I have an issue when clients are trying to connect to a HIPPA secure email server. The clients are connecting on port 443 and we use ISA to proxy the port. The issue is that the clients get a "nonstandard port error", but the log shows authentication issues with SSL-Tunnel protocol. I have included the log below. The interesting thing is that the client can connect (with a certificate warning) if I replace the url with the actual IP address of the secure email server. Here is the log. Denied Connection GRANTESD-ISA2 5/28/2008 2:15:03 PM Log type: Web Proxy (Forward) Status: 12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. Rule: Source: ( 10.2.80.68:0) Destination: ( 10.2.80.141:443) Request: CONNECT Filter information: Req ID: 0d7a2df4; Compression:None Protocol: SSL-tunnel User: anonymous Additional information Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2) Object source: Processing time: 1 Cache info: 0x0 MIME type: Failed Connection Attempt GRANTESD-ISA2 5/28/2008 2:15:03 PM Log type: Web Proxy (Forward) Status: 5 Access is denied. Rule: Source: ( 10.2.80.68:0) Destination: ( 10.2.80.141:443) Request: CONNECT Filter information: Req ID: 0d7a2df6; Compression:None Protocol: SSL-tunnel User: anonymous Additional information Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2) Object source: Processing time: 1 Cache info: 0x0 MIME type: Failed Connection Attempt GRANTESD-ISA2 5/28/2008 2:15:03 PM Log type: Web Proxy (Forward) Status: 12204 The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. Rule: Source: ( 10.2.80.68:0) Destination: ( 10.2.80.141:0) Request: https://secureemail.hr.state.or.us:443 Filter information: Req ID: 0d7a2df7; Compression:None Protocol: SSL-tunnel User: ESDDOM\waltenburgr Additional information Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2) Object source: Internet Processing time: 0 Cache info: 0x0 MIME type: Failed Connection Attempt GRANTESD-ISA2 5/28/2008 2:15:03 PM Log type: Web Proxy (Forward) Status: 12204 The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. Rule: Source: ( 10.2.80.68:0) Destination: ( 10.2.80.141:0) Request: https://secureemail.hr.state.or.us:443 Filter information: Req ID: 0d7a2df7; Req ID: 0d7a2df7; Compression:None, Compression:None Protocol: SSL-tunnel User: ESDDOM\waltenburgr Additional information Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2) Object source: Internet Processing time: 0 Cache info: 0x0 MIME type: Any help is greatly appreciated! Robert
