Unexpected client authentication popup when using IE and Web Proxy

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: e_zverev (ezverev_at_discussions.microsoft.com)
Date: 01/11/05 

Date: Tue, 11 Jan 2005 02:17:01 -0800

Hi

I have ISA Server 2004 in integrated mode, two interfaces. One for local
network (native 2003 domain) and the other for Internet.

Firewall is configured with an access rule that allows all outbound traffic
from entire Internal Network to External Network for "All Users".
In the "Internal Network" definition it is configured that Web Proxy is
enabled for this (Internal) network. Authentication method is set to the only
one "Integrated Authentication" and the "Require all users to authenticate"
checkbox is set.

Clients are MS Windows XP SP2 based Internet Explorer 6.0 SP2 with
configuration to use the web proxy. Firewall clients are NOT installed, so my
clients are SecureNAT clients.

When a client enters an URL in IE that matches an external address, it is
asked for authentication nevertheless the user is already an authenticated
domain user, the same domain as for the ISA server. I remind that firewall is
configured to allow access to "All Users".

I tried to remove the "Require all users to authenticate" checkbox in web
proxy authentication configuration. This heals the case but I see all web
proxy users as anonymous in my logs and that is not suitable.
Installing Firewall Clients also helps. So the question is: Can I enable my
user's automatic integrated authentication without installing firewall
clients on every computer?

Thanks in advance.

Relevant Pages

  • Re: SBS R2 ISA2004 Dark Arts
    ... ISA in SBS as intended or you'll get into trouble. ... I have to get the back firewall configuration to work with the ... network in the rules/policies. ...
    (microsoft.public.windows.server.sbs)
  • Re: wireless and router; security issue
    ... issues like yours (and allow configuration with AD group policy). ... and the filesharing service of my network connection. ... The firewall I have is McAfee firewall 7.x, ...
    (microsoft.public.security)
  • Re: SBS R2 ISA2004 Dark Arts
    ... Right now the front firewall is not an ISA ... NIC-2 faces the internal "Live" network. ... I have to get the back firewall configuration to work with the ...
    (microsoft.public.windows.server.sbs)
  • Re: Why do I need a software firewall?
    ... I agree that spending time with host based configuration on every ... software firewall crashes, is diabled by nefarious software run on the ... first things the support technician has them do is disable any ... vulnerable to network based attacks. ...
    (comp.security.misc)
  • Re: Unique ssh/sftp requirement
    ... - if the authentication is successfull, the firewal allows ssh from this host to the external network. ... Preferably at the server end, ... separated by a firewall. ...
    (SSH)