Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Cannot authenticate when inbound
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Cannot authenticate when inbound - 24.Aug.2002 10:47:00 PM
|
|
|
Guest
|
I cannot seem to authenticate at the Inbound listener. I have it configured to ask for authentication, and I have it listening on port 80 of the external IP. Its asking for Digest and Integrated Authentication, but nothing works. It keeps popping back up for authentication, then times out with error: "401 Unauthorized - The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. (12209)
Internet Security and Acceleration Server
Needless to say, I have no idea if my web publishing rule works or not, because this is what I get. Not fun. Please help. Thanks!
|
|
|
|
|
RE: Cannot authenticate when inbound - 24.Aug.2002 11:16:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
What browser are you using?
Are you authentication with the server or listener? You should not do both.
HTH,
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 24.Aug.2002 11:18:00 PM
|
|
|
Guest
|
Internet Explorer 6.0
I'm not sure what you mean. I have ISA server setup to ask for authentication at the inbound listener, however, the site the web publishing rule is supposed to be pointing to (internal.domain.net/tsweb) is set to allow anoynomous access). I get the above error no matter what I do. The internet web server is a SecureNAT client and Web Proxy, by the way.
|
|
|
|
|
RE: Cannot authenticate when inbound - 24.Aug.2002 11:27:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
So, you're forcing authentication on the Incoming Web Requests listener, and you selected the Integrated and Digest. OK, how about Basic Auth? Does that work? I seem to recall reading something about IE 6 and integrated, although this might only affect OWA sites. How about removing the force authentication option and see if users can access the site anonymously?
Also, is the ISA Server a member of the AD domain?
Thanks!
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 24.Aug.2002 11:27:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Also make sure the ISA Server is actually communicating with the DC.
HTH,
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 24.Aug.2002 11:36:00 PM
|
|
|
Guest
|
ISA Server is a domain controller, although not the master. Yes, it can replicate its AD connections with no problem. Basic doesn't work either. Here is the error I get when I take "Force Authentication" off:
403 Forbidden - The server denies the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
Internet Security and Acceleration Server
It did not ask for authentication. I have anoynmous enabled on the TSWeb directory as well, but not on the entire virtual server, if that matters.
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 1:37:00 AM
|
|
|
Guest
|
So you're placing your money on running dcpromo to demote the domain controller? Its really a DC just for failover tolerance, but if you think that my error is being generated from that, I'll run it. Thanks!
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 6:49:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
It can't hurt! You can always promoting it again later, but it makes problems must easier to troubleshoot without the AD.
Let us know how things go for you.
HTH,
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 6:56:00 AM
|
|
|
Guest
|
I'll run it tomorrow afternoon and see what I get. Right now web/server publishing doesn't work at all, so I'll run dcpromo and demote that sucker tomorrow and see what I get. Thanks!
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 8:28:00 PM
|
|
|
Guest
|
Things went as badly as they could have. None of my server/web publishing rules work. DNSstuff.com cannot query my DNS servers to resolve my domain name, although I have the DNS Servers published, and I'm still getting the same old stuff when I try to access the site, authentication fails. Doesn't make any sense, I can see the user and remote IP on the web proxy service when I'm trying to get this thing to let me log on, but for some reason, I just can't authenticate. Any ideas would be more than appreciated.
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 10:48:00 PM
|
|
|
Bill Roland
Posts: 21
Joined: 25.Aug.2002
From: Ocala, FL
Status: offline
|
The telnet publishing rule actually worked. That't it though. I don't know what to make of the DNS publishing rule, however, because strangely enough my site is being referred to to its IP address. My DNS Servers are the only one's who can do that. Although dnsstuff.com cannot contact the DNS Servers and obtain any information off of them, it seems that they may actually be working. Which brings us to the last problem: my web publishing rules will not work. I've taken Required Authentication off, now all I get is 403 Forbidden on the site I'm trying to access (which, by the way, is set to use anonymous access too). Any ideas?
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 10:52:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
That indicates to me that your destination sets are not configured correctly.
What are the details of your destination sets and Web Publishing Rules?
Thanks!
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 25.Aug.2002 11:00:00 PM
|
|
|
Bill Roland
Posts: 21
Joined: 25.Aug.2002
From: Ocala, FL
Status: offline
|
Thanks Tom. Well, I'm about ready to pull my hair out now. My web publishing is configured so that support.hiers-baxley.net is sent to support.hiers-baxley.net/tsweb. The tsweb directory on the internet IIS server is configured to allow Anonymous access. The Web proxy service is no longer demanding Authentitcation because I turned it off. I've got an error telling me that The Microsoft Firewall Service couldn't bind to to the external interface port 53 because its in use. That makes no sense, since I turned off DNS Server completely and rebooted. I'm seriously considering just formatting this whole box and starting fresh tomorrow. Any thoughts on that?
|
|
|
|
|
RE: Cannot authenticate when inbound - 26.Aug.2002 5:58:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
You can't have someone send this request:
http://www.stuff.com
and have it redirected to the internal server at:
http://www.stuff.com/morestuff
The path must be the same on the request and the internal server.
You know that for the publishing chapter in the book!
HTH,
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 26.Aug.2002 6:17:00 AM
|
|
|
Bill Roland
Posts: 21
Joined: 25.Aug.2002
From: Ocala, FL
Status: offline
|
It was for a while, but that didn't work, so I tried something different, it didn't work either. Basically, DNS server publishing wouldn't work because something was prohibiting ISA from listening for port 53 on the external interface. I formatted, haven't had a chance to set it all back up. Web publishing has never worked right either, but I'm going to try again tomorrow on the brand new installation of Windows 2000 SP3. The basic problem I had was that anything outbound worked fine, anything inbound (save Telnet), wouldn't work at all. Will update tomorrow (after I get Sprint to figure out why their routers aren't putting traffic from one of my remote sites onto my network. They think its ISA server, I don't understand why that would be...
|
|
|
|
|
RE: Cannot authenticate when inbound - 26.Aug.2002 7:00:00 PM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Dude,
You think it worked, but it didn't. ISA Server *cannot* redirect to another subfolder. For example, if the user types:
http://www.mydomain.com/
[www.mydomain.com resolves to a public address]
ISA Server WILL NEVER go to an internal server at:
http://www.mydomain.com/subfolder
[www.mydomain.com resolves to the private address]
HTH,
Tom
|
|
|
|
|
RE: Cannot authenticate when inbound - 27.Aug.2002 1:18:00 AM
|
|
|
Bill Roland
Posts: 21
Joined: 25.Aug.2002
From: Ocala, FL
Status: offline
|
I guess I mispoke. I already know what you just said, and I know it doesn't work. My point was, doing it the correct way didn't work either. Basically, nothing I did in the publishing department worked at all. I'm now getting some better results after the reinstall.
|
|
|
|
RE: Cannot authenticate when inbound - 27.Aug.2002 7:19:00 AM
|
|
|
tshinder
Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
Reinstalling often fixes things!
Good to hear you got it working.
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Big Grin]](/image/smiles/biggrin.gif)
