I'm hoping someone can help me...we currently have an ISA 2006 server which is protecting our network from the outside world and have got a number of different rules in place on the firewall for this purpose.
One of the rules is to block a group called 'Blocked Users' from accessing anything externally. This group has only got a few people in this group and the rule is to block only these people. I have however, recently discovered that this rule is also blocking 'Anonymous' user somehow even though I haven't specified it to block the 'Anonymous' user.
This is causing some issues for us in that there are a couple of sites which use Java and use anonymous user to connect to it that are being blocked which is causing issues as we need to connect to these sites. One of the sites is the VodaFone site (Australia) which is for mobile phones etc.
When I disable this particular rule it works fine but when I don't disable it just keeps displaying an isa 'authentication' dialog box and just doesn't work.
The reason why you are seeing ISA authentication prompt is that you are trying to access the website using local user credentials though you have selected the Integrated authentication on ISA web proxy. This requires you to login with Domain user to use it.
you Java issue which is sending annonymous requests can be resolved (Hopefully) by Allowing "Require All users to authenticate" on web proxy tab for internal interface
Remember, this will require all your client machines to be either Web proxy clients or Firewall Clients. You can not have SecureNAT clients accessing internet using this rule....
After installing this please run the ISA Data Packager from the Start, Programs, ISA Server, ISA Tools menu Select the ‘Collect data from one of the following repro scenarios’ radio button and select the ‘Basic Repro and Static Configuration’ option, select ‘Next’ and then ‘Start Data Collection’.
When the ISA Data Packager has initialized the various data captures you will be asked to press the Spacebar to start capturing data. This is going to capture a number of data outputs from a repro of the issue (Network traces, ISA tracing output, ISA logs) so before running this and pressing the spacebar please get set-up to repro the issue.
When you are ready to repro the issue press the spacebar, repro the issue and then press the spacebar again to stop the captures. If you can try to keep this the time you are capturing quite short that will help our analysis of the data.
The BPA will also gather config data from the ISA server that will help us understand your set-up and will output all the data captures to a file on the desktop called isapackage.cab.