I'm having problems with a Java plug-in running on an internal website. When the plug-in is called, the user logged by the ISA server as initiating the request is 'anonymous'. We are using integrated authentication, with 'Ask unauthenticated users for identification' selected on the properties of the internal network; this causes the plug-in connection to be rejected.
Is there any way around this - is it possible to configure the ISA server to bypass caching for this website only. Unfortunatley, we cannot bypass caching for all local addresses as other websites are available on the LAN.
Thanks for that Tom - it's working now. I added a URL set containing the relevant website URLs, then created a user-defined protocol for the port the Java plug-in works over, and finally added an access rule containing these elements.
The only problem now is that all web requests from all users are being logged with a username of 'anonymous' - how can I force ISA to log the correct username?
They should only be anonymous if the rule is for anonymous access for that site only. You can fix the problem completely by using the Firewall client. That's why I *always* recommend making maching both Firewall and Web Proxy clients.
While this appears to be a connection over port 8011, ISA logs show that the connection is port 8011 over HTTP, so...
1) Created a URL set containing a single URL of http://<servername>* 2) Added an access rule to the top of the firewall policy allowing a source of any, destination of the URL set, protocol of HTTP & user set of All Users 3) Updated the access rule below that which allows for general web access so the user set is Authenticated Users 4) Unticked 'Ask unauthenticated users for identification' in the properties of the internal network
The effect is that anonymous connections to the plug-in URLs are allowed, and all other web requests are still logged with the correct username.
I have the exact same problem and your fix has worked for me on my 2004 box but I also need to implement the fix on my 2000 box but am having difficulty.
Here is what I have done :
Already have a protocol rule in place to allow HTTP for a particular W2K group. Created a destination set for the URL Created a Site and Content Rule to allow HTTP from Any Request to the Destination Set.
Any ideas what I'm doing wrong as it doesn't work??
P.S. I know this isn't the 2000 forum but I wanted to keep in line with this thread.