• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Non domain member website behind ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Non domain member website behind ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Non domain member website behind ISA 2006 - 24.Mar.2009 7:35:38 AM   
rogerexplosion

 

Posts: 2
Joined: 24.Mar.2009
Status: offline
We have an ISA server in a DMZ
It has 2 interfaces ( Internal and External ) we currently have a web listener for OWA and the external interface that is working fine. My problem is I need to add an additional web listener for an internal web server that is not a member of a domain and I need the clients to authenticate directly with this box. When attempting to contact it.


I registered and setup a domain name for this server routed it through to the external interface of the ISA box ( I assigned a second IP to the ext interface ). I then setup a web listener on this IP for this website for port 80 ( at the moment I am just testing it on HTTP ).


My first problem is when I try to hit the website from external I got prompted with an authentication box from the ISA server but it won't take the credentials, I then changed the authentication on the rule to be no authentication but client may authenticate directly hoping this would allow the web server itself to prompt for credentials ( as it normally does internally ) but I get no authentication box all I get in the ISA logs is - 12239 The server requires authentication to fulfil the request. Access to the web server is denied. '


I am sure I am missing something but I can't see anything else in the logs. Normally if it was on the domain I would use the ISA box to authenticate against AD however this isn't the case.

I was wondering if anyone had any ideas or suggestions  ?
Thanks!
Post #: 1
RE: Non domain member website behind ISA 2006 - 25.Mar.2009 9:15:13 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
One thing i dint understand was that is your ISA a non-domain member or is it your web server a non-domain member.... I am assuming that your web server is a non-domain member

So, if you want users to directly connect to the web server you need to select "no Authentication" on web listener and then on the publishing rule under users tab select "All users" .Then under Authentication Delegation tab select "no authentication, but client may authenticate directly"

I apologize if i dint understand the scenario right. Please let me know if i am wrong somewhere...



_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to rogerexplosion)
Post #: 2
RE: Non domain member website behind ISA 2006 - 25.Mar.2009 12:16:42 PM   
rogerexplosion

 

Posts: 2
Joined: 24.Mar.2009
Status: offline
Inderjeet,

You were spot on. I forgot to change Authenticated users to all users.. everything is now working as I expected.

Many thanks for your assistance


(in reply to inderjeet)
Post #: 3
RE: Non domain member website behind ISA 2006 - 25.Mar.2009 4:22:42 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Glad to know it's working now... cheers !!

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to rogerexplosion)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Non domain member website behind ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts