RE: Integrated Authentication Issues with ISA 2004
- From: "Matt" <mattk@xxxxxxxxxxxxxx>
- Date: Tue, 20 Sep 2005 08:30:16 -0700
Thanks Bill.
I added an anonymous rule after the rule requiring authentication and this
then allowed me to browse the sites I was having difficulty with and still
gain a large amount of credentials being logged for monitoring and reporting.
Thanks
Matt
"Bill Peng [MSFT]" wrote:
> Hi Matt,
>
> Thank you for posting here.
>
> Actually, this issue also occurs on Windows Update v5 and v6 (as well as
> Microsoft Update). Sometimes, when the internet client requests information
> from a web site, it will not pass your authentication to the ISA Server. In
> this case, the ISA Server cannot authenticate the connection and the
> request failed.
>
> To work around this issue, you can follow the steps below:
>
> Method 1.
>
> You can simply create an allow rule for all HTTP/HTTPS/FTP traffic through
> the ISA Server. This rule will apply to All Users. After doing so, the web
> request can pass ISA Server.
>
> Method 2.
>
> You can create a destination set which contains all problematic web sites.
> Then, create an allow rule for all HTTP/HTTPS/FTP traffic to that
> destination.
> This rule will apply to All Users. In doing so, the request will be passed.
>
> You can refer to the following articles:
>
> You experience problems when you access the Windows Update Version 5 or
> Version 6 Web site through a server that is running ISA Server
> http://support.microsoft.com/kb/885819
>
> I hope the above info helps.
>
> If there's any question, please don't hesitate to post back.
>
> Regards,
>
> Bill Peng
> MCSE 2000, MCDBA, CCNP, CCDA
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> The public newsgroup only focuses on SBS related technical issues, for
> other Microsoft products, we recommend you to post to appropriate newsgroup
> to get most qualified responses.
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive notification. When responding to
> posts via your newsreader, please "Reply to Group" so that others may learn
> and benefit from your issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --------------------
> >Thread-Topic: Integrated Authentication Issues with ISA 2004
> >thread-index: AcW9Kxj4Ef2VxBh0Qaea7G2CY0pRrQ==
> >X-WBNR-Posting-Host: 195.153.122.67
> >From: "=?Utf-8?B?TWF0dA==?=" <mattk@xxxxxxxxxxxxxx>
> >Subject: Integrated Authentication Issues with ISA 2004
> >Date: Mon, 19 Sep 2005 08:02:05 -0700
> >Lines: 22
> >Message-ID: <51F3606C-7EB6-4738-8876-9121A835156E@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.isa
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.isa:13374
> >X-Tomcat-NG: microsoft.public.isa
> >
> >Hi,
> >
> >We are using ISA 2004 to serve purely as a proxy server integrated with
> >WebSENSE.
> >
> >When I enable Integrated authentication and setup the allow rule to allow
> >users from a group it seems to fail to authenticate intermittently. For
> >example, when requesting a page with a reasonalbe number of images, I get
> the
> >bulk of the page returned but several images are missing. I then press
> >refresh on teh browser and get the page again but with other images
> missing.
> >
> >When I check the logs it appears that a number of GET requests actually
> have
> >my user name associated with them but there are a few which say anonymous.
> I
> >believe that these are the ones that are not appearing as the rules do not
> >allow anonymous access.
> >
> >Have anyone else experienced issues when using ISA 2004 authentiaction on
> >the Web Listeners or can anyone suggest how I can sort this out please?
> >
> >Thanks
> >Matt
> >
> >
>
>
.
- Follow-Ups:
- RE: Integrated Authentication Issues with ISA 2004
- From: Bill Peng [MSFT]
- RE: Integrated Authentication Issues with ISA 2004
- References:
- RE: Integrated Authentication Issues with ISA 2004
- From: Bill Peng [MSFT]
- RE: Integrated Authentication Issues with ISA 2004
- Prev by Date: Re: Follow-up question about ISA 2004 running on Windows 2003 SP1
- Next by Date: Re: Follow-up question about ISA 2004 running on Windows 2003 SP1
- Previous by thread: RE: Integrated Authentication Issues with ISA 2004
- Next by thread: RE: Integrated Authentication Issues with ISA 2004
- Index(es):
Relevant Pages
|
