Ok I've searched for hours and I can't seem to find a solution to my problem.
I have our ISA2004 box set up as a Single Network Adaptor strictly used as a web proxy server. I'm using the auto discovery proxy for the clients.
Logging and tracking and everything to the outside internet sites all seem to be working properly but when it comes to going to our local Intranet webserver, users randomly get prompted to enter in their username and password.
The strange thing is that it seems to happen on subnets that are located outside of where the ISA server is located.
Network Information (domain/IP subnets are examples)
Primary Subnet 10.0.1.0 - ISA Server is located on this subnet
Remote location Subnets 10.0.2.0 (has own DHCP Server, dns from 1.0 subnet) 10.0.3.0 (has own DHCP Server, dns from 1.0 subnet) 10.0.4.0 (has own DHCP Server, dns from 1.0 subnet) 10.0.5.0 (has own DHCP Server, dns from 1.0 subnet)
Now, all subnets are able to browse the internet perfectly fine through the ISA server, but majority of the users in all the remote locations are being prompted when they go to http://intraweb.
I have ALL the subnets included within the internal network, but all the remote sites are popping up with the login prompts when the 1.0 subnet, everyone seems to be fine.
On the Web Proxy tab i have enable web proxy clients checked on Authentication....... Digest, Integrated, basic all checked Require all users to authenticate select domain is selected to our domain abc.com
Firewall client tab enable firewall client support for this network is checked ISA Server name is listed Automatically detect settings is checked
Web Browser Tab Bypass proxy is checked Directly access computers is checked *.abc.com is listed in direct access these servers or domains
So the question is, whats wrong and what am I missing?? I sincerely appreciate if anyone is able to help me out or at least point me in the right direction and I've hit a complete roadblock...
I'm using the auto discovery proxy for the clients.
And this….
quote:
On the Web Proxy tab Require all users to authenticate
=…..
quote:
Note 2: if the Require all users to authenticate Web Proxy setting is configured for the Internal interface of your ISA 2004 server, the request for the configuration script file (wpad.dat or wspad.dat) must be authenticated also. This means that for Internet Explorer an authentication prompt will pop-up. However, the Firewall client does not handle the "401 Authentication Required" response. Therefore, that request will fail. To solve that problem, check out the Microsoft Knowledge Base Article 885683.
It’s not recommended to use the “Require all users to authenticate” setting. You should configure authentication in your access rules.
quote:
Digest, Integrated, basic all checked
Digest? Why?
quote:
Firewall client tab enable firewall client support for this network is checked ISA Server name is listed Automatically detect settings is checked
Not applicable in your case, you’re running in “HORK” mode. Only Web Proxy client is supported.
quote:
Now, all subnets are able to browse the internet perfectly fine through the ISA server, but majority of the users in all the remote locations are being prompted when they go to http://intraweb.
After you get your auto discovery issue corrected; make sure you have the URL configured to bypass in IE. You might also try to configure the proxy settings manually to see if the loopback issue is resolved.
_____________________________
David Melvin Ohio MCSE: Security 2003, MCSA:Security 2003
This project was started by a consultant we had here who never finished the job so I've been forced to learn ISA Server so a lot of these settings were done by the consultant in the past...
So I've unchecked 'Require all users to authenticate'
Digest was there from the previous consultant, removed it. Only thing left is Integrated/basic
Whats “HORK” mode? Again I apologize for the lack of knowledge but I've been trying to learn all of ISA in a few days :(
I think the auto discovery is working properly because I can see the remote site users going through the proxy for internet traffic, its just an issue with our Intraweb site that prompts a username and password.
I've configured both DNS and DHCP with the wpad entries. Do both have to be done or can I just use DNS or just DHCP?
Whats “HORK” mode? Again I apologize for the lack of knowledge but I've been trying to learn all of ISA in a few days :(
No problem,
Hork mode is a single-nic deployment of ISA. With only one NIC, ISA firewall services are not available and you’re limited to Web proxy functions only.
quote:
I've configured both DNS and DHCP with the wpad entries.
This project was started by a consultant we had here who never finished the job so I've been forced to learn ISA Server so a lot of these settings were done by the consultant in the past...
Well you came to the right place for help. Hopefully what was completed by the consultant was done right?
Good luck,
RB
_____________________________
David Melvin Ohio MCSE: Security 2003, MCSA:Security 2003
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Cache] >> General >> Intranet being prompted for username and password on Single Network Adaptor setting 
Intranet being prompted for username and password on Si... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread