We are behind an ISA 2006 Firewall. We are able to browse HTTP/HTTPS traffic from Internal to External, as long as we are authenticated users, which we ensure via the Firewall Client being installed on everybody's box. Everything works fine. When we try to access a certain remote Sharepoint site (not ours) we have the following issue:
When we attempt to access the remote SharePoint site via Internet Explorer (HTTP) from behind our ISA server, we authenticate once, and then are prompted to authenticate a few more times. Once the page loads, if you click on other links or buttons, you are prompted to input your credentials a few more times before the next page loads properly, which it does eventually for the first few pages. Eventually this behaviour repeats until you are served with a simply blank HTTP page. The ISA logs show a lot of "green" traffic that says Allowed Connection, but the traffic that shows when we are presented with the credential input box says "Status: 401 Unauthorized."
Now, if we attempt to access this same SharePoint site from the external world, we are asked to authenticate once, and that is the end of it. We can go about managing our site and exploring it like normal. The problematic behaviour occurs when the traffic comes from behind our ISA firewall.
One other piece of information that may be usefull is that we have this issue with following environment:
Windows XP (SP3) + IE7 Windows XP (SP3) + IE8 Windows Vista + IE7 Windows Vista (SP1) + IE8
With the same ISA server and access rules, same domainuser, same domaincomputer we don't have this issue when we use:
Windows XP (SP3) + Firefox Windows Vista + Firefox Windows Vista (SP2) + IE9 Windows 7 + IE8 Windows 7 + IE9 Windows 7 + Firefox
What did i try:
1. Place the external sharepoint site under local intranet zone in IE 2. Bypass proxy in IE for the external sharepoint site 3. Made a access rule to external sharepoint site and domain for all users 4. Changed the setting under local intranet zone > Security Tab>Select the Internet Zone>Custom Level> check "Automatic logon with current username and password.
= no luck
When i make a access rule: domaincomputer > external for all users then i can access the sharepoint site without the prompts.
Why it works with Windows 7 + IE8 and don't with XP + IE8, is perplexing me to great extents! If you can shed any light on this or help at all, I would be most gratefull.
Hi there, I am having the same problem. Did you find a solution? One thing that is unique about our external SharePoint environment we have our Domain Controller replicated. The user authentication happens on the primary side, but the site resides on the secondary side of the DC environment.
I am going to move the FSMO roles to the second DC and promote it and see if that fixes it.
Have you tried adding a direct access rule in ISA for the SharePoint IP and URL?
To achieve the type of login you would like with basic authentication you would have to have an ssl on the site, then the single sign-on would work.
If you add the site like this *.sharepointsite.com and www.sharepointsite.com to the trusted Intranet sites (not internet) IE will store the login information.
I have spoken to a couple of ISA folks and it looks like with a direct access rule in ISA to the site, and some tweaks to the firewall on the site side you may be able to get it to work.
Most everyone I have spoken to at this point does not think there is a solution on just the client side with ISA.
If you are sure the SharePoint site is secure, you could configure the URL to bypass ISA all together and then add the URL to the exceptions list under IE->Tools->Internet Options->Connections->LAN Settings->Advanced->Exceptions. I would make sure you have a good Anti-Virus on each workstation and verify with your SharePoint provider they are using a SQL virus scanner and a good hardware firewall on their side.
This worked for me for a while when one of our offices started using TMG.
If you find an answer with ISA client side only please post.