This article describes an issue where the back end resource defined as an Authorization Only Access sign-in policy is not reachable when attempting to browse to the resource using the virtual host name.
Problem or Goal
A virtual host name has been defined in an Authorization Access Only Sign-In Policy as access.abc.com which maps to the actual host name on the back end as internal.abc.com.
The option to Allow ActiveSync Traffic Only protocol option is disabled.
Open a Web browser and browse to access.abc.com (which should redirect the request to internal.abc.com).
The page does not load.
Internet Explorer displays the following error:
The website cannot display the page
Under More information in the IE browser, the following error information is displayed:
This error (HTTP 500 Internal Server Error) means that the website you are visiting had a server problem which prevented the webpage from displaying.
In Mozilla Firefox, users will see the letter S with no error.
User access log:
info - [126.96.36.199] - testuser()[test] - 2011/11/09 18:03:00 - sa2 - Access blocked after DNS lookup. Check Web ACL settings - Host: internal.abc.com, Request: /
The PCS device is unable to resolve the host name internal.abc.com.
There is no Web Access policy configured to internal.abc.com.
To resolve this issue:
In the PCS appliance go to Network > Hosts and add an entry to map internal.domain.com to its internal IP address.
Go to Resource Policies > Web > Web ACL and create a policy to Allowaccess to internal.domain.com and apply it to the desired role(s).