I'm not using the "Require all users to authenticate" setting in the Internal network web proxy listner. I'm not able to take a look in the web proxy logs, cause off performance issues i have turned off the logging for ISA completly, i know it's diffucult to analyze the problem this way, i will turn it back on, and hope the problem apears again. > Can you forward me your ISAInYou also stated: I do not understand the meaning of the line above. > "Normaly behavoir is that all users who have access to the > internet needs to authenticate before they can use the > internet, so my default setup was that alle users from a > specific domain group have internet access." > Are you also using the "Require all users to authenticate" > setting in the Internal network web proxy listener? > > You haven't said; what do you find in the web proxy logs for > the failing connections? > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > > > > -----Original Message----- > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > Sent: Wednesday, December 29, 2004 11:16 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Java problems. > > http://www.ISAserver.org > > My order of rules is : > > Name Action Protocols From To > Condition > Windows Update Allow HTTP/HTTPS > Internal Windows > update All Users > Overheid.nl Allow HTTP/HTTPS Internal > Overheid.Nl All Users > HTTP/HTTPS Allow HTTP/HTTPS Internal > External Domain Users > > The rule is on the second place, and there are no > authorisation rules before. > > Arjan > > > Nothing you've offered changes my observations or the questions I > > asked. > > Yes, it's likely an ISA configuration issue; this is why I > asked where > > the rule sits in the rule order. > > Have you examined the ISA logs to see what the ISA response > to those > > connections was? > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > > Sent: Wednesday, December 29, 2004 02:45 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Java problems. > > > > http://www.ISAserver.org > > > > Normaly behavoir is that all users who have access to the internet > > needs to authenticate before they can use the internet, so > my default > > setup was that alle users from a specific domain group have > internet > > access. > > > > This behavoir happens on a NT workstation, with a XP > workstation, the > > problem doesn't exist. > > > > The site the users connecting to is a external site, so i'm > unable to > > change the external site, and when i connect with a xp > workstation, i > > don't have to authenticate on the external web site, so i > think they > > don't use NTLM authentication. > > > > Cause of an other problem which i have posted here, i have disabled > > the rule for anonymous access to the site, so the problem raised > > again. > > > > With the proxy 2.0 server which we used before, we have no problems > > with the site, so i think it's a configuration problem within ISA > > 2004. > > > > An other expirence which i had with the migration from > proxy to isa, > > was that i alway coud make use of the ftp protocol, but > when chaning > > the settings to the isa server, i was unable to use it, > after adding > > my self to the domain ftp group (which includes all users with ftp > > access), i was able to ftp again. > > > > Arjan > > > > > 99 times out of 10, this is an authentication issue. > > > Where does this rule sit in the overall order? > > > If you have any authenticated rules before this, your > Java app will > > > likely fail. > > > As you can see from your rule, allowing anonymous (all > users) makes > > > this traffic work. > > > Check with your Java runtime authors to see if they have > an update > > > that supports Integrated (NTLM) authentication. > > > > > > -----Original Message----- > > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > > > Sent: Monday, December 27, 2004 01:25 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] Java problems. > > > > > > http://www.ISAserver.org > > > > > > When a user tries to connect to a site witch uses java, not > > the whole > > > screen is displays, the user is using Windows NT with IE > > 5.5, when i > > > try to reach the site everything goes well, i'm using XP > > with IE 6, i > > > need to turn off pop-ups for the site. > > > > > > I have created a rule for the site, so that the site can > be reached > > > anonymous, all the other sites needs to be authenticated. > When the > > > user tries again, there are no problems with the site, i > have wrote > > > the following rule: > > > > > > Name Overheid.nl > > > Action Allow > > > Protocols HTTP/HTTPS > > > From Local,Internal > > > To overheid.nl (domain name set) > > > Users All Users > > > Schedule Always > > > > > > I'm running ISA 2004 as a proxy server only. > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: > http://www.windowsnetworking.com Leading > > Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: > http://www.msexchange.org Windows > > Security Resource Site: > > http://www.windowsecurity.com/ Network Security Library: > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > jim@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: > http://www.windowsnetworking.com Leading > > Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: > http://www.msexchange.org Windows > > Security Resource Site: > > http://www.windowsecurity.com/ Network Security Library: > > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > ahendriks@xxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: ahendriks@xxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx >