RE: 407 Proxy authentication error - for ONE user only!

From: Ross (Ross_at_discussions.microsoft.com)
Date: 01/30/05

• Next message: Sigalit Bar [MSFT]: "Re: ISA 2004 error"
• Previous message: Ross: "Re: Fighting Spyware by Blocking Access to Site?"
• Maybe in reply to: Sergio Fonseca [MVP]: "Re: 407 Proxy authentication error - for ONE user only!"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sun, 30 Jan 2005 02:03:02 -0800

Saw exactly the same thing myself for one of our users and had to call MS
support to solve it.

We had the same symptoms as you describe on the workstation, and eventually
spotted events 681 & 529 showing in the security event log of the ISA server,
indicating that automatic authentication was failing. In the end we tracked
it down to bad logon credentials that had been cached on the workstations.

Curiously this problem wasn't evident with ISA 2000, it's only happened
since we upgraded to 2004.

The Microsoft article with the details can be found here:
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_vkxx.asp

My only concern is that re-creating the profile should have solved this for
you, but if you use roaming profiles, the article does say that the local
copy of this cache may still be used.

There were a couple of ways around the problem for us. Individually, you can
just empty the Credentials folder stored in '<user profile>\Application
Data\Microsoft\Credentials', or you can also make a change in group policy
which force all computers to clear the saved passwords for users.

We have several users affected so went down the group policy route. We've
informed all users that for the next week no passwords will be saved and they
should reboot their computers if they've been having this problem. Changes
didn't take effect immediately for us, but asking users to reboot, log on and
then reboot again works every time.

So far this looks like it's solved it for us. Let me know if it helps at all.

Ross

---

• Next message: Sigalit Bar [MSFT]: "Re: ISA 2004 error"
• Previous message: Ross: "Re: Fighting Spyware by Blocking Access to Site?"
• Maybe in reply to: Sergio Fonseca [MVP]: "Re: 407 Proxy authentication error - for ONE user only!"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages XP clients Not accepting GPOs ... All of our software rolls out via group policy, ... installed everything on the next reboot. ... installed on the computers that took right away, ... now i'm at a point where I dont know whats installed on which ... (microsoft.public.windows.group_policy) Re: Unexpected client authentication popup when using IE and Web P ... indicating that authentication was failing. ... which force all computers to clear the saved passwords for users. ... should reboot their computers if they've been having this problem. ... (microsoft.public.isa) re:Web Proxy / Firewall Client prompting for authentiation ... For some reason a number of computers had cached the wrong ... credentials, and were failing to authenticate with the server. ... saved passwords for users. ... saved and they should reboot their computers if they've been having ... (microsoft.public.isa.clients) Re: Scheduling a reboot via GPO ... One way would be to use the AT command as a Group Policy "startup" machine ... configuration script for computers in that OU, ... > We would like to schedule a reboot for a couple of PC in our domain. ... (microsoft.public.windows.group_policy) Scheduling a reboot via GPO ... We would like to schedule a reboot for a couple of PC in our domain. ... would like to use the Group Policy of these computers so that every new ... (microsoft.public.windows.group_policy)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2005-02