewall service

The rule Default rule matches the packet and may deny it. However, a rule that precedes this rule in the list of policy rules and matches the packet will take precedence and may allow the packet.

<While failing to authenticate, ISA Server gives the client another chance to authenticate.>

2008-04-22 13:36:01

173

057c50f0 057c50f1

Web Proxy

The Web publishing rule web publishing rule with radius auth requires client authentication.

2008-04-22 13:36:01

174

057c50f0 057c50f1

Web Proxy

ISA Server denied the request with the following error: 0x00002FB1.

2008-04-22 13:36:01

175

057c50f0 057c50f1

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 13:36:01

176

057c50f0 057c50f1

Web Proxy

ISA Server tries to authenticate connected client

2008-04-22 13:36:01

177

057c50f0 057c50f1

Web Proxy

ISA Server cannot authenticate the client because the client's request does not contain Proxy-Authorization or Authorization headers.

2008-04-22 13:36:01

178

057c50f0 057c50f1

Web Proxy

ISA Server rejected the request with the HTTP status code 401 and will return the following error message to the Web client. "The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. (12209)"

<Here, ISA Server sends the required 401 authentication to the external Web client.>

2008-04-22 13:36:01

179

057c50f0 057c50f1

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-04-22 13:36:13

530

057c50f0 057c50f2

Web Proxy

HTTP method: GET

2008-04-22 13:36:13

531

057c50f0 057c50f2

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /.

2008-04-22 13:36:13

532

057c50f0 057c50f2

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 401 (Unauthorized) or 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-04-22 13:36:13

533

057c50f0 057c50f2

Web Proxy

ISA Server started checking Web publishing rules.

2008-04-22 13:36:13

534

057c50f0 057c50f2

Firewall service

ISA Server is evaluating the rule web publishing rule with radius auth.

2008-04-22 13:36:13

535

057c50f0 057c50f2

Firewall service

The rule does not match because the rule requires authentication and no user is specified in the packet.

2008-04-22 13:36:13

536

057c50f0 057c50f2

Firewall service

ISA Server denied a request because policy rule web publishing rule with radius auth requires authentication before allowing traffic.

2008-04-22 13:36:13

537

057c50f0 057c50f2

Firewall service

The rule web publishing rule with radius auth requires user authentication for evaluation.

2008-04-22 13:36:13

538

057c50f0 057c50f2

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-04-22 13:36:13

539

057c50f0 057c50f2

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

2008-04-22 13:36:13

540

057c50f0 057c50f2

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTPS.

2008-04-22 13:36:13

541

057c50f0 057c50f2

Firewall service

ISA Server will check only rules that are associated with the protocol HTTPS.

2008-04-22 13:36:13

542

057c50f0 057c50f2

Firewall service

ISA Server is evaluating the rule Default rule.

2008-04-22 13:36:13

543

057c50f0 057c50f2

Firewall service

The rule Default rule matches the packet and may deny it. However, a rule that precedes this rule in the list of policy rules and matches the packet will take precedence and may allow the packet.

2008-04-22 13:36:13

544

057c50f0 057c50f2

Web Proxy

The Web publishing rule web publishing rule with radius auth requires client authentication.

2008-04-22 13:36:13

545

057c50f0 057c50f2

Web Proxy

ISA Server denied the request with the following error: 0x00002FB1.

2008-04-22 13:36:13

546

057c50f0 057c50f2

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 13:36:13

547

057c50f0 057c50f2

Web Proxy

ISA Server tries to authenticate connected client

<Here, ISA Server calls the RADIUS server and checks user authentication (see records at the end of this log).>

2008-04-22 13:36:15

557

057c50f0 057c50f2

Web Proxy

RADIUS authentication failed because user local-domain\cadmin1 could not be authenticated by the RADIUS server

<Authentication fails because the password supplied is incorrect.>

2008-04-22 13:36:15

558

057c50f0 057c50f2

Web Proxy

ISA Server tries to authenticate connected client

2008-04-22 13:36:15

559

057c50f0 057c50f2

Web Proxy

Authentication failed. Error = The specified network password is not correct.

2008-04-22 13:36:15

560

057c50f0 057c50f2

Web Proxy

ISA Server rejected the request with the HTTP status code 401 and will return the following error message to the Web client. "The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. (12209)"

<ISA Server returns 401. Authentication failed.>

2008-04-22 13:36:15

561

057c50f0 057c50f2

Web Proxy

Authentication failed. Error = 0x00002FB1

2008-04-22 13:36:17

590

057c50f0 057c50f3

Web Proxy

HTTP method: GET

<Here, the client tries to access the Web server again.>

2008-04-22 13:36:17

591

057c50f0 057c50f3

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /.

2008-04-22 13:36:17

592

057c50f0 057c50f3

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 401 (Unauthorized) or 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-04-22 13:36:17

593

057c50f0 057c50f3

Web Proxy

ISA Server started checking Web publishing rules.

2008-04-22 13:36:17

594

057c50f0 057c50f3

Firewall service

ISA Server is evaluating the rule web publishing rule with radius auth.

2008-04-22 13:36:17

595

057c50f0 057c50f3

Firewall service

The rule does not match because the rule requires authentication and no user is specified in the packet.

2008-04-22 13:36:17

596

057c50f0 057c50f3

Firewall service

ISA Server denied a request because policy rule web publishing rule with radius auth requires authentication before allowing traffic.

2008-04-22 13:36:17

597

057c50f0 057c50f3

Firewall service

The rule web publishing rule with radius auth requires user authentication for evaluation.

2008-04-22 13:36:17

598

057c50f0 057c50f3

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-04-22 13:36:17

599

057c50f0 057c50f3

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

2008-04-22 13:36:17

600

057c50f0 057c50f3

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTPS.

2008-04-22 13:36:17

601

057c50f0 057c50f3

Firewall service

ISA Server will check only rules that are associated with the protocol HTTPS.

2008-04-22 13:36:17

602

057c50f0 057c50f3

Firewall service

ISA Server is evaluating the rule Default rule.

2008-04-22 13:36:17

603

057c50f0 057c50f3

Firewall service

The rule Default rule matches the packet and may deny it. However, a rule that precedes this rule in the list of policy rules and matches the packet will take precedence and may allow the packet.

2008-04-22 13:36:17

604

057c50f0 057c50f3

Web Proxy

The Web publishing rule web publishing rule with radius auth requires client authentication.

2008-04-22 13:36:17

605

057c50f0 057c50f3

Web Proxy

ISA Server denied the request with the following error: 0x00002FB1.

2008-04-22 13:36:17

606

057c50f0 057c50f3

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 13:36:17

607

057c50f0 057c50f3

Web Proxy

ISA Server tries to authenticate connected client

2008-04-22 13:36:17

608

057c50f0 057c50f3

Web Proxy

An ISA Server authentication Web filter is handling client authentication.

2008-04-22 13:36:17

609

057c50f0 057c50f3

Web Proxy

User name: local-domain\cadmin1

2008-04-22 13:36:17

610

057c50f0 057c50f3

Web Proxy

User namespace: RADIUS

2008-04-22 13:36:17

611

057c50f0 057c50f3

Web Proxy

Authentication succeeded.

2008-04-22 13:36:17

612

057c50f0 057c50f3

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /.

2008-04-22 13:36:17

613

057c50f0 057c50f3

Web Proxy

The connected client local-domain\cadmin1 was authenticated.

2008-04-22 13:36:17

614

057c50f0 057c50f3

Web Proxy

ISA Server started checking Web publishing rules.

2008-04-22 13:36:17

615

057c50f0 057c50f3

Firewall service

ISA Server is evaluating the rule web publishing rule with radius auth.

2008-04-22 13:36:17

616

057c50f0 057c50f3

Firewall service

The rule web publishing rule with radius auth matches the packet. The packet is allowed.

2008-04-22 13:36:17

617

057c50f0 057c50f3

Firewall service

The listener on the IP address 70.0.2.1 accepted the request.

2008-04-22 13:36:17

618

057c50f0 057c50f3

Firewall service

ISA Server is looking for a deny access rule that matches traffic from the source to the destination.

2008-04-22 13:36:17

619

057c50f0 057c50f3

Firewall service

ISA Server is looking for a rule that is associated with the protocol HTTPS.

2008-04-22 13:36:17

620

057c50f0 057c50f3

Firewall service

ISA Server will check only rules that are associated with the protocol HTTPS.

2008-04-22 13:36:17

621

057c50f0 057c50f3

Firewall service

ISA Server is evaluating the rule Default rule.

2008-04-22 13:36:17

622

057c50f0 057c50f3

Firewall service

The rule Default rule matches the packet and may deny it. However, a rule that precedes this rule in the list of policy rules and matches the packet will take precedence and may allow the packet.

2008-04-22 13:36:17

623

057c50f0 057c50f3

Web Proxy

The Web publishing rule web publishing rule with radius auth will allow the Web request.

2008-04-22 13:36:17

624

057c50f0 057c50f3

Web Proxy

ISA Server is performing DNS name resolution for the host name lcl-st.

2008-04-22 13:36:17

625

057c50f0 057c50f3

Web Proxy

ISA Server succeeded to perform DNS name resolution for the host name h_name: lcl-st.Local-Domain.Net h_aliases: h_addr_list: 40.0.202.1.

2008-04-22 13:36:17

626

057c50f0 057c50f3

Web Proxy

ISA Server started to check the Web chaining rules.

2008-04-22 13:36:17

627

057c50f0 057c50f3

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 40.0.202.1 in the packet.

2008-04-22 13:36:17

628

057c50f0 057c50f3

Firewall service

The Web chaining rule Default rule matches the packet.

2008-04-22 13:36:17

629

057c50f0 057c50f3

Web Proxy

The packet matches the Web chaining rule Default rule.

2008-04-22 13:36:17

630

057c50f0 057c50f3

Web Proxy

ISA Server is forwarding the Web request directly to the specified destination.

2008-04-22 13:36:17

631

057c50f0 057c50f3

Firewall service

ISA Server is looking for a cache rule that matches the destination 40.0.202.1 in the Web request.

2008-04-22 13:36:17

632

057c50f0 057c50f3

Firewall service

Rule does not match the packet.

2008-04-22 13:36:17

633

057c50f0 057c50f3

Firewall service

The cache rule Default rule matches the Web request.

2008-04-22 13:36:17

634

057c50f0 057c50f3

Web Proxy

The Web request matches the cache rule Default rule.

2008-04-22 13:36:17

635

057c50f0 057c50f3

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 13:36:17

636

057c50f0 057c50f3

Web Proxy

ISA Server will connect to the Web server lcl-st on the IP address 40.0.202.1 and port 443.

2008-04-22 13:36:17

637

057c50f0 057c50f3

Web Proxy

ISA Server is forwarding the request to the target host server for the path /.

2008-04-22 13:36:17

638

057c50f0 057c50f3

Web Proxy

Target Host header: lcl-st

2008-04-22 13:36:17

639

057c50f0 057c50f3

Web Proxy

Web response properties: Response status: 304 Response MIME content type: NULL Response Via header: NULL HTTP Server header: Microsoft-IIS/6.0

<A 304 status message is received. The Web site was not modified by the Web server.>

A diagnostic log sample shows the traffic flow from client to external Web server, and the traffic is intercepted by a downstream ISA Server and an upstream ISA Server.

Lab setup

Use the following lab scenario:

Type Computer name IP address

External Web server

Anet-srv

70.0.11.1

Internal client

lcl-clt1

40.0.11.1

ISA Server - downstream

Fw-a1

40.0.1.1, 41.0.101.1

ISA Server – upstream

Fw-a2

41.0.102.1, 70.0.2.1

The relevant entries are in bold and followed by comments between the <>.

Time

Record number

Context

Log source

Message

2008-04-22 15:45:25

45

0ca80afe

Web Proxy

Web Proxy properties: Client IP address: 40.0.11.1 Client port: 1666 Local IP address: 40.0.1.1 Local port: 8080 SecureNAT client: false Web proxy client: true Inbound traffic: false

<This is the initial request.>

2008-04-22 15:45:25

46

0ca80afe 0ca80aff

Web Proxy

HTTP method: GET

2008-04-22 15:45:25

47

0ca80afe 0ca80aff

Web Proxy

ISA Server started checking the policy rules for a Web request with the target path /.

2008-04-22 15:45:25

48

0ca80afe 0ca80aff

Web Proxy

The connected client was not authenticated. Only policy rules that apply to all users, including anonymous users, can be evaluated for this request. If rule evaluation cannot be completed without user authentication, ISA Server will return a response with HTTP error 401 (Unauthorized) or 407 (Proxy Authentication Required), allowing the client to submit the request again with user credentials.

2008-04-22 15:45:25

49

0ca80afe 0ca80aff

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

2008-04-22 15:45:25

50

0ca80afe 0ca80aff

Web Proxy

ISA Server failed to perform DNS name resolution and will attempt to continue with the available information. Error: No such host is known.

2008-04-22 15:45:25

51

0ca80afe 0ca80aff

Web Proxy

ISA Server started checking the access rules.

2008-04-22 15:45:25

52

0ca80afe 0ca80aff

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-04-22 15:45:25

53

0ca80afe 0ca80aff

Firewall service

The Firewall service is performing rule evaluation.

2008-04-22 15:45:25

54

0ca80afe 0ca80aff

Firewall service

Protocol: HTTP

2008-04-22 15:45:25

55

0ca80afe 0ca80aff

Firewall Engine

Packet properties: Source IP address: 40.0.11.1 Source array network: Internal Destination IP address: 0.0.0.0 Destination array network:

2008-04-22 15:45:25

56

0ca80afe 0ca80aff

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-04-22 15:45:25

57

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-04-22 15:45:25

58

0ca80afe 0ca80aff

Firewall service

Source does not match the packet.

2008-04-22 15:45:25

59

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-04-22 15:45:25

60

0ca80afe 0ca80aff

Firewall service

Source does not match the packet.

2008-04-22 15:45:25

61

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule [System] Allow MS Firewall Control communication to selected computers.

2008-04-22 15:45:25

62

0ca80afe 0ca80aff

Firewall service

The source port does not match the rule.

2008-04-22 15:45:25

63

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule allow http.

2008-04-22 15:45:25

64

0ca80afe 0ca80aff

Firewall service

The destination requires name resolution.

2008-04-22 15:45:25

65

0ca80afe 0ca80aff

Firewall service

The rule allow http requires name resolution for evaluation.

2008-04-22 15:45:25

66

0ca80afe 0ca80aff

Firewall service

The rule allow http requires DNS name resolution.

2008-04-22 15:45:25

67

0ca80afe 0ca80aff

Web Proxy

The access rule allow http denies the Web request.

2008-04-22 15:45:25

68

0ca80afe 0ca80aff

Web Proxy

ISA Server attempted to evaluate the policy rules without resolving the name of the requested destination. Name resolution will now commence.

2008-04-22 15:45:25

69

0ca80afe 0ca80aff

Web Proxy

ISA Server is performing DNS name resolution for the host name anet-srv.

2008-04-22 15:45:39

704

0ca80afe 0ca80aff

Web Proxy

ISA Server failed to perform DNS name resolution and will attempt to continue with the available information. Error: The requested name is valid, but no data of the requested type was found.

<The downstream ISA Server failed to resolve the name "anet-srv". After a 15-second timeout, traffic was uploaded to the upstream ISA Server. The upstream ISA Server was able to resolve the name.>

2008-04-22 15:45:39

705

0ca80afe 0ca80aff

Web Proxy

ISA Server started to check the Web chaining rules.

<Web chaining rules are checked to see where traffic can be redirected.>

2008-04-22 15:45:39

706

0ca80afe 0ca80aff

Firewall service

ISA Server is looking for a Web chaining rule that matches the destination 0.0.0.0 in the packet.

2008-04-22 15:45:39

707

0ca80afe 0ca80aff

Firewall service

The Web chaining rule fw-a2 matches the packet.

2008-04-22 15:45:39

708

0ca80afe 0ca80aff

Web Proxy

The packet matches the Web chaining rule fw-a2.

2008-04-22 15:45:39

709

0ca80afe 0ca80aff

Web Proxy

ISA Server will assume that the destination is in the External network because the destination name cannot be resolved. ISA Server will recheck the access rules.

2008-04-22 15:45:39

710

0ca80afe 0ca80aff

Web Proxy

ISA Server recognizes the client as a Web proxy client and will check all rules that apply to the HTTP protocol.

2008-04-22 15:45:39

711

0ca80afe 0ca80aff

Firewall service

The Firewall service is performing rule evaluation.

2008-04-22 15:45:39

712

0ca80afe 0ca80aff

Firewall service

Protocol: HTTP

2008-04-22 15:45:39

713

0ca80afe 0ca80aff

Firewall Engine

Packet properties: Source IP address: 40.0.11.1 Source array network: Internal Destination IP address: 0.0.0.0 Destination array network: External

2008-04-22 15:45:39

714

0ca80afe 0ca80aff

Firewall service

ISA Server will check only rules that are associated with the protocol HTTP.

2008-04-22 15:45:39

715

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS from ISA Server to specified Microsoft error reporting sites.

2008-04-22 15:45:39

716

0ca80afe 0ca80aff

Firewall service

Source does not match the packet.

2008-04-22 15:45:39

717

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule [System] Allow HTTP/HTTPS requests from ISA Server to specified sites.

2008-04-22 15:45:39

718

0ca80afe 0ca80aff

Firewall service

Source does not match the packet.

2008-04-22 15:45:39

719

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule [System] Allow MS Firewall Control communication to selected computers.

2008-04-22 15:45:39

720

0ca80afe 0ca80aff

Firewall service

The source port does not match the rule.

2008-04-22 15:45:39

721

0ca80afe 0ca80aff

Firewall service

ISA Server is evaluating the rule allow http.

2008-04-22 15:45:39

722

0ca80afe 0ca80aff

Firewall service

The rule allow http matches the packet. The packet is allowed.

2008-04-22 15:45:39

723

0ca80afe 0ca80aff

Firewall service

The rule allow http allowed the packet.

2008-04-22 15:45:39

724

0ca80afe 0ca80aff

Web Proxy

The access rule allow http allows the Web request.

2008-04-22 15:45:39

725

0ca80afe 0ca80aff

Web Proxy

ISA Server is redirecting the request to an upstream proxy server.

2008-04-22 15:45:39

726

0ca80afe 0ca80aff

Web Proxy

ISA Server will send request to the upstream proxy server fw-a2, which is not an array.

2008-04-22 15:45:39

727

0ca80afe 0ca80aff

Firewall service

ISA Server is looking for a cache rule that matches the destination 0.0.0.0 in the Web request.

2008-04-22 15:45:39

728

0ca80afe 0ca80aff

Firewall service

Rule does not match the packet.

2008-04-22 15:45:39

729

0ca80afe 0ca80aff

Firewall service

The cache rule Default rule matches the Web request.

2008-04-22 15:45:39

730

0ca80afe 0ca80aff

Web Proxy

The Web request matches the cache rule Default rule.

2008-04-22 15:45:39

731

0ca80afe 0ca80aff

Web Proxy

ISA Server completed checking the policy rules for the Web request.

2008-04-22 15:45:39

732

0ca80afe 0ca80aff

Web Proxy

ISA Server will connect to the Web server fw-a2 on the IP address 40.0.2.1 and port 8080.

2008-04-22 15:45:39

733

0ca80afe 0ca80aff

Web Proxy

ISA Server is forwarding the request to the target host server for the path http://anet-srv/.

2008-04-22 15:45:39

734

0ca80afe 0ca80aff

Web Proxy

Web response properties: Response status: 200 Response MIME content type: text/html Response Via header: 1.1 FW-A2 HTTP Server header: Microsoft-IIS/5.0

<A 200 OK status message is issued. The traffic has passed.>

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft