We have an issue with our ISA2006 SP2 servers when we try to visit the website : https://onestore.mmc.com which is a secure site that prompts the user for authentication.
We allow on the web proxy only Integrated authentication which I know passes the users credentials to the proxy server automatically as integrated.....
I am finding that Internet Explorer and Firefox do not even start the SSL connection I just get either "Page cannot be displayed" or "Connection with the server was reset" from Internet Explorer and Firefox respectively.
I have added a rule to allow any user going to https://onestore.mmc.com access and I can see from the logs that ISA is allowing the connection to the website (as an anonymous user)
However, the user never receives the user name/password challenge from the website.
I have enabled Basic and Digest authentication on the ISA server on the web proxy authentication and none of these options have worked
We are using HTTP1.1 and have compression enabled on ISA.
I can only think to add the website to the windows password store to see if that helps.....
From: Taylorville, IL
Authentication between the user and the ISA has absolutely nothing to do with authentication between the user and the Site itself. ISA does not,... and will not,... delegate authentication between the user and the Site. The user authenticating to the ISA,...and the user authenticating to the Site are two entirely separate independent processes.
"Page cannot be displayed" or "Connection with the server was reset" from Internet Explorer and Firefox respectively.
There is more to those errors than that,..those are only the Titles of the errors, not the details. You have to look at the details of the errors. In either case,...these errors are not authentication related.
From: Taylorville, IL
ISA does not,... and will not,... delegate authentication between the user and the Site.
Note: I am assuming that the users are on the LAN and that the Site is out in Internet Land,...and not the reverse where the Site is published from inside the LAN and the Users are out in Internet Land. In a Publishing situation there is the possibility of authentication delegation.