[isalist] Re: ISA 2004 web proxy authentication

It has nothing to do with HTTP vs. HTTPS.

If the Web client issues a request to ISA, and you define authentication as
a requirement, then the client has to satisfy that requirement.

You can't get authentication without denying the initial anonymous request.

The only way to tell what is failing or working is to compare the logs
against a netcap for a specific test.

You can't do this for old events unless you're continually capturing network
traffic at the ISA itself.

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Neil Cassidy
Sent: Wednesday, October 13, 2010 07:17
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2004 web proxy authentication

 

Is it by design for SSL only?  I guess my application is a bad negotiator.
Is there a way to stop it from being denied (short of turning off the
firewall or adding manual exceptions each time)?

 

Thanks.

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Wednesday, October 13, 2010 9:54 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2004 web proxy authentication

 

This is operating by design.

Computers aren't authorized; users are.

Most Web applications will try anonymous requests, get rejected by the
proxy, then negotiate a mutually acceptable auth mechanism.

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Neil Cassidy
Sent: Thursday, October 07, 2010 2:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] ISA 2004 web proxy authentication

 

I seem to have an ongoing problem with the web proxy authentication.  I get
frequent denied due to anonymous proxy entries from the same computer that
also has non-anonymous entries.  I am not sure but it may just be SSL tunnel
through port 443 that it happens to, that is the only instance I could get
to occur and fail just recently.  I basically get the 12209 failure due to
authorization required, but I am on a computer that is otherwise authorized.
All users must authenticate (or whatever it says exactly) is NOT checked
off.  If I uncheck "use a proxy server" in internet explorer, it seems to
work, but I don't think I should have to uncheck that.  Why does ISA not
recognize the authorization some times?  


Sorry for my lack of a direct question and my ISA-LESS knowledge, which I
ain't to proud to admit to.


Thanks.

Other related posts: