Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
WPAD and authentication problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
WPAD and authentication problem - 4.Jan.2005 9:25:00 PM
|
|
|
monk120
Posts: 4
Joined: 31.Aug.2004
Status: offline
|
I have ISA 2004 setup in a web proxy configuration as follows:
Two ISA 2004 servers using Microsoft Network Load Balancing on Windows 2003 server.
Auto Discovery is set to publish the automatic discover requests.
Web Proxy Clients enabled with integrated authentication, all users required to authenticate.
Unlimited number of connections with the default timeout of 120 seconds.
Internet Explorer 6.0 XP SP2 configured to use proxy server. The IP of the virtual NLB is used.
SurfControl Version 5.0 agent is installed on both ISA 2004 boxes.
This configuration works as expected. Users authenticate via the domain, Surf Control monitors and blocks as configured.
The problem occurs when I try to deploy using WPAD and DHCP. I change IE to Automatically Detect Settings. Instead of Integrated Authentication, the user is presented with a login screen for the NLB proxy server. Once logged on, everything works as expected.
The authentication then works for a period of time that is longer than the 120 seconds specified in ISA 2004. In other words, if I exit my browser, then launch another session in 5 minutes, the authentication request is not presented. If that time period is much longer, say over 1 hour, then I am asked to authenticate again.
Any ideas?
|
|
|
|
|
RE: WPAD and authentication problem - 6.Jan.2005 3:27:00 PM
|
|
|
monk120
Posts: 4
Joined: 31.Aug.2004
Status: offline
|
I seem to have tracked down why this is happening, but need some help resolving.
When IE looks to Http:\\isa_server/array.dll?Get.Routing.Script during the autodiscovery process, it is doing so as anyonymous, the connection is denied, and the logon window is displayed.
How can I allow the browser to retrieve the wpad.dat while still requiring authentication without presenting the logon screen?
|
|
|
|
RE: WPAD and authentication problem - 7.Jan.2005 4:26:00 PM
|
|
|
monk120
Posts: 4
Joined: 31.Aug.2004
Status: offline
|
Found the answer on another forum, something posted by an MSFT:
------------------
This is a known issue.
Currently, the workaround is this:
- Configure your rules to apply to "authenticated users"
- Uncheck "Require all users to authenticate"
------------------
I did and the problem has been resolved.
|
|
|
|
RE: WPAD and authentication problem - 16.Feb.2005 3:42:00 AM
|
|
|
DonChino
Posts: 21
Joined: 27.Oct.2003
Status: offline
|
I also have a similar setup but the question I have is that when I do WPAD, my users show up in ISA as SecureNAT clients but not Web Proxy clients...
I know that ISA 2004 defaults all users to SecureNAT clients if Web Proxy fails but I do not know why Web Proxy is failing...
I have AUTO DISCOVERY set up, I have a DNS entry to ISA Server, and I have IE Browser checked to AUTO DETECT...
Is there anything else? Do I have to set up a web server on ISA Computer? I also have a SINGLE NETWORK adapter set up because if you have EDGE FIREWALL then I have routing problems. My network is behind a Linksys Router so obviously ISA Server is LOCAL to all so using 2 NICs only causes routing issues since both cards are Internal...
Help? Are your clients connecting as Web Proxy clients in ISA MONITORING using WPAD, because if you set it manually obviously it works...
[ February 16, 2005, 03:44 AM: Message edited by: DonChino ]
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
