Intranet being prompted for username and password on Single Network Adaptor setting (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


blum81 -> Intranet being prompted for username and password on Single Network Adaptor setting (27.Nov.2008 7:13:36 PM)

Ok I've searched for hours and I can't seem to find a solution to my problem.

I have our ISA2004 box set up  as a Single Network Adaptor strictly used as a web proxy server.  I'm using the auto discovery proxy for the clients. 

Logging and tracking and everything to the outside internet sites all seem to be working properly but when it comes to going to our local Intranet webserver, users randomly get prompted to enter in their username and password.

The strange thing is that it seems to happen on subnets that are located outside of where the ISA server is located.

Network Information (domain/IP subnets are examples)

Primary Subnet
10.0.1.0 - ISA Server is located on this subnet

Remote location Subnets
10.0.2.0  (has own DHCP Server, dns from 1.0 subnet)
10.0.3.0  (has own DHCP Server, dns from 1.0 subnet)
10.0.4.0  (has own DHCP Server, dns from 1.0 subnet)
10.0.5.0  (has own DHCP Server, dns from 1.0 subnet)

Now, all subnets are able to browse the internet perfectly fine through the ISA server, but majority of the users in all the remote locations are being prompted when they go to http://intraweb

I have ALL the subnets included within the internal network, but all the remote sites are popping up with the login prompts when the 1.0 subnet, everyone seems to be fine.

On the Web Proxy tab
i have enable web proxy clients checked
on Authentication.......
Digest, Integrated, basic all checked
Require all users to authenticate
select domain is selected to our domain abc.com

Firewall client tab
enable firewall client support for this network is checked
ISA Server name is listed
Automatically detect settings is checked

Web Browser Tab
Bypass proxy is checked
Directly access computers is checked
*.abc.com is listed in direct access these servers or domains

So the question is, whats wrong and what am I missing??  I sincerely appreciate if anyone is able to help me out or at least point me in the right direction and I've hit a complete roadblock...

Thank you very much in advance




blum81 -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (27.Nov.2008 7:28:05 PM)

One thing I forgot to mention is that I forgot to add the 252 entry in DHCP for the remote sites but after adding that I'm still getting prompted....  [:@]




Rotorblade -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (28.Nov.2008 1:04:09 PM)

With this…
quote:


  I'm using the auto discovery proxy for the clients. 


And this….

quote:


On the Web Proxy tab
Require all users to authenticate



=…..

quote:




Note 2: if the Require all users to authenticate Web Proxy setting is configured for the Internal interface of your ISA 2004 server, the request for the configuration script file (wpad.dat or wspad.dat) must be authenticated also. This means that for Internet Explorer an authentication prompt will pop-up. However, the Firewall client does not handle the "401 Authentication Required" response. Therefore, that request will fail. To solve that problem, check out the Microsoft Knowledge Base Article 885683.

Taken from:

http://www.isaserver.org/articles/ISA2004_ClientAutoConfig.html





It’s not recommended to use the “Require all users to authenticate” setting. You should configure authentication in your access rules.

quote:


Digest, Integrated, basic all checked


Digest? Why?




quote:


Firewall client tab
enable firewall client support for this network is checked
ISA Server name is listed
Automatically detect settings is checked



Not applicable in your case, you’re running in “HORK” mode. Only Web Proxy client is supported.



quote:


Now, all subnets are able to browse the internet perfectly fine through the ISA server, but majority of the users in all the remote locations are being prompted when they go to http://intraweb


After you get your auto discovery issue corrected; make sure you have the URL configured to bypass in IE. You might also try to configure the proxy settings manually to see if the loopback issue is resolved.





blum81 -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (28.Nov.2008 1:24:00 PM)

Thanks for the reply Roto.

This project was started by a consultant we had here who never finished the job so I've been forced to learn ISA Server so a lot of these settings were done by the consultant in the past...

So I've unchecked 'Require all users to authenticate'

Digest was there from the previous consultant, removed it.  Only thing left is Integrated/basic

Whats “HORK” mode?  Again I apologize for the lack of knowledge but I've been trying to learn all of ISA in a few days :(

I think the auto discovery is working properly because I can see the remote site users going through the proxy for internet traffic, its just an issue with our Intraweb site that prompts a username and password.

I've configured both DNS and DHCP with the wpad entries.  Do both have to be done or can I just use DNS or just DHCP?

Thanks again for your help..




Rotorblade -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (28.Nov.2008 4:36:39 PM)

quote:


Whats “HORK” mode?  Again I apologize for the lack of knowledge but I've been trying to learn all of ISA in a few days :(


No problem,

Hork mode is a single-nic deployment of ISA. With only one NIC, ISA firewall services are not available and you’re limited to Web proxy functions only.

quote:

 
I've configured both DNS and DHCP with the wpad entries. 


You may want to take a look at this article:
http://technet.microsoft.com/en-us/library/cc713344.aspx

If you read through the article, you will find that when using auto discovery through DNS; DNS listens using port 80 and needs to be configured so.

DHCP should be fine.

HTH

RB





Rotorblade -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (28.Nov.2008 4:54:40 PM)

quote:


This project was started by a consultant we had here who never finished the job so I've been forced to learn ISA Server so a lot of these settings were done by the consultant in the past...


Well you came to the right place for help. Hopefully what was completed by the consultant was done right?

Good luck,

RB





blum81 -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (28.Nov.2008 4:57:47 PM)

quote:

ORIGINAL: Rotorblade

Well you came to the right place for help. Hopefully what was completed by the consultant was done right?

Good luck,

RB




Not even close...  He basically left me with a car in 10,000 pieces, put together the frame and 1 tire and left lol. 

I'll be reading the technet article you included and I will keep you posted.

Cheers,
B




Rotorblade -> RE: Intranet being prompted for username and password on Single Network Adaptor setting (28.Nov.2008 5:20:06 PM)

I was afraid that might be the case. Have a good weekend.

RB




Page: [1]