Re: Error: HTTP/1.1 407 Proxy Authentication Required

They do support proxy authentication. This is what their help files have to
say about proxy-

Click Configure to open a dialog box where you can configure the following
proxy properties:

Proxy:Port - The name and port number of an HTTP proxy server. Leave this
property blank if there is a direct connection to the Internet. Specify this
property if a proxy is required to traverse a firewall. The specification
must include the port number of the proxy – for example,
proxyhost.domain.com:8088.

Proxy Caching - Turn on or off the use of caching at the HTTP proxy server.
This property has no effect if a proxy server is not specified. The default
is that proxy caching is turned Off.

Proxy User (if secured) - The user name to authenticate if you are accessing
the Web page through a secured HTTP proxy server. There is no default value
for this property.

Proxy Password (if secured) - The password to authenticate if you are
accessing the Web page through a secured HTTP proxy server. Click the Change
Password button to set the password. There is no default value for this
property.


"Jim Harrison (ISA SE)" wrote:

It appears that the tool supports server auth (401), but not proxy auth
(407).
I can't access their support pages, since they limit this to licensed
customers.
Scan through their FAQ and see what they say about proxy authentication.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Ripul" <Ripul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B1266E54-F2DB-484F-AD38-DA6BD0A5F12A@xxxxxxxxxxxxxxxx
We are using a monitoring tool from indicative software (www.indicative.com)
called Service director. It has some built in http tests that supports NTLM
for monitoring URL's. Some of their monitoring tests can monitor http status
code, availability of web server, response time etc. When you configure the
http tests you can specify the the following NTLM properties for
authentication purposes i.e

NTLM user
NTLM user domain
NTLM host
NTLM host domain.

I am trying to run the http tests for internal as well as external URL
monitoring. For internal URL's which uses integrated Windows authentication,
I am not using any proxy but specify the NTLM parameters. When i do that I
get this error message-

Aug 28 18:47:28 msas-nyk27p.global.gam.com TestNow: [Debug]
(Tests:Http_4-0:p__113b0ab8627:176889) Start NTLM Authentication at
1188341248015
Aug 28 18:47:28 msas-nyk27p.global.gam.com TestNow: [Debug]
(Tests:Http_4-0:p__113b0ab8627:176889) NTLM handshake 1 server response null
Aug 28 18:47:28 msas-nyk27p.global.gam.com TestNow: [Debug]
(Tests:Http_4-0:p__113b0ab8627:176889) INITIAL RESPONSE :
HTTP/1.1 401 Unauthorized
Content-Length: 1656

I also notice that the domain user account I am using for NTLM
authentication gets locked each time I run the test.

For the external URL's like www.google.com I keep getting a different error
message-

HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. )

Now I know Indicative does not support NTLM V2 for http tests. I checked the
NTLM compatability level is set to 4 in the registry on the web server as
well as on te proxy. I tried changing that to value 2 but still got the same
error message.

Any ideas?

Thanks

Ripul

"Jim Harrison (ISA SE)" wrote:

Sorry, Phil; that's incorrect.
The authentication method is not changed by modifying the user
credentials.

Exactly what monitoring tool is this?
As Phil correctly stated, it's entirely possible that your tool doesn't
support NTLM (or Integrated) proxy authentication.
You can add Basic auth to the network object Web proxy authentication
options and see if it understands that.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message
news:OSklywZ6HHA.5980@xxxxxxxxxxxxxxxxxxxxxxx
If your Tool isn't capable of comprehending NTLM authentication (such as
only using Basic Auth) you will have to prefix the credentials prompt with
the domain name:

User: domain\user
Pass: *******

If you ran the Firewall Client and made sure the Tool is set to not use a
proxy (if it has such settings) then you would never have the prompt to
start with.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


"Ripul" <Ripul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D4E4C57-C64D-40AC-92ED-464CB9DF9235@xxxxxxxxxxxxxxxx
I am trying to run an http test from a monitoring tool to check the http
status code of external URL like www.google.com. And I am getting this
error
message-

HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. )

The ISA server requires NTLM authentication. I have tried putting the
NTLM
credentials but no luck so far. I keep getting this error message. Any
help
would be highly appreciated.

Thanks




.