Re: IE Authentication dialog showed in ISA2000 but will not in ISA2004
- From: "Tristan Kington [MSFT]" <tristank@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 31 May 2005 18:06:33 +1000
Sounds like the following situation:
ISA 2004 does 502s rather than 407s if you're already authenticated
http://blogs.technet.com/tristank/archive/2004/11/01/250312.aspx
As a note, you may need to fiddle with rule ordering after toggling this
setting.
HTH
--
http://blogs.technet.com/tristank/
--
This post is provided "AS-IS", and confers no warranty.
"Jon" <Jon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:64377676-ED9A-4C86-9936-CDFBD6BA1049@xxxxxxxxxxxxxxxx
> We are upgrading from ISA 2000 to ISA 2004. At Fire Stations, PCs are
> configured with a generic login. The generic login does not have
> permissions
> to access the internet. On ISA 2000 this is controlled by a protocol rule
> that 'Applies To' an Active directory security group. Further - under ISA
> server properties/Outgoing Web Requests the 'Ask unauthenticated users for
> identification' check box is checked. The web proxy ISA client is used.
>
> When a user at a Fire Station starts IE an authentication dialog box
> appears
> and they are able to enter their own login account details (that is in the
> approved group) and then they can access the internet and web sites they
> visit are tracked to their account.
>
> Now with ISA 2004 this process is not working.
>
> We have setup an access rule that is conditional on the user being in the
> same group as above (by creating a new 'user set' and adding it to the
> 'Users' page of the access rule). We are still using the web proxy ISA
> client.
>
> However, access to the internet is blocked and no dialog appears.
> Further,
> if we login to the PC using an account in the approved group, access to
> the
> internet is still blocked. The only way we can get access using the web
> proxy client is to add the 'All Users' user set to the Users page. This
> is
> behavior that we would expect with the Secure NAT client but should not
> occur
> with the web proxy client.
>
> We have experimented with the firewall client. The firewall client
> authenticates correctly (if we login using an account in the approved
> group
> then we can browse the internet). However, still there is no IE
> authentication dialog if we login using the generic unapproved account.
> We
> are simply blocked in that case.
>
> We have tried various authentication methods offered by the Web Proxy page
> on the Internal Network properties form. We tried the different options
> both
> for the web proxy client and the firewall client. None of the
> combinations
> produced an IE authentication form.
>
> How can we get the authentication functionality that we have in ISA 2000
> to
> work in ISA 2004?
>
> Thanks
> Jon
.
- References:
- Prev by Date: IE Authentication dialog showed in ISA2000 but will not in ISA2004
- Next by Date: Re: problem with isa server 2000
- Previous by thread: IE Authentication dialog showed in ISA2000 but will not in ISA2004
- Index(es):
Relevant Pages
|
