authenication question (Full Version)

All Forums >> [ISA Server 2000 Cache] >> Web Proxy Client


deyster -> authenication question (28.Apr.2003 5:40:00 PM)

Every so often a user complains about being prompted to enter in there credentials to access a web page. This happened today to my manager (not good), but I remember his password was set to expire today.

Is it possible that he started to get the prompt to enter in his credentials because of his password expiring today?


tshinder -> RE: authenication question (29.Apr.2003 1:08:00 PM)

Hi Dan,



lemonwater925 -> RE: authenication question (14.May2003 10:48:00 PM)

Shocking but that is the way it works. Brought this up with the ISA development team and they promised to look at it.

Seems that when ISA checks your credentials against the DC when your time is up it is up. If you logon to a domain and your password expires during the session you only get prompted the next time you logon. Seems that the ISA team was not on the same page as the desktop team.

Is a real pain but, when our help desk gets a call first thing they tell them to do is change their password and try again. Fixes it most of the time.

Guest -> RE: authenication question (15.May2003 4:04:00 AM)

I don't know if it is shocking or good. We've got some people who never shut down so they always miss the 15-day expiration warning and get prompted for ISA credentials. The first thing I do to troubleshoot is double-click on a network share and it tells me their password is expired.

pierreo -> RE: authenication question (4.Sep.2003 9:38:00 PM)

I would like to replace this credentail prompt by a warning message explaining the situation to the user. Is it possible?

AHIT -> RE: authenication question (5.Sep.2003 7:04:00 AM)

pierre: No, but you could edit the file in errorhtmls to indicate that this may be a possible reason. errmm... 407 I think it is. That way if the user keeps entering credentials or gives up they'll eb shown the ISA page and it includes some helpful information on why!

Ray: You could enforce logon times in NT/AD so a user is essentially kicked out when time expires basically forcing them to relogon...

gtlscot -> RE: authenication question (30.Sep.2003 3:29:00 PM)

We have a had a similar problem reported by one of our directors. Everytime he attempts to access the web he is asked for authentication. However, his account is not locked out or ready to expire. Access to the web is controlled in by membership of domain users group. All staff not requiring access to the internet are in a nointernet group. This user is not a member of the group.

Really struggling with this one.


Graeme Lockhart

AHIT -> RE: authenication question (1.Oct.2003 2:14:00 AM)

What's reported in your webdyyyymmdd.log Graeme?
Provided logging of all fields is turned on the logfile will tell you what rules were used to allow/deny a request.

gtlscot -> RE: authenication question (1.Oct.2003 9:21:00 AM)

The log files reference 12209 errors stating the user is not authenticated. I have now changed our log settings to log rules 1 and 2. Will report back when I contact the user and gain more information.


gtlscot -> RE: authenication question (2.Oct.2003 3:17:00 PM)

Problem solved. As this was the only reported inicident we re-created the users profile. Hey presto success.

Thanks everyone

Page: [1]