Dear all, I have the following configuration: Isa server Standard edition - Integrated Mode - SP1, feature pack 1. Outgoing webrequests: Ask unauthenticated users for identification. Protocol Rules configured Site and content Rules: configured. Up till now, everything went fine... I want to deny for one user (defined in AD)everything except a selected set (I therefore have created a destination set, created a content rule with 'All destinations except selected set' Action : Deny, added the user in the correct Protocol Rule set). Whenever I activate this rule, the user gets a popup in IE asking for authentication, although he types his password, he never gets authenticated. Trying to give him access to only this destination set using 'Selected set' - action Allow, results in the same behaviour. Whenever I put the same user in the AD group for Full access, he gets complete access but this isn't the goal. Can someone help me ?
Posts: 89
Joined: 21.Oct.2002
From: India
Status: offline
Hi! Katia, I had faced this same problem. My solution was very rough although it worked ok. I just deleted all the rules for this client, and then recreated them, and gave the Firewall, Web proxy and content services a restart. It worked fine. Sometimes the rules created take time to get implemented internally.
if something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.
A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called Firewall and Web Proxy log fields, a must read. Additional information can be found in the article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284818 .
it is only in the IP packet filter log there is a very limited payload logged. Moreover, by default only blocked packets are logged. For those blocked packets the payload can give you some very useful information. Therefore, I don't believe this should pose any problem. Of course, never enable the logging of allowed packets in a normal environment. It is only useful for debugging purposes and that should be done in a controlled environment.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Site and Content Rule problem 
Site and Content Rule problem - 
RE: Site and Content Rule problem - ![[Big Grin]](/image/smiles/biggrin.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread