Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Help needed with ISA 2006

  • 28-09-2007 9:55am
    #1
    Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭


    I have isa 2006 standard edition set up on a server titled isa2k301 (yes, my imagination ran wild that day :) ). It works fine (configured in edge firewall mode) when a client connects to it by manually placing the proxy address and port in the connection settings of the browser.

    However, I want clients to automatically go through this proxy. I thought of using group policy but users need to be able to access the internet offsite as well so I opted for the DHCP route.

    added option wpad to dhcp preferences on the dhcp server
    value 252
    string : http\\isa2k301:80\wpad.dat

    and I have added the wpad option to the dhcp options list (along with router, dns, wins etc).

    however, nothing is picking up the isa server automagically. even if i set the browser to auto detect , ipconfig /release , ipconfig /renew it still wont do it. I have shortened the lease on teh DHCP server in teh hope that it will renew the clients faster but they still wont renew until about half way through their current 8 day lease cycle.

    have I missed anything ? if I type http:\\isa2k301:80\wpad.dat into a browser it gives the option to open or save the wpad.dat file (isa has been set to provide web proxy for all internal networks).

    setup:
    Isa 2006 standard on win2k3 server in edge firewall mode
    2k3 DHCP server (PDC) - lease was 8 days, set it to 8 hours temporarily.
    win xp clients with 4 vista machines in the mix for fun

    its not that the clients have itnernet blocked if they dont pick up the isa, its that they can still get to sites specifically blocked in the firewall rules (*.paddypower.com and *.myspace.com for example)

    anyone else get this working ?


Comments

  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    It works fine when wpad.dat is on a standalone (not ISA) IIS install.

    ISA usually publishes this autoconfig stuff on port 8080. I've read of people having issues when IIS on the same machine, at port 80, is publishing the wpad instead of ISA.

    And changing the DHCP leasetime wasn't required, just an IE restart, worked ok on Vista (though Firefox had issues with a simple wpad file that worked fine on IE).


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    changed the port to 8080 and changed the DHCP option to the same port

    autodetect still doesnt pick up the isa server :( (ISA server is standalone so its not an IIS issue).

    MS troubleshooting doc http://www.microsoft.com/technet/isa/2004/ts_wpad.mspx doesnt shed any light on the matter and the wpad.dat and wspad.dat files both download fine from http://isa2k301:8080/wpad.dat .


  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    According to the 2006 ISA page on the topic,
    http://www.microsoft.com/technet/isa/2006/auto_discovery.mspx

    the DHCP entry should be a fully qualified domain name, as opposed to the local host name.

    Other than setting the MIME type for .dat to application/x-ns-proxy-autoconfig on the IIS server, nothing else was required in my simpler case.

    And one of the problems in the MS link you provided
    "Clients Cannot Connect with Internet Explorer Using a WPAD Entry in a Non-Microsoft DHCP Server" also can occur in internet explorer 6.01 and earlier, requiring the extra space char at the end of the DHCP entry.

    Other than that...dunno


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    thanks for the help.

    still not working 100% but it is up and running. In the end, I have decided to use an automatic config script. not the best solution for my needs but it will tide things over until I get the dhcp working properly.

    I was using a FQDN by the way, I was just too lazy to do the typing required :) (tried the IP address as well).

    so, crisis averted but I would still love to know why it wont work the way its supposed to..... :(


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,567 Mod ✭✭✭✭Capt'n Midnight


    you can also use dns to publish the wpad name
    don't forget it's all case sensitive - the strings must match the wpad.dat file name ( why the fup didn't they just use proxy.pac ??? )

    I can't remember if you need a space after the string in dhcp 252 as well ( go figure )

    also you need to change some proxy caching time outs in IE that remember the previous proxy for up to 30 minutes


  • Advertisement
Advertisement