Setup: ISA Server2004 Edge firewall SP2 (just went live with the following problem). We use Web Proxy clients via wpad.dat provided by DHCP (windows 2003).
Problem: On some clients the wpad.dat file is not downloaded and they are not able to surf. I have this on XP SP2 and W2K SP4 clients. Users are administrator of their PC. As test I've put them also in the New. Config. Op. group but still the same problem.
A work-around is to clear the "Automatically detect settings" check box in IE and to check it again (strange?).
The docs you mention describe a delay problem. For me it's not a delay problem. After the ISA was implemented, on most clients, the first time they tried to access the Internet it failed (isa denied access). I have a rule based on user authentication to access the Internet.
After investigation I found out that the client clients don't receive the wpad.dat at all. A quick solution is to clear the "Automatically detect settings" check box in IE and to check it again it (strange) and they receive the wpad.dat file and are able to surf. This setting is applied by a gpo. After this everything is ok for a client even after a restart.
Sorry to come back on the subject but it creates some work-load (calls) for our helpdesk. Imagine you have about 1000 clients.
Even if it's a default setting (autonatically detect settings checked), I need to make sure that this settings is checked because it could be un-checked for wathever reason. Else users are not able to access the Internet, call the helpdesk, ...
In one of our GPO I configure user settings - windows settings - ie maintenance - connection - automatic browser config - checked automatic detect config settings.
A client which has this problem has this setting checked, so normally it should work. Strange enough when I than clear the setting and check it again it works. Also after a restart the problem is gone.
Do you know where I can find the "Autoproxutil"command tool?
Other workaround I've read in the document is to delete the following HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections registry key entries: - DefaultConnectionSettings. This entry specifies the configuration of the default connection used by Internet Explorer. - SavedLegacySettings. This entry is a copy of DefaultconnectionSettings, and specifies the configuration used by network connections other than the default connection.
When Internet Explorer is launched and gets the Wpad.dat file, it flags the value DefaultconnectionSettings at the offset 59 with the value 05. This offset is designed to indicate that Internet Explorer should send a DHCP Inform to get the Wpad.dat file, and changes the offset 59 of the value DefaultConnectionSettings to 05. To force Internet Explorer to get the new URL to the Wpad.dat file, the offset 59 should be set to 01. The Autoproxutil tool is used to do this. To run the Autoproxutil tool, execute the command: • Autoproxutil /f:3
This command forces Internet Explorer to send a DHCP Inform the next time it is launched.
Other workarounds: • Clear or select the Automatically detect settings option. • Execute the Autoproxutil tools in a logon script. • Delete the DefaultConnectionSettings and SavedLegacySettings registry keys.
< Message edited by Nik007 -- 21.Feb.2007 5:43:44 AM >
I'm not able to test this in our live-environment. We are WW (we=EMEA, US, ASIA) connected by a private network and have 1 domain e.g. abc.com. If I configure it via the DNS method, users in other offices e.g. US will get the wrong gateway and are going via our Internet connection in EMEA (Belgium). That's is the reason why I configured it via dhcp. Besides the ww private network has every office his own Internet access. In our case protected by ISA.