RE: Integrated Authentication Issues with ISA 2004
- From: v-bpeng@xxxxxxxxxxxxxxxxxxxx (Bill Peng [MSFT])
- Date: Fri, 23 Sep 2005 02:12:57 GMT
Hi Matt,
Thank you for posting back.
I understand that the "authenticated users" is also working now. I think
this should be the IE/ISA cache that works.
If the problem occurs again, please use the "all users" method to solve it.
I will check the other post later that you sent an e-mail to me today.
Regards,
Bill Peng
MCSE 2000, MCDBA, CCNP, CCDA
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
The public newsgroup only focuses on SBS related technical issues, for
other Microsoft products, we recommend you to post to appropriate newsgroup
to get most qualified responses.
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive notification. When responding to
posts via your newsreader, please "Reply to Group" so that others may learn
and benefit from your issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Integrated Authentication Issues with ISA 2004
>thread-index: AcW/W9hljSG5/05lS3iCPzbdmCuimg==
>X-WBNR-Posting-Host: 195.153.122.67
>From: "=?Utf-8?B?TWF0dA==?=" <mattk@xxxxxxxxxxxxxx>
>References: <51F3606C-7EB6-4738-8876-9121A835156E@xxxxxxxxxxxxx>
<Yr9hXZbvFHA.1364@xxxxxxxxxxxxxxxxxxxxx>
<080E5B42-A0A3-4296-AD06-3C20095675DD@xxxxxxxxxxxxx>
<GjWul8ovFHA.1364@xxxxxxxxxxxxxxxxxxxxx>
>Subject: RE: Integrated Authentication Issues with ISA 2004
>Date: Thu, 22 Sep 2005 02:56:04 -0700
>Lines: 237
>Message-ID: <07C97946-6519-4E84-A5B5-5E6A95F26E66@xxxxxxxxxxxxx>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.isa
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.isa:13467
>X-Tomcat-NG: microsoft.public.isa
>
>Hi Bill,
>
>I don't have a problem with the monitoring and reporting I think I may
have
>been a little unclear. I think I was just stating that I wanted to see the
>usernames so that I can report on usage which is why I didn't want to
simply
>have a single rule to allow All Users. By putting an authenticated users
rule
>first I still see usernames which I can use for reporting, but any that
fail
>here will go to the next rule which will allow all users anyway.
>
>I have now disabled the All Users rule anyway and it still seems to be
>working for the sites that were not fully downloading before. One
difference
>is that the the allow rule now uses "All Authenticated Users" as opposed
to a
>Domain Local group in the AD as it was before.
>
>Thanks for your help
>Matt
>
>
>
>"Bill Peng [MSFT]" wrote:
>
>> Hi Matt,
>>
>> Thank you for your update.
>>
>> I'm glad to hear that the original problem has been resolved.
>>
>> Will you please describe more detail about the "Monitoring and
Reporting"
>> credential problem? What error message has been shown in IE?
>>
>> Thank you for your time and I look forward to your update.
>>
>> Regards,
>>
>> Bill Peng
>> MCSE 2000, MCDBA, CCNP, CCDA
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> =====================================================
>> The public newsgroup only focuses on SBS related technical issues, for
>> other Microsoft products, we recommend you to post to appropriate
newsgroup
>> to get most qualified responses.
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
the
>> "Notify me of replies" box to receive notification. When responding to
>> posts via your newsreader, please "Reply to Group" so that others may
learn
>> and benefit from your issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft PSS directly.
Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
rights.
>> --------------------
>> >Thread-Topic: Integrated Authentication Issues with ISA 2004
>> >thread-index: AcW9+DNt3/x7GOjyQFKDUgPTNasu5w==
>> >X-WBNR-Posting-Host: 195.153.122.67
>> >From: "=?Utf-8?B?TWF0dA==?=" <mattk@xxxxxxxxxxxxxx>
>> >References: <51F3606C-7EB6-4738-8876-9121A835156E@xxxxxxxxxxxxx>
>> <Yr9hXZbvFHA.1364@xxxxxxxxxxxxxxxxxxxxx>
>> >Subject: RE: Integrated Authentication Issues with ISA 2004
>> >Date: Tue, 20 Sep 2005 08:30:16 -0700
>> >Lines: 129
>> >Message-ID: <080E5B42-A0A3-4296-AD06-3C20095675DD@xxxxxxxxxxxxx>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.isa
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.isa:13412
>> >X-Tomcat-NG: microsoft.public.isa
>> >
>> >Thanks Bill.
>> >
>> >I added an anonymous rule after the rule requiring authentication and
this
>> >then allowed me to browse the sites I was having difficulty with and
still
>> >gain a large amount of credentials being logged for monitoring and
>> reporting.
>> >
>> >Thanks
>> >Matt
>> >
>> >
>> >"Bill Peng [MSFT]" wrote:
>> >
>> >> Hi Matt,
>> >>
>> >> Thank you for posting here.
>> >>
>> >> Actually, this issue also occurs on Windows Update v5 and v6 (as well
as
>> >> Microsoft Update). Sometimes, when the internet client requests
>> information
>> >> from a web site, it will not pass your authentication to the ISA
Server.
>> In
>> >> this case, the ISA Server cannot authenticate the connection and the
>> >> request failed.
>> >>
>> >> To work around this issue, you can follow the steps below:
>> >>
>> >> Method 1.
>> >>
>> >> You can simply create an allow rule for all HTTP/HTTPS/FTP traffic
>> through
>> >> the ISA Server. This rule will apply to All Users. After doing so,
the
>> web
>> >> request can pass ISA Server.
>> >>
>> >> Method 2.
>> >>
>> >> You can create a destination set which contains all problematic web
>> sites.
>> >> Then, create an allow rule for all HTTP/HTTPS/FTP traffic to that
>> >> destination.
>> >> This rule will apply to All Users. In doing so, the request will be
>> passed.
>> >>
>> >> You can refer to the following articles:
>> >>
>> >> You experience problems when you access the Windows Update Version 5
or
>> >> Version 6 Web site through a server that is running ISA Server
>> >> http://support.microsoft.com/kb/885819
>> >>
>> >> I hope the above info helps.
>> >>
>> >> If there's any question, please don't hesitate to post back.
>> >>
>> >> Regards,
>> >>
>> >> Bill Peng
>> >> MCSE 2000, MCDBA, CCNP, CCDA
>> >> Microsoft CSS Online Newsgroup Support
>> >>
>> >> Get Secure! - www.microsoft.com/security
>> >> =====================================================
>> >> The public newsgroup only focuses on SBS related technical issues,
for
>> >> other Microsoft products, we recommend you to post to appropriate
>> newsgroup
>> >> to get most qualified responses.
>> >> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>> >>
>> >> When opening a new thread via the web interface, we recommend you
check
>> the
>> >> "Notify me of replies" box to receive notification. When responding
to
>> >> posts via your newsreader, please "Reply to Group" so that others may
>> learn
>> >> and benefit from your issue.
>> >>
>> >> Microsoft engineers can only focus on one issue per thread. Although
we
>> >> provide other information for your reference, we recommend you post
>> >> different incidents in different threads to keep the thread clean. In
>> doing
>> >> so, it will ensure your issues are resolved in a timely manner.
>> >>
>> >> For urgent issues, you may want to contact Microsoft PSS directly.
>> Please
>> >> check http://support.microsoft.com for regional support phone numbers.
>> >>
>> >> Any input or comments in this thread are highly appreciated.
>> >> =====================================================
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> >> --------------------
>> >> >Thread-Topic: Integrated Authentication Issues with ISA 2004
>> >> >thread-index: AcW9Kxj4Ef2VxBh0Qaea7G2CY0pRrQ==
>> >> >X-WBNR-Posting-Host: 195.153.122.67
>> >> >From: "=?Utf-8?B?TWF0dA==?=" <mattk@xxxxxxxxxxxxxx>
>> >> >Subject: Integrated Authentication Issues with ISA 2004
>> >> >Date: Mon, 19 Sep 2005 08:02:05 -0700
>> >> >Lines: 22
>> >> >Message-ID: <51F3606C-7EB6-4738-8876-9121A835156E@xxxxxxxxxxxxx>
>> >> >MIME-Version: 1.0
>> >> >Content-Type: text/plain;
>> >> > charset="Utf-8"
>> >> >Content-Transfer-Encoding: 7bit
>> >> >X-Newsreader: Microsoft CDO for Windows 2000
>> >> >Content-Class: urn:content-classes:message
>> >> >Importance: normal
>> >> >Priority: normal
>> >> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >> >Newsgroups: microsoft.public.isa
>> >> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
>> >> >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.isa:13374
>> >> >X-Tomcat-NG: microsoft.public.isa
>> >> >
>> >> >Hi,
>> >> >
>> >> >We are using ISA 2004 to serve purely as a proxy server integrated
with
>> >> >WebSENSE.
>> >> >
>> >> >When I enable Integrated authentication and setup the allow rule to
>> allow
>> >> >users from a group it seems to fail to authenticate intermittently.
For
>> >> >example, when requesting a page with a reasonalbe number of images,
I
>> get
>> >> the
>> >> >bulk of the page returned but several images are missing. I then
press
>> >> >refresh on teh browser and get the page again but with other images
>> >> missing.
>> >> >
>> >> >When I check the logs it appears that a number of GET requests
actually
>> >> have
>> >> >my user name associated with them but there are a few which say
>> anonymous.
>> >> I
>> >> >believe that these are the ones that are not appearing as the rules
do
>> not
>> >> >allow anonymous access.
>> >> >
>> >> >Have anyone else experienced issues when using ISA 2004
authentiaction
>> on
>> >> >the Web Listeners or can anyone suggest how I can sort this out
please?
>> >> >
>> >> >Thanks
>> >> >Matt
>> >> >
>> >> >
>> >>
>> >>
>> >
>>
>>
>
.
- References:
- RE: Integrated Authentication Issues with ISA 2004
- From: Bill Peng [MSFT]
- RE: Integrated Authentication Issues with ISA 2004
- From: Matt
- RE: Integrated Authentication Issues with ISA 2004
- From: Bill Peng [MSFT]
- RE: Integrated Authentication Issues with ISA 2004
- From: Matt
- RE: Integrated Authentication Issues with ISA 2004
- Prev by Date: Re: Anyone have a better list of ISA error-information definitions?
- Next by Date: How to get java chat to work through ISA2004?
- Previous by thread: RE: Integrated Authentication Issues with ISA 2004
- Next by thread: Re: Office 2003 clipart through ISA Server 2004
- Index(es):
Relevant Pages
|
