It has nothing to do with HTTP vs. HTTPS. If the Web client issues a request to ISA, and you define authentication as a requirement, then the client has to satisfy that requirement. You can't get authentication without denying the initial anonymous request. The only way to tell what is failing or working is to compare the logs against a netcap for a specific test. You can't do this for old events unless you're continually capturing network traffic at the ISA itself. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Neil Cassidy Sent: Wednesday, October 13, 2010 07:17 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA 2004 web proxy authentication Is it by design for SSL only? I guess my application is a bad negotiator. Is there a way to stop it from being denied (short of turning off the firewall or adding manual exceptions each time)? Thanks. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, October 13, 2010 9:54 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA 2004 web proxy authentication This is operating by design. Computers aren't authorized; users are. Most Web applications will try anonymous requests, get rejected by the proxy, then negotiate a mutually acceptable auth mechanism. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Neil Cassidy Sent: Thursday, October 07, 2010 2:01 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] ISA 2004 web proxy authentication I seem to have an ongoing problem with the web proxy authentication. I get frequent denied due to anonymous proxy entries from the same computer that also has non-anonymous entries. I am not sure but it may just be SSL tunnel through port 443 that it happens to, that is the only instance I could get to occur and fail just recently. I basically get the 12209 failure due to authorization required, but I am on a computer that is otherwise authorized. All users must authenticate (or whatever it says exactly) is NOT checked off. If I uncheck "use a proxy server" in internet explorer, it seems to work, but I don't think I should have to uncheck that. Why does ISA not recognize the authorization some times? Sorry for my lack of a direct question and my ISA-LESS knowledge, which I ain't to proud to admit to. Thanks.