In ISA 2006 SP1 and TMG RTM it’s possible to configure ISA/TMG to distribute your own custom WPAD configuration file. This can be quite handy if you already did write your own WPAD configuration file, which had been distributed on a separate server, or if you want to use the ISA/TMG provided WPAD configuration file as baseline for some changes, e.g. configure your clients to connect to the NLB IP instead of using the Client CARP mechanism, which is used by ISA/TMG by design.
To configure ISA/TMG to use your custom WPAD configuration file, you need to follow these steps:
1. Please download the compressed file from http://www.isatools.org/tools/KB953293.zip (Thanks Jim!) 2. Copy & Unzip die File on your ISA/TMG Server. 3. Copy the WPAD configuration file you want to distribute with your ISA/TMG server to the ISA/TMG local hard drive. 4. Before you proceed importing the WPAD configuration file in your ISA/TMG configuration, you have to make sure, that there are no non-ASCII Characters in your WPAD configuration file, as the import process won’t import the complete file if there are any non-ASCII characters included.
1. Please download the compressed file from http://www.isatools.org/tools/KB953293.zip (Thanks Jim!)
2. Copy & Unzip die File on your ISA/TMG Server.
3. Copy the WPAD configuration file you want to distribute with your ISA/TMG server to the ISA/TMG local hard drive.
4. Before you proceed importing the WPAD configuration file in your ISA/TMG configuration, you have to make sure, that there are no non-ASCII Characters in your WPAD configuration file, as the import process won’t import the complete file if there are any non-ASCII characters included.
Note: if you use a WPAD configuration file which had been distributed by ISA 2006, the file will most likely include non-ASCII Characters at the end of the file. To remove those characters you have to delete this part: function HashString(str, h){ for(var i=0; i<str.length; i++){ var c = str.charAt(i); if(c ==':' || c == '/') break; c = CharToAscii(c.toLowerCase()); h = (h >>> 4) ^ h_tbl[(h ^ c) & 15]; h = (h >>> 4) ^ h_tbl[(h ^ (c>>>4)) & 15]; h = MakeInt(h); } return h; } and replace this part with those lines: function HashString(str, h){ var hashstr=str.toLowerCase(); for(var i=0; i< hashstr.length; i++){ var c = hashstr.charAt(i); if(c ==':' || c == '/') break; c = hashstr.charCodeAt(i); h = (h >>> 4) ^ h_tbl[(h ^ c) & 15]; h = (h >>> 4) ^ h_tbl[(h ^ (c>>>4)) & 15]; h = MakeInt(h); } return h; } afterwards you have to delete this line: var Chars =" !\"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~€???????????Ž????????????ž? ¡¢£¤¥¦§¨©ª«¬¬®¯°±²³´µ¶•¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþ "; function CharToAscii(c){ return Chars.indexOf(c) + 32; } 5. After you prepared your WPAD configuration file, use the script attached to import the file to the ISA/TMG configuration, e.g. by executing this command: to operate on the current array, use '.' as the array name or omit this option: cscript kb953293.wsf /array:. /net:internal /script:<FullPathToScript> For a full list of options please refer to the readme.txt provided in the ZIP file.
Note: if you use a WPAD configuration file which had been distributed by ISA 2006, the file will most likely include non-ASCII Characters at the end of the file. To remove those characters you have to delete this part:
function HashString(str, h){ for(var i=0; i<str.length; i++){ var c = str.charAt(i); if(c ==':' || c == '/') break; c = CharToAscii(c.toLowerCase()); h = (h >>> 4) ^ h_tbl[(h ^ c) & 15]; h = (h >>> 4) ^ h_tbl[(h ^ (c>>>4)) & 15]; h = MakeInt(h); } return h; }
and replace this part with those lines:
function HashString(str, h){ var hashstr=str.toLowerCase(); for(var i=0; i< hashstr.length; i++){ var c = hashstr.charAt(i); if(c ==':' || c == '/') break; c = hashstr.charCodeAt(i); h = (h >>> 4) ^ h_tbl[(h ^ c) & 15]; h = (h >>> 4) ^ h_tbl[(h ^ (c>>>4)) & 15]; h = MakeInt(h); } return h; }
afterwards you have to delete this line:
var Chars =" !\"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~€???????????Ž????????????ž? ¡¢£¤¥¦§¨©ª«¬¬®¯°±²³´µ¶•¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþ "; function CharToAscii(c){ return Chars.indexOf(c) + 32; }
5. After you prepared your WPAD configuration file, use the script attached to import the file to the ISA/TMG configuration, e.g. by executing this command: to operate on the current array, use '.' as the array name or omit this option:
cscript kb953293.wsf /array:. /net:internal /script:<FullPathToScript>
For a full list of options please refer to the readme.txt provided in the ZIP file.
Remark: Please be aware, that any changes you configure in the ISA/TMG UI will not be applied to the WPAD configuration file after you submit the custom WPAD configuration file to your configuration. If you want to apply changes to your WPAD configuration file once you’ve imported it to your configuration, you have to manually edit the WPAD file and reimport it using the script again.
If you want to stop using your custom WPAD configuration file and go back using the ISA/TMG script you have to execute the following command:
cscript kb953293.wsf /array:arrayname /net:internal /del
Hope that helps!
Author
Philipp Sand Microsoft CSS Forefront Security Edge Team
Technical Reviewer
Frank Heilmann Microsoft CSS Forefront Security Edge Team
www.isatools.org/.../KB953293.zip does not work :-(
we heard from some people, that the downloadlink doesn't work. We're currently working on a solution for this. In the meantime please use jim.isatools.org/.../KB953293.zip
Thanks
I'm just reading up on this stuff - but saw somebody mention that WPAD is outdated and should be avoided. Now a recent post (this one) caters to people having a WPAD config.
In a plain vanilla environment I now think one should go with CARP.
Also - for SharePoint document download it is often suggested to switch off automatic detection in the LAN settings, so that WPAD is taken out of the equation and files load faster. Is there truth to this or could proper WPAD configuration outperformce CARP... or is it more about finegrained control?
Maybe another blogposting?!? ;-)