• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Intranet being prompted for username and password on Single Network Adaptor setting

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Intranet being prompted for username and password on Single Network Adaptor setting Page: [1]
Login
Message << Older Topic   Newer Topic >>
Intranet being prompted for username and password on Si... - 27.Nov.2008 7:13:36 PM   
blum81

 

Posts: 11
Joined: 31.Oct.2008
Status: offline
Ok I've searched for hours and I can't seem to find a solution to my problem.

I have our ISA2004 box set up  as a Single Network Adaptor strictly used as a web proxy server.  I'm using the auto discovery proxy for the clients. 

Logging and tracking and everything to the outside internet sites all seem to be working properly but when it comes to going to our local Intranet webserver, users randomly get prompted to enter in their username and password.

The strange thing is that it seems to happen on subnets that are located outside of where the ISA server is located.

Network Information (domain/IP subnets are examples)

Primary Subnet
10.0.1.0 - ISA Server is located on this subnet

Remote location Subnets
10.0.2.0  (has own DHCP Server, dns from 1.0 subnet)
10.0.3.0  (has own DHCP Server, dns from 1.0 subnet)
10.0.4.0  (has own DHCP Server, dns from 1.0 subnet)
10.0.5.0  (has own DHCP Server, dns from 1.0 subnet)

Now, all subnets are able to browse the internet perfectly fine through the ISA server, but majority of the users in all the remote locations are being prompted when they go to http://intraweb

I have ALL the subnets included within the internal network, but all the remote sites are popping up with the login prompts when the 1.0 subnet, everyone seems to be fine.

On the Web Proxy tab
i have enable web proxy clients checked
on Authentication.......
Digest, Integrated, basic all checked
Require all users to authenticate
select domain is selected to our domain abc.com

Firewall client tab
enable firewall client support for this network is checked
ISA Server name is listed
Automatically detect settings is checked

Web Browser Tab
Bypass proxy is checked
Directly access computers is checked
*.abc.com is listed in direct access these servers or domains

So the question is, whats wrong and what am I missing??  I sincerely appreciate if anyone is able to help me out or at least point me in the right direction and I've hit a complete roadblock...

Thank you very much in advance
Post #: 1
RE: Intranet being prompted for username and password o... - 27.Nov.2008 7:28:05 PM   
blum81

 

Posts: 11
Joined: 31.Oct.2008
Status: offline
One thing I forgot to mention is that I forgot to add the 252 entry in DHCP for the remote sites but after adding that I'm still getting prompted.... 

(in reply to blum81)
Post #: 2
RE: Intranet being prompted for username and password o... - 28.Nov.2008 1:04:09 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
With this…
quote:


  I'm using the auto discovery proxy for the clients. 


And this….

quote:


On the Web Proxy tab
Require all users to authenticate



=…..

quote:




Note 2: if the Require all users to authenticate Web Proxy setting is configured for the Internal interface of your ISA 2004 server, the request for the configuration script file (wpad.dat or wspad.dat) must be authenticated also. This means that for Internet Explorer an authentication prompt will pop-up. However, the Firewall client does not handle the "401 Authentication Required" response. Therefore, that request will fail. To solve that problem, check out the Microsoft Knowledge Base Article 885683.

Taken from:

http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html





It’s not recommended to use the “Require all users to authenticate” setting. You should configure authentication in your access rules.

quote:


Digest, Integrated, basic all checked


Digest? Why?




quote:


Firewall client tab
enable firewall client support for this network is checked
ISA Server name is listed
Automatically detect settings is checked



Not applicable in your case, you’re running in “HORK” mode. Only Web Proxy client is supported.



quote:


Now, all subnets are able to browse the internet perfectly fine through the ISA server, but majority of the users in all the remote locations are being prompted when they go to http://intraweb


After you get your auto discovery issue corrected; make sure you have the URL configured to bypass in IE. You might also try to configure the proxy settings manually to see if the loopback issue is resolved.



_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to blum81)
Post #: 3
RE: Intranet being prompted for username and password o... - 28.Nov.2008 1:24:00 PM   
blum81

 

Posts: 11
Joined: 31.Oct.2008
Status: offline
Thanks for the reply Roto.

This project was started by a consultant we had here who never finished the job so I've been forced to learn ISA Server so a lot of these settings were done by the consultant in the past...

So I've unchecked 'Require all users to authenticate'

Digest was there from the previous consultant, removed it.  Only thing left is Integrated/basic

Whats “HORK” mode?  Again I apologize for the lack of knowledge but I've been trying to learn all of ISA in a few days :(

I think the auto discovery is working properly because I can see the remote site users going through the proxy for internet traffic, its just an issue with our Intraweb site that prompts a username and password.

I've configured both DNS and DHCP with the wpad entries.  Do both have to be done or can I just use DNS or just DHCP?

Thanks again for your help..

(in reply to Rotorblade)
Post #: 4
RE: Intranet being prompted for username and password o... - 28.Nov.2008 4:36:39 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:


Whats “HORK” mode?  Again I apologize for the lack of knowledge but I've been trying to learn all of ISA in a few days :(


No problem,

Hork mode is a single-nic deployment of ISA. With only one NIC, ISA firewall services are not available and you’re limited to Web proxy functions only.

quote:

 
I've configured both DNS and DHCP with the wpad entries. 


You may want to take a look at this article:
http://technet.microsoft.com/en-us/library/cc713344.aspx

If you read through the article, you will find that when using auto discovery through DNS; DNS listens using port 80 and needs to be configured so.

DHCP should be fine.

HTH

RB



_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to blum81)
Post #: 5
RE: Intranet being prompted for username and password o... - 28.Nov.2008 4:54:40 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:


This project was started by a consultant we had here who never finished the job so I've been forced to learn ISA Server so a lot of these settings were done by the consultant in the past...


Well you came to the right place for help. Hopefully what was completed by the consultant was done right?

Good luck,

RB



_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to Rotorblade)
Post #: 6
RE: Intranet being prompted for username and password o... - 28.Nov.2008 4:57:47 PM   
blum81

 

Posts: 11
Joined: 31.Oct.2008
Status: offline
quote:

ORIGINAL: Rotorblade

Well you came to the right place for help. Hopefully what was completed by the consultant was done right?

Good luck,

RB




Not even close...  He basically left me with a car in 10,000 pieces, put together the frame and 1 tire and left lol. 

I'll be reading the technet article you included and I will keep you posted.

Cheers,
B

(in reply to Rotorblade)
Post #: 7
RE: Intranet being prompted for username and password o... - 28.Nov.2008 5:20:06 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
I was afraid that might be the case. Have a good weekend.

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to blum81)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> General >> Intranet being prompted for username and password on Single Network Adaptor setting Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts