Hello. Don't post here often, so I'm not sure if this is in the right sub-forum or not.
Some background:
We have an ISA 2004 SP3 server set up in a single-armed (proxy) configuration.
Internal users -> ISA 2004 -> Cisco ASA -> Internet
Only members of a specific AD group can traverse it. For some reason, random users at random times will get re-authentication popups and need to put their credentials back in. Sometimes that results in the page being rendered, other times it does not... with the credentials re-popping up for every inline page element (graphics, etc).
We've tried clearing browser caches and rebooting and the like. Sometimes recreating the user (over the top) seems to work. I suspect it's something in the caching of credentials between ISA and the AD server, but I can't be sure... the ISA server logs don't seem to indicate anything (event logs, anyway).
I thought this issue might be resolved in SP3, but that didn't seem to help. I can't find rhyme or reason to the pattern of prompts, either...
Posts: 146
Joined: 30.Nov.2007
From: Argentina
Status: offline
Hi,
First check if you dont have comunication, authentication problems between Isa server and Domain controllers. Check Isa server event viewer. Is your Isa server a domain member ? Another thing to check is your isa server dns configuration.
1) I have communication, as 99.9% of username/password lookups work fine. As mentioned in the initial post, the problem appears random, and cannot be recreated at-will. 2) Event log on the ISA server contains no errors. (Aside from a couple of "decompress" errors for specific sites) 3) Yes, the ISA server is a domain member. 4) I'll set up a anyone-to-anywhere DNS rule and see what happens.
- "Require users to authenticate" is and has always been "off", so that's not it... - Windows Media Player is not involved in my cases... - Browser is IE, so that's not it... - The users in question DO belong to the approprate groups... - ISA server is not chained, so that's not it... - No intranet involved... both client and servers are in the "internal" group (single-homed, as mentioned above) - IIS not an issue... these are the same sites they access without issue at other times... - Basic AND Integrated authentication are turned on, not just the first... - Not a cached credentials issue... as the site worked fine 30 sec before...
Still working my way through a few others from that list.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> ISA 2004 SP3 Repeatedly Prompts Users for Credentials 
ISA 2004 SP3 Repeatedly Prompts Users for Credentials - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread