Hello. Don't post here often, so I'm not sure if this is in the right sub-forum or not.
We have an ISA 2004 SP3 server set up in a single-armed (proxy) configuration.
Internal users -> ISA 2004 -> Cisco ASA -> Internet
Only members of a specific AD group can traverse it. For some reason, random users at random times will get re-authentication popups and need to put their credentials back in. Sometimes that results in the page being rendered, other times it does not... with the credentials re-popping up for every inline page element (graphics, etc).
We've tried clearing browser caches and rebooting and the like. Sometimes recreating the user (over the top) seems to work. I suspect it's something in the caching of credentials between ISA and the AD server, but I can't be sure... the ISA server logs don't seem to indicate anything (event logs, anyway).
I thought this issue might be resolved in SP3, but that didn't seem to help. I can't find rhyme or reason to the pattern of prompts, either...
First check if you dont have comunication, authentication problems between Isa server and Domain controllers. Check Isa server event viewer. Is your Isa server a domain member ? Another thing to check is your isa server dns configuration.
1) I have communication, as 99.9% of username/password lookups work fine. As mentioned in the initial post, the problem appears random, and cannot be recreated at-will. 2) Event log on the ISA server contains no errors. (Aside from a couple of "decompress" errors for specific sites) 3) Yes, the ISA server is a domain member. 4) I'll set up a anyone-to-anywhere DNS rule and see what happens.
- "Require users to authenticate" is and has always been "off", so that's not it... - Windows Media Player is not involved in my cases... - Browser is IE, so that's not it... - The users in question DO belong to the approprate groups... - ISA server is not chained, so that's not it... - No intranet involved... both client and servers are in the "internal" group (single-homed, as mentioned above) - IIS not an issue... these are the same sites they access without issue at other times... - Basic AND Integrated authentication are turned on, not just the first... - Not a cached credentials issue... as the site worked fine 30 sec before...
Still working my way through a few others from that list.