Authentification and MSN Messenger - 3.Dec.2002 7:18:00 PM
Hello, i have some problems with the configuration of my ISA server to allow MSN Messenger. If i allow anonymous connection throw the Web Proxy, it work. But if i ask for authentification, MSN Messenger stop responding and tells that the authentificatin is wrong.
Is there a way for MSN Messenger to work without allowing anonymous connections?
RE: Authentification and MSN Messenger - 4.Dec.2002 10:24:00 PM
Thanks tshinder, but sadly, the KB article numbered Q277812 is not available. i found it on other search engine too, but can't get to see it. I was hoping maybe someone would tell me what the article is saying or i'll wait for it to become available again.
RE: Authentification and MSN Messenger - 5.Dec.2002 8:39:00 PM
I saw it too. But all my ports are already enabled. I also executed a script i found on www.isatools.org to automatically configure my isa server to make MSN available, but i still have the same problem.
SUMMARY Support for Microsoft Instant Messenger is built into Microsoft Internet Security and Acceleration (ISA) Server 2000 as a predefined protocol; however, when if you enable packet filtering, Instant Messenger does not work without the additional configuration that is described in the "More Information" section in this article.
MORE INFORMATION To configure Instant Messenger for sending messages:
Configure the Protocol Rule Right-click Protocol Rule, and then click New Rule.
Type Instant Messenger Rule for the name of the rule, and then click Next.
Click Allow, and then click Next.
In the drop-down menu, click Selected Protocols, click MSN Messenger in the dialog box that opens, and then click Next.
Click Any Request on the Client type dialog box, and then click Finish.
Configure the Packet Filter The type of packet filters to configure depends on the type of access you want to allow with Instant Messenger. First configure the packet filter to allow for simple Instant Messenger communication: Right-click Packet Filters, and then click New Filter.
Type Instant Messenger Outbound, and then click Next.
Click All ISA Server Computers in the array, and then click Next.
Click Allow packet transmission, and then click Next.
Click Custom on the Filter type dialog box, and then click Next.
In the IP Protocol drop-down list, click TCP.
Under Direction click Both.
Under Local Port click Dynamic, change Remote Port to Fixed Port, and then for the Port Number type 1863.
Click Default IP addresses for each external interface on the ISA Servers computer, and then click Next.
Click All remote computers, click Next, and then click Finish.
RE: Authentification and MSN Messenger - 13.Dec.2002 3:16:00 PM
Already done, or else it wouldn't even work with anonymous. I allowed all protocoles. And the MSN packet filter is there too. I used a script on isatools.org to do it. Still, i verified with your answer that every options was the same. They are.
The real problem is that MSN don't seems to want to use the integrated authentification.
or maybe.........i have to look something with another firewall we have, maybe it blocks the 1863 and MSN was using the http port instead. That would explain a lot of things.
Make sure you're logging all fields and check out which rule is blocking your request. I have a hard time with MSN not working, because I spend most of my time trying to disable it! Messengers are dangerous network applications and should not be allowed on corpnets.