http://www.ISAserver.org ------------------------------------------------------- (Hi, Dan) Problem: WMP sometimes displays auth prompts even though the logged-on user account is resolvable by ISA and has permissions to access the content through ISA policies. Scenario: ISA web proxy is configured for Windows Integrated authentication ISA enforces authentication for HTTP traffic WinMedia Player is configured to use a proxy (includes "autodiscover" or "browser") for HTTP protocol Discussion: When WMP is acting as a web (CERN) proxy client, and the proxy requires Windows Integrated authentication, WMP will not auto-authenticate to the proxy if the proxy is specified as either FQDN or IP address. If the proxy is specified as NetBIOS (unqualified) name, WMP will auto-authenticate using the interactive account credentials. If the proxy requires Basic or Digest auth, an auth prompt is expected, regardless of how the proxy is specified. This behavior is the same if the proxy is obtained via an autoconfiguration (wpad) script. By default, ISA 2004+ lists the proxies using their IP addresses in the wpad script. This default was chosen to prevent name resolution errors from impeding normal client-to-web proxy communications. While this works well enough for browsers, WMP "has issues" (yeh; we'll go with that) when the proxy is specified using anything other than NetBIOS name. Solution (two-part): 1. Disable the proxy settings for HTTP (pick one). - Using WMP; Tools, Options, Network, Protocols, HTTP, set to "None" - Using Regedit: Key: HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP Name: ProxyStyle Type: DWORD Value: 0 - Using GPO; under "User Configuration\Administrative Templates\Windows Components\Windows Media Player\Networking", set the "Configure HTTP Proxy" option to "Disabled" 2. Install the FWC from MS downloads http://www.microsoft.com/downloads/details.aspx?FamilyID=05c2c932-b15a-4990-b525-66380743da89 After making this change, the FWC will handle all HTTP requests from WMP and ISA authentication will now be satisfied through the FWC control channel instead of the HTTP protocol mechanisms. This will stop the random auth prompts from WMP. Enjoy, JimmyJoeBob Alooba ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx