A client contacted me recently because their copy of ISA Server was failing to publish two new websites they had in their data center behind the ISA Server firewall.
I called in to have a look and at first glance everything seemed to have been configured correctly. However, when I checked the public IP addresses of the sites I discovered that they had been transposed when they were entered in the Web Listeners in ISA Server 2004.
Once this was corrected, one of the sites came up immediately but the 2nd site still stubbornly refused to appear. A more detailed look at this site showed that the web address of the site had been entered in the Web Listener as http://www.domain,com instead of http://www.domain.com!
Now this was a simple mis-key and quickly and easily resolved but it occurs to me that this error should never have been allowed to happen. It is a trivial matter to validate entries in forms – surely, this field is always going to expect web addresses and they have a very definite format which is easy to test for. In the worst case, a quick “This entry has a comma in it, are you sure this is correct?” warning would have caught this before it ever presented problems.
3 thoughts on “ISA Server 2004 causing 403 error on new website”
If possible, can you specify the details of the IP transposition (did it create an invalid IP?).
You’re absolutely right – the domain validation should have been caught before it became configuration data. What I’m wondering is if the IP was another bogus data point as well.
The transposition didn’t create invalid IP’s. It was in the form:
domain A – x.x.x.13
domain B – x.x.x.14
domain A – x.x.x.14
domain B – x.x.x.13
So no, the IP’s were only invalid in that they didn’t agree with the dns info for the domains.
Comments are closed.