Comments on: Solving the "Directly access these servers or domains" issue in ISA Server 2004 SP2 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/ Stefaan Pouseele, an ISA Server MVP, discusses issues brought up within various ISA articles and Microsoft publications. Updates to the ISA Firewall, protocol support, discussions on the different ISA clients, ISA features, how to clean up network traffic and links to new ISA server literature are all be included within the blog. Get help on troubleshooting the ISA network firewall and learn how to create good security policies. Coverage on ISA Server 2006 also appears. Wed, 7 Jan 2009 09:05:24 +0000 http://wordpress.org/?v=MU by: Stefaan Pouseele http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-23745 Sat, 24 May 2008 12:34:30 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-23745 Hi Gary, I haven't redone the tests on ISA 2004 SP3 but I assume that the SP2 behavior still applies. In fact, did you already compare the SP2 version of the wpad.dat file or the routing script with the SP3 version? That should give you the answer. HTH, Stefaan Hi Gary,

I haven’t redone the tests on ISA 2004 SP3 but I assume that the SP2 behavior still applies. In fact, did you already compare the SP2 version of the wpad.dat file or the routing script with the SP3 version? That should give you the answer.

HTH,
Stefaan

]]> by: Gary Moon http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-23691 Fri, 23 May 2008 17:29:09 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-23691 Hi, Stefaan - I was wondering if this is still true after ISA 2004 SP3? I'm having a devil of a time getting ISA to recognize domain names on the "directly access" list, and I previously changed it to all IP addresses based on a post from Tom Schinder a while back. Should I remove the IP's and go back to URL's? Thanks Gary Hi, Stefaan -
I was wondering if this is still true after ISA 2004 SP3? I’m having a devil of a time getting ISA to recognize domain names on the “directly access” list, and I previously changed it to all IP addresses based on a post from Tom Schinder a while back. Should I remove the IP’s and go back to URL’s?
Thanks
Gary

]]> by: Stefaan Pouseele http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-171 Wed, 09 Aug 2006 09:51:47 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-171 Hi Will, I never investigated the use of "plainhostnames", at least assuming you mean with "plainhostnames" the unqualified name or a single-label name. As far as I can tell nothing has changed between ISA SP2 and the fix KB920716 for "plainhostnames". So, if it was already a problem with ISA SP2 it will still be a problem. However, I can't confirm if ISA SP2 broke the "plainhostnames" feature because I have no pre-SP2 wpad.dat example file. I suggest you contact Microsoft PSS if this issue is important in your environment and if it worked before ISA SP2. HTH, Stefaan Hi Will,

I never investigated the use of “plainhostnames”, at least assuming you mean with “plainhostnames” the unqualified name or a single-label name.

As far as I can tell nothing has changed between ISA SP2 and the fix KB920716 for “plainhostnames”. So, if it was already a problem with ISA SP2 it will still be a problem. However, I can’t confirm if ISA SP2 broke the “plainhostnames” feature because I have no pre-SP2 wpad.dat example file.

I suggest you contact Microsoft PSS if this issue is important in your environment and if it worked before ISA SP2.

HTH,
Stefaan

]]> by: Will http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-168 Mon, 31 Jul 2006 05:51:32 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-168 Hi Stefaan. You have explained this really well however I still have issues with "plainhostnames". I have applied the fix (KB920716) so I can add both names (URLs) and IPs in my "direct" list however now plainhostnames are no longer sent direct by default. If I only have names in the list then plainhostnames are sent direct by default - as soon as the 1st IP is added this feature is broken. This is probably a minor issue for most people however in our environment its a bit of a pain as I don't want to have to list all the plainhostname webservers we have internally (usually accessed directly for testing). I also don't want to bypass my entire 10.0.0.0/8 subnet. Anyway thanks for this blog! Hi Stefaan.
You have explained this really well however I still have issues with “plainhostnames”. I have applied the fix (KB920716) so I can add both names (URLs) and IPs in my “direct” list however now plainhostnames are no longer sent direct by default. If I only have names in the list then plainhostnames are sent direct by default - as soon as the 1st IP is added this feature is broken. This is probably a minor issue for most people however in our environment its a bit of a pain as I don’t want to have to list all the plainhostname webservers we have internally (usually accessed directly for testing). I also don’t want to bypass my entire 10.0.0.0/8 subnet. Anyway thanks for this blog!

]]> by: Stefaan Pouseele http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-158 Tue, 25 Jul 2006 19:34:56 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-158 Hi Scott, thanks! ;-) Stefaan Hi Scott,

thanks! ;-)

Stefaan

]]> by: Scott http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-157 Tue, 25 Jul 2006 12:00:48 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-157 WOOT! That was it! This is the only place I have seen it spelled out like that. I have an open case with MS and they have not been able to figure it out. Thanks!!!! Scott WOOT!
That was it! This is the only place I have seen it spelled out like that. I have an open case with MS and they have not been able to figure it out. Thanks!!!!

Scott

]]> by: Stefaan Pouseele http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-152 Sat, 22 Jul 2006 09:18:42 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-152 Hi Scott, remember that you have to specify the destinations as URL! So try one of the following: - http://host.domain.tld/* -> only http requests to only this host - */host.domain.tld/* -> anything to only this host - *host.domain.tld/* -> anything to all destinations containing this host HTH, Stefaan Hi Scott,

remember that you have to specify the destinations as URL! So try one of the following:
- http://host.domain.tld/* -> only http requests to only this host
- */host.domain.tld/* -> anything to only this host
- *host.domain.tld/* -> anything to all destinations containing this host

HTH,
Stefaan

]]> by: Scott http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-149 Sat, 22 Jul 2006 00:05:57 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-149 This fix still does not work for servername.domain.com/*. I have some servers that are inside the firewall and some that are outside the firewall with the same domain name, so I want to exclude certian names. This fix only allows me to use *.domain.com/*. Do you see the same in your tests? This fix still does not work for servername.domain.com/*.
I have some servers that are inside the firewall and some that are outside the firewall with the same domain name, so I want to exclude certian names. This fix only allows me to use *.domain.com/*. Do you see the same in your tests?

]]> by: Tom Shinder http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-148 Fri, 21 Jul 2006 18:31:34 +0000 http://blogs.isaserver.org/pouseele/2006/07/21/solving-the-directly-access-these-servers-or-domains-issue-in-isa-server-2004-sp2/#comment-148 Hi Stefaan, Excellent post!!! Thanks! Tom Hi Stefaan,

Excellent post!!!
Thanks!
Tom

]]>