auto discovery not working
nico
I installed a firewall client on a fresh installed Xp workstation
try to connect to the isa with auto det, but no result (manually, no
problem)
Checked the fresh installed isa with only 1 rule configured and thats
internet for the lan users.
Configured internal network with a flag for 'publish auto disc......' in
the tab 'autodiscovery' but that didn't help either.
I also did the conifg on the dns and dhcp part
Any suggestions would b more than welcome.
TX
N.
ps im using forefront
Jens Baier
> I installed a firewall client on a fresh installed Xp workstation
> try to connect to the isa with auto det, but no result (manually, no
> problem)
have a look at the following links and compare this with your settings:
http://support.microsoft.com/kb/309814
http://support.microsoft.com/kb/838122
http://technet.microsoft.com/en-us/library/cc713344.aspx
--
Gruss Jens
www.it-training-grote.de
www.forefront-tmg.de
https://mvp.support.microsoft.com/profile/Marc.Grote
http://blog.it-training-grote.de
aviator
"Jens Baier" wrote:
The auto discovery part of ISA server was something which I never did manage
to egt working. hence my recent problem with windows update and having to use
proxycfg -p not -d.
The 3 articles above don't help in setting up auto discovery as they are
full of inconsistencies or simply wrong.
Is there a definitive "this is how to set up auto discovery" which someone
has actually used and found to work?
A
Phillip Windell
I know of no "how to" written by anyone. But without getting into the WU
thing again, I can list the specs of how I did mine for autodetection (with
screen shots).
Do them in this order....
First,...DNS
Create a CNAME called "wpad" Keep it lower case, there are some things that
may be sensitive to that,..I don't remember where, so just leave if lower
case and don't worry about it. Point the CNAME at the "A" Record of your
ISA Server.
Second,....DHCP
Go to the Server Options. Create a "252" option and call it "wpad". Give
is a string value to the wpad.dat file with a URL based on the CNAME and the
AD Domain Name. This will be on port 80 (unlike what some of those
articles might say),...so there is no reason to include the Port# in the URL
(unlike what some of those articles might say, again). So it might look
like this: http://wpad.ad-domain.loc/wpad.dat
Then in the ISA MMC go to the properties of the Internal Network Definition.
Configure it based on these screenshots:
http://support.wandtv.com/ISA/proxyautodetection1.jpg
http://support.wandtv.com/ISA/proxyautodetection2.jpg
http://support.wandtv.com/ISA/proxyautodetection3.jpg
At this point you should be able to open a browser on any machine and try to
go to the "wpad" URL (http://wpad.ad-domain.loc/wpad.dat) according to how
you spelled it in the DHCP Option. It should prompt you to save or open the
file. Tell it open and you should see the content of the wpad.dat
file,...then change the file on the end of the URL to wspad.dat
(http://wpad.ad-domain.loc/wspad.dat),...it should do the same thing with
the contents of that file. No there is no DNS or DHCP entry to cover the
wspad.dat URL,...the system is smart enough on its own to know how to handle
that.
Install the Firewall Client on the machines. The FWC will automatically
push the settings to the browser and will keep the browser configured,...if
someone changes the brower's setting the FWC will (should) force the setting
back on the next refresh cycle (I think about 30 minutes).
If the machine does not have the FWC then just enable the first checkbox in
the proxy settings for "Automatically Detect Settings. You can also enable
the second checkbox for "Use Configuration Script" and then enter the
following addresses based on the name of your proxy
(http://your-proxy:8080/array.dll?Get.Routing.Script) . Notice that this is
not the wpad URL and that it is not on 80,...it is on 8080. However I
believe the wpad URL would work there if you used it. But anyway, you may
be fine without that and just enable the first checkbox for "Automatically
Detect Settings".
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
"aviator" <avi...@discussions.microsoft.com> wrote in message
news:5E11FC77-50C6-42F6...@microsoft.com...
aviator
"Phillip Windell" wrote:
Thanks for this Philip, however.
ISA 2004 on server 2003 clients are XP pro. Did the DNS did the DCHP on a
client did a quick ipconfig and some pings to makes sure that it seemed to
know wpad etc (not that you can't ping an ISA but it will DNS resolve wpad)
IE'd wpad/wpad.dat and got a save or cancel so I saved both wpad and wspad
and then looked at them in IE and it all seemed sensible correct and
generally OK. Whoopeee....
Went to a client with ISA 2004 FWC and it still won't auto detect, manual
select returns valid as expected, and you can even type in wpad and do a test
and it even returns isaserver.domain.local .
what am I still missing?
aviator
"aviator" wrote:
>
> Thanks for this Philip, however.
>
> ISA 2004 on server 2003 clients are XP pro. Did the DNS did the DCHP on a
> client did a quick ipconfig and some pings to makes sure that it seemed to
> know wpad etc (not that you can't ping an ISA but it will DNS resolve wpad)
> IE'd wpad/wpad.dat and got a save or cancel so I saved both wpad and wspad
> and then looked at them in IE and it all seemed sensible correct and
> generally OK. Whoopeee....
>
> Went to a client with ISA 2004 FWC and it still won't auto detect, manual
> select returns valid as expected, and you can even type in wpad and do a test
> and it even returns isaserver.domain.local .
>
> what am I still missing?
plot thickens:
A machine will pass the auto discover , an apparantly identical machine will
not and has to manually select the isa server, a similar machine XP pro x64
will not either.
So to one machine detect works, for others it doesn't.
Any clues?
A
aviator
"aviator" wrote:
Plot gets even thicker:
A 4th machine which hasn't been updated in years (dedicated function, never
goes on the internet and is full of 3rd party s/w) which has ISA client 2000
NOT client for 2004 so won't manually Windows update as that produces an
error going through ISA 2004, but has proxycfg as -d, suddenly starts telling
me it has updates downloaded and can it install them please. Spooky or wot!
So an XP pro with the wrong ISA client but with proxycfg -d will auto detect.
So some will, some won't. Just what client dependencies are there?
A
Phillip Windell
This one works with Vista (I think) and it has the ability to make settings
global for the machine rather then specific to each user. Once set as you
wish,..click the big "Apply Default Settings Now" button on the Settings Tab
in the Properties Dialog.
Uninstall the old one first,...then install the new one. Do it on all
machines so that they are consistantly configured.
As far as the rest of the strange things,...
Troubleshooting Automatic Detection
http://technet.microsoft.com/en-us/library/cc302643.aspx
If they disagree anywhere in that document against what I have told you
,....all I can say is that mine,... that is done *my way* works perfectly
fine without a hitch.