Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Authentication failed
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Authentication failed - 22.Feb.2007 4:47:13 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
Problems began after upgrade 2004->2006.
Symptoms:
Normal operation of system, but "Authentication failed" error follow runing "fatal" process. The FWClient connectin with Server need to be reestablished after that.
Example of error (application tried to create telnet connection):
Application [dipost.exe]. Authentication failed. Verify that the user account running this application has the required permissions. If the application is running under a system account, you can apply different credentials for this application via the client configuration and FwcCreds.exe.
The same behaviour take place, for example, with stream resources (radio, video)
What can You say about this?
Thanks in advance!
|
|
|
|
RE: Authentication failed - 5.Mar.2007 2:04:07 PM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Is the ISA Firewall's internal interface configured with an internal DNS server? Make sure there are no external DNS servers configured on any of the ISA Firewall's NICs.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Authentication failed - 6.Mar.2007 2:20:27 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
Thank You for reply!
Yes, it is! ISA's external interface has pointed to external DNS, Internal interface -to local DNS. I heard about this rule, but can't understand exact problem in such kind of configuration ( say a little if not inconvenient to You ).
The most notable is the old version (from ISA 2004 distrib) of FWC is working properly finally!
A few words how I solved this issue:
1.Uninstall FWC, reboot.
2.Run "netsh interface ip reset".
3.Delete registry keys "winsock", "winsock2", reboot.
4."Install" protocol TCP/IP (from the disk, windows\inf\..), reboot
5.Install FWC.
It's became possible to install FWC correctly only by this sequence of actions...
|
|
|
|
|
RE: Authentication failed - 6.Mar.2007 11:29:49 AM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Cryo,
OK, sounds like a bad firewall client install. Good to hear you got that working.
But you should remove the external DNS server address from the ISA Firewall. This is the most common reason for Firewall clients to suddenly stop being able to authenticate with the ISA Firewall.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Authentication failed - 7.Mar.2007 4:12:10 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
Thanks, Tom!
I've removed external DNS from interface, and changed interface order in network connection's property (Internal is first now).
After that I've decided to reinstal FWC to new version.
The thing that happens always is:
Old version FWC service uses "System Account" account to start, but New FWC - "Local Services" account. FWC (new) can not connect to ISA Server (red X) after installation as a result of this (But if I install it onto clear system (fresh OS), it is able to work properly after installation at once). So, I have to change starting account to "System Account" to make it workable. But some time later FWC became unstable and stoped to functioning finally.
Since I've changed configuration in accordance with Your recommendation, FWC has being working still. Want to inform You, that I don't use any auto-configuration for FWC in my network.
Question: maybe the problem in my situation is located somewhere in services permissions?
Thanks for advance!
|
|
|
|
|
RE: Authentication failed - 9.Mar.2007 1:47:32 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
I did not make any changes with services through GP. The only fatal thing that can impact was when I accidentally changed NTFS permissions on system drive.. Maybe I should restore original state with help of "setup security.inf" ?
|
|
|
|
|
RE: Authentication failed - 9.Mar.2007 11:10:20 AM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Cryo,
That could do it, as ISA needs some specific permissions on it's folders IIRC.
I don't think the setup.inf will fix this kind of problem, though.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Authentication failed - 18.Apr.2007 5:58:51 AM
|
|
|
macpa
Posts: 9
Joined: 18.Apr.2007
Status: offline
|
Hi
I have the same problem. At the moment I have two isa servers: ISA 2004 and ISA 2006 both standard versions. Both servers have SP2 for Windows 2003 server installed.
I daily need to download symantec definitions via command line FTP using newest firewall client. on ISA 2004 it works just fine. when i change the firewall client to use ISA 2006 i have the following error message:
Application [ftp.exe]. Authentication failed. Verify that the user account running this application has the required permissions. If the application is running under a system account, you can apply different credentials for this application via the client configuration and FwcCreds.exe.
additionally on ISA2006 in the sessions tab i can see that my username i not recognized - username(?).
I can also see that I can't reach any ftp site using such config.
Both ISA servers have exaclty the same firewall rules.
any ideas??
|
|
|
|
|
RE: Authentication failed - 18.Apr.2007 6:20:06 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
Hi, I can suggest you to solve the problem by disabling FWC processing for [ftp.exe]. You can do it globaly in Configuration->General->Define Firewall Client Settings->Application Settings by adding DisableEx=1 key for ftp application; or you can make changes on certain computer by adding Application.ini file with path: .\Documents and Settings\All Users\Application Data\Microsoft\Firewall Client 2004\
and such text block in it:
[ftp]
DisableEx=1
|
|
|
|
|
RE: Authentication failed - 18.Apr.2007 6:57:01 AM
|
|
|
macpa
Posts: 9
Joined: 18.Apr.2007
Status: offline
|
that doesn't help as ftp.symantec.com requires socket connection which works fine when running firewall client via ISA2004.
that comamnd will simply disable ftp from processing via firewall client and i need this funcion. ;-)
in my opinion it's a "new feature" in ISA 2006 cause i can't also access shares on this server.
Tom? is this any kind of new security feature in ISA06? is there any workaround?
|
|
|
|
|
RE: Authentication failed - 18.Apr.2007 7:18:05 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
1.Ok, if you need this FWC processing, so you can try to uninstall FWC, reset winsock on your machine and reinstall tcp/ip protocol. I wrote about this operation above..
2.There is no file share access by default in ISA 2006 anymore. You can note, that ISA computer has became a Master Browser in your network $) So you need to open udp 137,138 & tcp 139 for NetBIOS functioning.
|
|
|
|
|
RE: Authentication failed - 18.Apr.2007 7:24:21 AM
|
|
|
macpa
Posts: 9
Joined: 18.Apr.2007
Status: offline
|
i don't think winsock reinstall will help because when i change the server within FW cient to isa 2004 then everyting works just fine. so for sure it's not a matter o client.
btw: thx for the second info - didn't know that.
and one more thing i manage to make it work.. partialy ;-)
i changed the settings in Firewall Cleint Settings section in ISA 2006 to unchecked "Allow non-encrypted Firewall client connection"..
partially cause at the moemnt i have a error:
> ftp: bind :Can't assign requested address
so i think i'm close to the solution.
the funny thing is that i can connect and download SAV definitions via software like leechftp whereas i can connect to SAV FTp site already via CMD but i'm not albe to download.
Anyway thx cryptograph for your suggestions! ;-)
|
|
|
|
|
RE: Authentication failed - 18.Apr.2007 7:36:15 AM
|
|
|
Cryograph
Posts: 14
Joined: 24.May2006
Status: offline
|
Not at all.
I beated with this FWC problem about two weeks , but hadn't solved it clearly..
But in my case problems began after FWC version update..
Microsoft can't give any recommendation about this situation.. I haven't found at least..
So it was like voodoo dancing around it..
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
