I currently support a SBS 2003 R2 Network with the following configuration
Two ISP Modem's with Static IP's (Cable and DSL)
Dual WAN Router + 4 LAN Ports 172.16.0.1(2 LAN ports have Wireless Access Point to enable Internet Only or VPN Access)
SBS 2003 R2 Server SP2 /ISA 2004 Firewall/w SP3 with 2 NIC's (LAN= 10.64.252.22 / WAN= 172.16.0.14)
30 Windows XP Clients(10.64.252.x Network)

SBS Server runs the following services
MS Exchange
RWW
VPN
Sharepoint (Local Access Only)

WSUS

Everything seems to work fine except all the clients seems to be experiencing problems when accessing external ssl websites.
Issues include "Page Not Found" after logging into an external secure website or simply timeout. In almost all cases, a continous refreshing of the page will result in the page being properly displayed. 

I have scoured the Internet for possible solutions, and most of the solutions seem to be focused more on securely publishing websites and OWA via ISA 2004.

 

By the way no problems when a client connects to the router bypassing the SBS/ISA Server

 

Any help with this issue will be greatly appreciated.

Hi Jide,

 

Do the workstations have the ISA Firewall client installed and is it NOT set to autodiscover?

Marina,

 

Please find the ipconfig attached.

As far as the Auto Discovery setting, I have the server set to publish Auto discovery information on port 80

But for some reason when I set the firewall clients to auto detect the ISA server, that does not work. But it does work when manually pointed to the ISA Firewall by name.

 

Another note, Not all the WinXP Clients have ISA Client installed on them(Some simply use the web proxy settings), but they are all experiencing the same issue.

 

Thanks

Hi Jide,

 

The ISA Firewall client should be installed on all clients, and you can achieve that by adding the ISA Firewall Client in the Assigned Client applications as described in the PremiumInstallSteps.htm on the PT cd. Which DNS forwarders have you setup in DNS server on the SBS? Have you checked the life logging of ISA?

Thanks Marina.

I actually have the ISA Clients configured as part of the assignable applications, however I only deployed it to a subset of the clients in an effort to isolate the source of the problem.

As for the DNS forwarders, I have my ISP's DNS set as my forwarders (This was done via the Internet Connection Wizard)

 

I have checked the logs, and their always seems to be a lot of authorization failures. I even created a allow everything to all users rule, and the issues with the external ssl website persist.

 

Thanks

Hi Jide,

 

Which ISP's DNS forwarders have you set, as you are having 2 different internet connections? What kind of authorization failures do you see? Can you also check the logging on the router please? Sometimes you will need to add a protocol rule in the router to make sure that all traffic for port 443 is being routed through the same internet connection.

Is the external SSL site you're trying to access using a non-standard port?  If so, you'll need to extend the ISA Firewalls Tunnel Port Range.  See www.isaserver.org/articles/2004tunnelportrange.html.

Marina,

 

I WAS using both dns settings from the two providers as forwarders, however I changed it (via the ICEW) to that of the primary ISP only.

I also configured the Dal WAN router for only the primary ISP as part of my troubleshooting to no avail.

 

As for the protocol rule for port 443, in ISA, I created a rule allowing https from internal to external and localhost, for all users. This is an addittion to the default "SBS Local Access Rule" which allows https from local host to external for all users.

 

As for the router, port 443 is open inbound to the ISA server, and all outgoing ports are also open.

 

Further more, I am not experincing the problem when plugged directly into the router.

 

Thanks for your help.

No, the websites in question are all using the default port 443 for ssl transactions.

Hi Jide,

 

There should be no reason at all why you had to manually add a rule in ISA for that 443. Please delete it.

OK. I'll remove it after close of business today.

Just a note though, the rule was added after experiencing the issues. So I'm sure that is not the source of the problem.

 

Thanks

Jide, can you tell me what kind of business you are in?  I had a similar problem and I am curious if it is industry specific.  What type of business are your users conducting?

Michael,

 

This client is a Real Estate / Mortgage Firm.

 

Thanks