Authorization problem (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


kamil.brzak -> Authorization problem (8.Jan.2008 7:02:09 AM)

Hello,
I am solving a long term problem regarding ISA authentication, I guess. Time by time, when user types an URL into browser address line, ISA requires authentication. Regardless if user fill up domain account name and password or not, following text in browser is generated:





Network Access Message: The page cannot be displayed








Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

Try the following:


Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link. If you are still not able to view the requested page, try contacting your administrator or Helpdesk.










Technical Information (for support personnel)

Error Code: 407 Proxy Authentication Required. The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. (12209)
IP Address: (ip of ISA server) 
Date: 1/8/2008 10:03:09 AM
Server: (FQDN of ISA server) 
Source: proxy
I really do not know, where is the problem.
ISA server we use in single-network adapter mode and it lies in DMZ. ISA server is part of our domain.cz zone and its role is DNS slave server too. So the zone transfer among Master DNS and ISA is enabled, notification of new zone version is enabled too.
Internal network has two DNS servers, replication is in condition "replicate to all DCs in domain" and secured type of communication.
Firewall between internal network and DMZ has set the rules of enabling all tcp/ip/udp communication between internal network DNS servers and ISA server.

When issue occurs, on ISA server I can find out NETLOGON event issue (id:5719) and in DNS event log ID:3 (dns down) and immediately (2 sec after) ID:2 (dns up).

In Security log were IDs:537 (as well as 529 and 680) as failures. I can see in detail users tried to connect but unsuccessfully.

Someone encountered similar problems? Where could be a mistake? I can send more detailed information if necessary.

Thank you for any idea,




jmilito -> RE: Authorization problem (15.Feb.2008 3:37:30 PM)

Remove your authentication requirement on that particular rule by allowing "All Users".  Or if it is just for a particular website...  Create another rule and allow All Users HTTP/HTTPS access just to that site.




kamil.brzak -> RE: Authorization problem (6.Apr.2008 7:58:48 AM)

Hi,
thanks for a response. As the time blows I've found out the failure could be between DC/DNS and ISA. The troubles rised up when ISA lost connection with DC/DNS. The same problem I've got by changing DC/DNS server for another one. In some cases this situation occured. Solution was simple: to restart the DNS Client Service on ISA server and manually made Zone Transfer to Host.
This looks like the good way to beat this problem forever.

See you, and thx again!




Page: [1]