• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Authentication Issues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Installation >> ISA Authentication Issues Page: [1]
Message << Older Topic   Newer Topic >>
ISA Authentication Issues - 25.Mar.2005 2:51:00 PM   
We have an ISA 2004 Standard SP1 server running on Windows Server 2003 Standard. We plan to use it as a web proxy server for bandwidth management and content monitoring, nothing else.

I'm using Integrated Authentication and requiring users to authenticate, but I've noticed that users frequently are prompted for their username and password. Isn't this the point of Integrated Authentication?

How can I make this prompt disappear? Moreover, if that is impossible, how can I set the default domain? I know Basic Authentication has an option to set default domain, but Integrated Authentication has no such option. The domain defaults to the IP address of the ISA Server, so clients would have to authenticate as "Domain\User" or "User@Domain" which is well beyond their capacity.

  Post #: 1
RE: ISA Authentication Issues - 25.Mar.2005 4:33:00 PM   


Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline

IS tghe ISA server a member of the domain. For intergrated to work best ensure that it is. Seems like you are seeing the prompt because intergrated is failing and basic authentication is being attempted.

The default Domain setting if for Basic Auth Intergrated will pass the loged on USers credentials. But if ISA can verify intergrated fails hence the domain\username which = BASIC

[ March 25, 2005, 04:35 PM: Message edited by: cgregory ]

(in reply to Guest)
Post #: 2
RE: ISA Authentication Issues - 25.Mar.2005 4:41:00 PM   
I think I've narrowed down the problem a bit. When I install the Firewall Client, I keep getting an error of "unable to authenticate" and a red X on the FWClient icon in the taskbar. The only way I can get FWClient to work is set my firewall access policies to "All Users" and turn off the option, "Require all users to authenticate."

If I change the access rules to "Authenticated Users," the problem crops up again. It would appear the clients don't want to authenticate to the ISA box.

It should be noted that both the ISA server and the clients are in the same domain (single domain forest) and have no firewalls between them. I have verified that my ISA box is properly authenticating *itself* to the domain.

If I leave the access policies as "All Users" and don't set the authentication requirement flag, ISA is useless because the logs won't show user names.

Any ideas?

(in reply to Guest)
  Post #: 3
RE: ISA Authentication Issues - 25.Mar.2005 8:38:00 PM   


Posts: 687
Joined: 9.Aug.2001
From: OK, USA
Status: offline
Verfiy domain conectivity for the ISA server with NLtest or netdom. netgiag might not be a bad one to run as well. Since this is ISA 2004 I am also recommending you verify the rule set that allows the ISA server to communicate with the DCs and check your logs for more info on the requests.

(in reply to Guest)
Post #: 4
RE: ISA Authentication Issues - 25.Mar.2005 8:39:00 PM   


Posts: 1
Joined: 25.Mar.2005
From: Pittsburgh
Status: offline
We have three ISA Servers running an Array with a load balancer in front and it sounds like you are having the same problem that I had.

When having users authenticate, depending on which ISA Server they hit it would prompt them for their credentials. It would prompt them on 2 out of the three servers and it did not make any sense.

After banging my head for several hours, we finally found a white paper which fixed our problem. The problem was with the CrashOnAuditFail within the registry. The article states ISA 2000 but we are running ISA 2004 with 2003 servers and it fixed our problem, see below for link.


Within the registry, the server that worked by passing through the authentication was set to 1 for "CrashOnAuditFail", however, the other 2 servers had the "CrashOnAuditFail" set to 2 and they prompted the user for a username and password. After changing them to 1 and rebooted the servers, the users were no longer prompted for a username and password.

Hope this helps.

[ March 25, 2005, 09:09 PM: Message edited by: K. Turner ]

(in reply to Guest)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Installation >> ISA Authentication Issues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts