Web Proxy clients do not directly access a Web site that you enter in the "Directly access these servers or domains" list in ISA Server 2004 SP2 (920715)

SYMPTOMS

After you enter domain names in the Directly access these servers or domains list of the ISA Server Management tool on a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2), you experience the following symptoms:

If the domain name is specified and if the list does not contain any IP address range, Web Proxy clients directly access the destination Web site.
If the domain name is specified and if the list contains an IP address range that does not include the IP address of the specified domain, Web Proxy client requests are proxied to the destination Web site.

You expect Web Proxy clients to directly access the domains that you specify in this list.

You experience this problem if the following conditions are true:

The Web Proxy client that accesses theURL is configured to use Windows Proxy Automatic Discovery (WPAD). By default, this script is obtained by using an http://wpad.domain.tld/wpad.dat request. For more information about the WPAD mechanism, see ISA Server Help.
The Web Proxy client that accesses the URL is configured to use an automatic configuration script. By default, this script is named /array.dll?Get.Routing.Script.
The Directly access these servers or domains list contains an IP address range.

CAUSE

This problem occurs because of a problem in the ISA Server 2004 SP2 routing script functionality.

The following behavior occurs:

If you add a domain to the Directly access these servers or domains list in ISA Server 2004 Service Pack 1 (SP1), the routing script returns a DIRECT result when you visit this URL. This behavior occurs regardless of whether an IP address range is listed in the Directly access these servers or domains list.
If you add a domain to the Directly access these servers or domains list in ISA Server 2004 SP2, and if the following conditions are true, the routing script returns a PROXY result when you visit this URL:
- An IP address range is listed in the Directly access these servers or domains list.
- The IP address of the domain that you added is not in this IP address range.
If you add a domain together with the IP address range of the domain to the Directly access these servers or domains list in ISA Server 2004 SP2, the routing script returns a DIRECT result when you visit this URL.

RESOLUTION

To resolve this problem, install the hotfix package that is mentioned in the following Microsoft Knowledge Base article:

920716 Description of the ISA Server 2004 hotfix package: June 6, 2006

After you install this hotfix, add the domains for which you want to specify direct access to the Directly access these servers or domains list. To do this, follow these steps:

Start the ISA Server Management tool.
Locate and then expand the Configuration node, and then click Networks.
Click the Networks tab, right-click the network that you want to modify, and then click Properties. For example, right-click Internal, and then click Properties.
Click the Web Browser tab, and then click Add to add the URL to the Directly access these servers or domains list.

Important You must specify the directly-accessed domain by using a specific syntax. When you add a URL to the Directly access these servers or domains list, you must append a forward slash character together with an asterisk (/*) to the URL. For example, to enable Web Proxy clients to directly access www.example.com, add the following URL to the Directly access these servers or domains list:

*.example.com/*

WORKAROUND

To work around this problem, perform one of the following actions:

If you know the IP address of the destination domain, add the IP address range to the Directly access these servers or domains list.
Remove all the IP address ranges from the Directly access these servers or domains list.

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base: