Here’s some info on an interesting support issue I worked the other day. If you happen to run into this one day, maybe this will help you get it resolved.
We have a website published through ISA 2006. The site is configured for both HTTP and HTTPS access from the ISA server. When a user connects to the site over HTTP, the site comes up fine.
But when he tries over HTTPS, he gets a ‘page cannot be displayed’.
Troubleshooting and Resolution:
We started with live logging on the ISA console while doing a repro of the issue. We were seeing ‘Failed Connection Attempts’ for the traffic coming from the test machine used for the repro, with the error message: Error 64 “The specified network name is no longer available”
This error is very generic and there can be multiple reasons which would translate to this error code.The most common one is when the backend server is performing a dirty TCP connection reset.
So, to check this further, we collected a network monitor trace on the internal NIC of ISA server.
We filtered down to the traffic that is of interest to us.
So this clearly indicates that the backend server is Resetting the TCP connection prematurely and this is triggering the ‘64 Error’.
Investigating further, we identified that the backend device is a 3rd party load balancer. And for some unknown reasons, the ISA server was failing at the SSL handshake stage.
So, we had the 3rd party support team collect a dump of the SSL settings on the Load Balancer and identified the following:
Then, we went back to the Network Monitor trace (the earlier screenshot) and compared this with the ciphers advertised by ISA server in the client hello. RSA_WITH_RC4_128_MD5 is not part of the Cipher list sent by the ISA server.
Due to this, the 2 peers are not able to successfully choose a common encryption scheme and the SSL handshake fails.
After identifying this, we had the 3rd party vendor enable additional Ciphers which are accepted by ISA server.
Once we did this, the published site was accessible from the internet.
The issue was resolved!!
Hope this would be helpful when you are troubleshooting website accessibility issues through ISA server…especially with 3rd party load balancers in the infrastructure.
Security Support Engineer - Microsoft Forefront Edge Team
Security Support Escalation Engineer - Microsoft Forefront Edge Team
Security Sr. Support Escalation Engineer – Microsoft Forefront Edge Team
Job well done mate. Nicely written.
I just published the ADFS 3.0 Server and got this error when test rule and externally
Technical Information (for support personnel)
•Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
Thanks a lot !! .
I have the same issue but with TMG 2010 and NLB as the load balancer. I can't get it solved.
Again: Thanks for sharing the tip !
thanks for the tip.
Great post from your hands again. I loved the complete article.
By the way nice writing style you have. I never felt like boring while reading this article.
I will come back & read all your posts soon. Regards, Lucy.
Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
For more info on showbox please refer below sites:
Latest version of Showbox App download for all android smart phones and tablets.
http://movieboxappdownloads.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
For showbox on iOS (iPhone/iPad), please read below articles:
Showbox for PC articles:
There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
it doesn't charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android.
The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on 'Obscure sources'.