Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Authentication and Popup Boxes

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Authentication and Popup Boxes Page: [1]
Login
Message << Older Topic   Newer Topic >>
Authentication and Popup Boxes - 7.Feb.2007 10:32:46 AM   
kc2kth

 

Posts: 11
Joined: 7.Feb.2007
Status: offline 		Not being extremely well versed in ISA Server, I'm hoping someone can help be determine the correct path here. We currently run ISA 2004 SP2 and use Surf Control 5.0. Historically our use of ISA has been primarily as a proxy and cache server. We hard code the ISA server name in IE and/or in the proxy/firewall client. The goal here is to get autoconfiguration working for both IE and for the firewall client.

Our current configuration has "Force all users to authenticate" option enabled in the Authentication section of the proxy config in ISA. Integrated is the only enabled authentication method. Disabling the "Force all users..." option causes SurfControl to disallow any users access to Internet resources. Firewall rules in ISA that allow Internet access are configured to allow "All Users" access, not "All Authenticated Users".

When I create the wpad entry in DNS, users receive a popup box forcing them to enter their domain id and password before allowing them Internet access. I've theorized that ISA is forcing the users to authenticate before providing them with the proxy configuration information the auto config process is trying to obtain.

I determined that the correct method to resolve this issue (prevent users from seeing a popup box when they start IE) would be the following:

- Configure firewall rules in ISA to apply to "All Authenticated Users"
- Disable "Force all users to authenticate option"
- Create wpad entry in DNS
- Enable proxy auto config in IE

However, I just finished reading Tom's article regarding the web proxy filter and he indicated that "Force all users..." option should be enabled. This seems contradictory to information from Microsoft and from what I've found in testing.

I'm looking for someone who has gone through this process to provide some comments and/or suggestions on how best resolve my specific issue. Users do not want to see popup boxes from the proxy server, and I want IE and Firewall Client auto configurations to work properly.

Thank you in advance.

John LeMay
kc2kth
Post #: 1
RE: Authentication and Popup Boxes - 8.Feb.2007 4:23:19 PM   
kc2kth

 

Posts: 11
Joined: 7.Feb.2007
Status: offline 		The resolution to this issue was found here:


http://support.microsoft.com/kb/889035

The article describes a registry hack that will allow IE and the FWC to download routing and configuration information from ISA without authenticating first even when the "Force all users..." setting is enabled.

Added the registry entry this morning and restarted the firewall service, auto config is working great today for both IE and for the firewall client users.

(in reply to kc2kth)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Authentication and Popup Boxes Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts