ISA Hotfixes and service packs DO NOT apply customer registry keys - never have; never will. Did you restart the ISA web proxy service? "12209" is pretty specific - the client failed to satisfy authentication requirements. Try adding "Rule#1" and "Rule#2" to the web proxy logs and retry the connections. The log will tell you what rule (if any) fired. ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ <http://isaserver.org/Jim_Harrison/> http://isatools.org <http://isatools.org/> Read the help / books / articles! ------------------------------------------------------- ________________________________ From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Monday, February 21, 2005 00:24 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deny List working too well!!! http://www.ISAserver.org Jim, Thanks, but I've already seem this post. The post states "This problem was first corrected in Internet Security and Acceleration Server 2000 Service Pack 1" And I'm running SP2. I have tried removing SP2 and re-applying SP1 and SP2 again, but no joy. I've tried adding the Registry key in, but with no luck. The exact error I'm getting is "HTTP 407 Proxy Authentication Required - The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. (12209) Internet Security and Acceleration Server" Regards, Steve Steve Lunn - PC & Network Support Microsoft MCP DDI: 01423 855101 Fax: 01423 855181 -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: 19 February 2005 02:05 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Deny List working too well!!! http://www.ISAserver.org Here y'go: http://support.microsoft.com/default.aspx?scid=kb;en-us;297324 -----Original Message----- From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx] Sent: Friday, February 18, 2005 7:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] Deny List working too well!!! http://www.ISAserver.org Hey Folks, I was wondering if someone could help me? We used to have ISA Server 2000 in a separate win2k domain in front of out NT4 domain and all worked well. There was a one way trust between them, so that an NT4 internet users user group was allowed access. While the group was allowed all HTTP access, there was a specific deny rule that blocked things like hotmail, e-bay and the more prolific ad-vendors. This worked fine and without a hitch. Back end of last year, we upgraded our NT4 domain to a win2k3 domain. All the trusts and everything were migrated and still everything worked fine. We decided to do away with the separate domain and rebuild the ISA server into our 2k3 domain. I installed Win2k3 on the box, did all the appropriate patching and installed and patched ISA server. This all seemed to go fine. When the users started using the server, some complained that they were being prompted for authentication. Being a frequent reader of the ISAServer.org forums and an ISA Server MCP, I set about trying to find the problem. After a seriously long time, I tracked the problem down, but I can't find a cure. When the user hits a site that has a blocked item in it (usually an advert), the server prompts for authentication if the user presses cancel three of four times the prompt goes away and the page displays as normal. Force authentication is off, and support never get prompted which I think is because we have FW Client on, but I don't want to roll out FW client to the organization unless I really have to. There are Content and Protocol rules that allow Internet Users out, and a Content rule that blocks specific URL's. This is identical to our old config, yet I can't get it to stop prompting for authentication when it hits a blocked site. Have I missed something blatantly obvious? When I contacted out third line support provider after a few days of try this and try that, they asked us to tick the box saying "If HTTP request, Redirect to this URL", which seems to have stopped it requesting the users for a logon, but it displays the redirected "Access Denied" page in the place of the blocked image. This seems to really confuse the users as they get a legitimate web page with half a dozen blocked pictures replaced by Access Denied messages. Please put me out of my misery and help me fix this annoying 'feature'. Regards, Steve Steve Lunn - PC & Network Support Microsoft MCP DDI: 01423 855101 Fax: 01423 855181 Homeowners Group consists of Homeowners Friendly Society Limited (HFSL), Registered and Incorporated under the Friendly Societies Act 1992, Reg. No. 964F, Homeowners Investment Fund Managers Limited (HIFML), Reg. No. 3224780, Homeowners Financial Administration Limited (HFAL), Reg. No. 4301736, Homeowners Membership Services Limited (HMSL), Reg. No. 3091667 and UK Friendly Insurance Services Limited (UKFISL), Reg. No. 3088162, all registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel: 01423 855000 Web: http://www.homeowners.co.uk HFSL and HIFML are both authorised and regulated by the Financial Services Authority (FSA). HFSL's FSA Register no. is 110072, HIFML's FSA Register no. is 181487. You can check this on the FSA's Register by visiting the FSA's website http://www.fsa.gov.uk/register or by contacting the FSA on 0845 606 1234 HFAL, HMSL and UKFISL are non-regulated limited companies. United Kingdom Civil Service Benefit Society (UKCSBS) and United Kingdom Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners Friendly Society Limited This e-mail is intended only for the person named as recipient. The contents are confidential. If you are not the intended recipient of this e-mail, please notify us as soon as possible and delete it. If you are not the intended recipient of the e-mail, any use by you is prohibited. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.