Nothing you've offered changes my observations or the questions I asked. Yes, it's likely an ISA configuration issue; this is why I asked where the rule sits in the rule order. Have you examined the ISA logs to see what the ISA response to those connections was? ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] Sent: Wednesday, December 29, 2004 02:45 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Java problems. http://www.ISAserver.org Normaly behavoir is that all users who have access to the internet needs to authenticate before they can use the internet, so my default setup was that alle users from a specific domain group have internet access. This behavoir happens on a NT workstation, with a XP workstation, the problem doesn't exist. The site the users connecting to is a external site, so i'm unable to change the external site, and when i connect with a xp workstation, i don't have to authenticate on the external web site, so i think they don't use NTLM authentication. Cause of an other problem which i have posted here, i have disabled the rule for anonymous access to the site, so the problem raised again. With the proxy 2.0 server which we used before, we have no problems with the site, so i think it's a configuration problem within ISA 2004. An other expirence which i had with the migration from proxy to isa, was that i alway coud make use of the ftp protocol, but when chaning the settings to the isa server, i was unable to use it, after adding my self to the domain ftp group (which includes all users with ftp access), i was able to ftp again. Arjan > 99 times out of 10, this is an authentication issue. > Where does this rule sit in the overall order? > If you have any authenticated rules before this, your Java > app will likely fail. > As you can see from your rule, allowing anonymous (all users) > makes this traffic work. > Check with your Java runtime authors to see if they have an > update that supports Integrated (NTLM) authentication. > > -----Original Message----- > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > Sent: Monday, December 27, 2004 01:25 > To: [ISAserver.org Discussion List] > Subject: [isalist] Java problems. > > http://www.ISAserver.org > > When a user tries to connect to a site witch uses java, not > the whole screen is displays, the user is using Windows NT > with IE 5.5, when i try to reach the site everything goes > well, i'm using XP with IE 6, i need to turn off pop-ups for the site. > > I have created a rule for the site, so that the site can be > reached anonymous, all the other sites needs to be > authenticated. When the user tries again, there are no > problems with the site, i have wrote the following rule: > > Name Overheid.nl > Action Allow > Protocols HTTP/HTTPS > From Local,Internal > To overheid.nl (domain name set) > Users All Users > Schedule Always > > I'm running ISA 2004 as a proxy server only. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.