I'm hoping someone here can help me with another little problem I've ran into with publishing SharePoint and ISA!
When we enable more than one app server in the web server farm for this setup WebDAV access to document libraries stop working. Specifically users get prompted for their credentials, but even when they supply the correct username and password they are not let in.
Upon further investigation this appears to be specific to Windows XP clients - the authentication prompt looks a bit like the old Windows 95/98 password prompt and not the usual Windows XP one.
Users are not required to authenticate to ISA, so no delegation is performed but clients are allowed to authenticate directly to the published web server. So why are the app servers suddenly asking for credentials when if only one is enabled it works fine?
If you use isa before your sharepoint the authentication packets are not being received correctly, i'm assuming here that you use some kind of publishing for the internal sharepoint server in isa. Is this really neccesary ? can't you better create a Rule that allows port80/443 traffic from your internal clients to the sharepoint server ?
Unfortunately I need the load balancing feature that I get by using the publishing rule.
For the moment I have solved the problem by changing the load balance mechanism on the ISA Server from a cookie based one to a source-IP based one, this seems to have done the trick.
I can only assume that the implementation of the WebDAV Mini Redirector included with XP does not support cookies.
As an aside, if we forced the use of the 'old' Web Folder client included in XP, everything worked as it should with a cookie based load-balancing mechanism. Unfortunately this client does not support mapped drives so we could not use it.