Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
WPAD round robin ISA 2006 Standard
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
WPAD round robin ISA 2006 Standard - 31.Mar.2008 11:40:06 AM
|
|
|
QMUCIT
Posts: 15
Joined: 7.Dec.2005
Status: offline
|
Hi All,
I'm looking for some advice on setting up our ISA 2006 servers with regards authentication and NLB using the setup instructions given here:
http://www.isaserver.org/tutorials/Load-Balancing-Web-Proxy-Clients-With-ISA-Server-2004-Standard-Edition-Part1.html
We have 2 ISA 2006 servers configured as Caching servers, not using the Firewall or VPN functionality - we want to be able to track who is accessing what site, and the authentication and logging functionality of the ISA servers is great for that.
We also wanted some form of NLB, and the WPAD automatic configuration script sounded ideal so we setup a test with a website on a different server hosting the wpad.dat script, with anonymous authentication to this site - internal sites are listed in the script so they don't go through the proxies. However, when this is in place our test user can access their homepage (our default internal web site) but as soon as they try and access any external site they are prompted for credentials. If they enter their credentials (the same ones they are logged onto the machine with) then they get through fine.
The ISA servers have a Proxy Firewall rule that allows members of specific groups access to the web, by running the logging and watching when the user tries to connect you can see the 'Anonymous' user being denied access, once the user enters their credentials you can see them allowed access as the user is a member of one of these groups allowed access. If we change the web site hosting the wpad.dat file to require Integrated Windows authentication the user is prompted for credentials before the default home page opens. We don't want to add anonymous users to the Proxy Firewall rule as the whole point is to see what user is accessing what site.
Our alternatives would be to setup round-robin DNS entries for the 2 proxies (Host A records) but this doesn't really provide much failover if one box dies, the client-side CARP seemed the way to go but we really need the authentication.
Any ideas?
Many Thanks in advance,
Regards,
Andy
|
|
|
|
|
RE: WPAD round robin ISA 2006 Standard - 2.Apr.2008 4:48:33 AM
|
|
|
QMUCIT
Posts: 15
Joined: 7.Dec.2005
Status: offline
|
Hi All,
Please ignore above post, it appears I was being a bit dim - I had changed the password for the account I was using to test authentication but had not logged off the virtual machine I was testing from before trying the automatic configuration script, so I was being prompted to authenticate every time.
Now that I've refreshed the credentials on my test machine I don't get prompted again and the round-robin appears to be working great.
Many Thanks,
Regards,
Andy
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
