Hi Jim, OK, good. I haven't test out the scenario yet. I'll have to get the hotfix first, and then run it. So, the fix just breaks basic over HTTP, which isn't a big deal. I can't even blame my misunderstanding on the wording of the KB, because now that I read it again, its clear: "This hotfix permits you to control whether ISA Server requests Basic authentication for *non-secure* incoming HTTP Web requests. If you want ISA Server to request Basic authentication on non-secure connections, add the following registry key" Maybe they could put the "non-secure" entry in italics for goofballs like me :-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, July 13, 2003 12:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Microsoft Knowledge Base Article - 821724, a nasty one! http://www.ISAserver.org No; absotively, posilutely not. Basic delegation is alive and well. What's forever broken (and labeled as officially unsupported henceforce) is Basic over HTTP for any WPR on that server if the regkey is set. Are you saying that it broke delegation for you? I didn't see that in my testing... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! http://www.ISAserver.org Hi Jim, So, just to confirm that I have this right. Scenaro: 1. Install Feature Pack 1 2. Configure OWA Web Publishing Rule - Require SSL for the connection in the Web Publishing Rule 3. Configure the Web Publishing Rule to allow delegation of basic authentication credentials Result: Basic credentials are protected by SSL if the request is entered correct as HTTPS Basic credentials are NOT protected by SSL if users messes up and enters HTTP 4. Install Hotfix and configure the Registry per KB article Result: Breaks the cool delegation of basic credentials feature. There has to be a more elegant way to solve this problem, such as a redirect when they type http instead of https? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, July 12, 2003 9:11 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Microsoft Knowledge Base Article - 821724, a nasty one! http://www.ISAserver.org Remember, too; once you set this, you can't use ANY web publishing rules with basic credentials if the request comes in over HTTP. Believe it or not, that was actually a request. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, July 12, 2003 00:40 Subject: [isalist] Microsoft Knowledge Base Article - 821724, a nasty one! http://www.ISAserver.org Hi, Came across this one. Not pretty!! Best regards, Han Valk. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')