Hi Shinder-sama, May I know the reason why for "never"? Thanks, Roy Tsao > Hi Roy, > > I think I might understand your problem now. > > You should *never* enable the "ask unauthenticated users to > authenticate" option. If you want to force authenticaiton, use Access > Rules=20 > > HTH,=20 > > > Tom > www.isaserver.org/shinder > Tom and Deb Shinder's Configuring ISA Server 2004 > http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > -----Original Message----- > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=20 > Sent: Monday, May 30, 2005 1:56 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > http://www.ISAserver.org > > To All Married Guys, > > > The disucssion threads caused by me seems to be overflow while > I really want to make sure the correct configuration and get > to know the working merchanism. To summarize the past discussion, > what I want to know is=20 > - based on Client type: 1) FWC 2)WPC (webproxy) > - at conditions: "webproxy authentication is enabled" > "autoproxy configuration shall be applied" > autodisvoery is properly configured already > - result: right configuration so that no popup ask for authencaiton =20 > in web browsing > =20 > After verious kinds of test in my VM, the situation is like this: > 1) FWC: > problem 1): if select "autodect ISA server" at FWC, it fails > to find out unless "webproxy authentication is disabled" > problme 2): if only select "autoconfig script" option at FWC tab > for interal network configuration, popup windows > asking for authentication comes up unless modify > the autoscript URL by replace "ISA_FQDN" into > "isa_host_name" > no popup authentication windows only when select "autodetect" at > at FWC tab for interal network configuration. > > 2) WPC: > problem 3): in addtion to check webproxy agent, enable either > autodectection or autodectation option at brower > will bring up authentication windows (this > must be caused by webproxy authenciation requirement), > keep click cancel "Pop-up" so that broswer act > just as natural WPC without autoconfiguration data to > pass > authentication. > WPC must be manually setup including bypass list at client brower > side. > > As a conclusion, there is setting limitation for autoproxy/detection > when "webproxy authentication is required for all users". Kindly > let me know your some explanation for above problem 1) -3) if you=20 > think I am wrong. > > Thanks, > > Roy Tsao > > =20 > > > > Hi Roy-sama > >=20 > > The entries in DNS or DHCP provide the client information about how to > > get the autoconfiguration information. That information is published > on > > the autodiscovery port you configure on the ISA firewall. > >=20 > > HTH,=3D20 > >=20 > >=20 > > Tom > > www.isaserver.org/shinder > > Tom and Deb Shinder's Configuring ISA Server 2004 > > http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > >=20 > >=20 > > -----Original Message----- > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=3D20 > > Sent: Friday, May 27, 2005 1:00 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > >=20 > > http://www.ISAserver.org > >=20 > > Thank you Shinder-san. Yup, I did know the setting for autodiscovrey > > through both DHCP and DNS BUT BUT I have not known this kind of > > setting for WPAD also needed for "Autoconfig", if so I have taken > > a basic wrong concept regarding autocnfig setting, believe > > not small number of ISA guys are the same, then I could understand > > many posts in local forum here asking about why POPUP window > > for authenciation though autoconfig is setted up.=3D20 > >=20 > >=20 > > > Hi Roy, > > >=3D20 > > > Works the same in ISA Server 2004 (mostly): > > >=3D20 > > > =3D > > > http://www.isaserver.org/img/upl/isaedukit/5automate/5automate.htm=3D3D20= > > > >=3D20 > > >=3D20 > > > Tom > > > www.isaserver.org/shinder > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > >=3D20 > > >=3D20 > > > -----Original Message----- > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=3D3D20 > > > Sent: Friday, May 27, 2005 8:14 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > >=3D20 > > > http://www.ISAserver.org > > >=3D20 > > > S guy, > > >=3D20 > > > To be perfectly honest with you, it is first time for me to know > > > wpad entry is reuired in dns for "autoproxy" I/O "autodectection" > > > (=3D3D3Dautodisvoery). I never know it shall be prepare for > webproxy/fwc > > > client! > > >=3D20 > > > Thanks, > > >=3D20 > > > Roy Tsao > > >=3D20 > > > P.S.: why don't you spend you time with you lovely wife, network is > > not > > > your main after your marriage otherwise your wife shall complain you > a > > > lot > > > in talking with lot of guys known! Kidding!!! > > >=3D20 > > >=3D20 > > > > Roy > > > >=3D3D20 > > > > Yes you need a wpad entry in dns pointing to the internal ip of > isa. > > > >=3D3D20 > > > > Also make sure your wpad string is http://wpad/wpad.dat > > > >=3D3D20 > > > >=3D3D20 > > > > WITH NO PORT NUMBER after the 1st wpad > > > >=3D3D20 > > > > S > > > >=3D3D20 > > > > -----Original Message----- > > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]=3D3D20 > > > > Sent: Friday, May 27, 2005 10:03 AM > > > > To: ISA Mailing List > > > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > > >=3D3D20 > > > > http://www.ISAserver.org > > > >=3D3D20 > > > > Dear Jim-san, > > > >=3D3D20 > > > > Sorry for disturbing you a lot but please be advised that I am not > > > pro. > > > > in network (it is just my private fan to learn computer network > > which > > > is > > > > far from my present career), nor I am a native English speaker but > > > > oriental guy, please be patient! > > > >=3D3D20 > > > > 1) unfiltered logs: I am not trying to hide it but it will be very > > > hard > > > > for you to read it out since my ISA version is not English so > you > > > > may not judge what it is. May I try to take it out and send it > to > > > > your private address. > > > > 2) Brower configuration: the brower at client end has no setting > > since > > > > FWC is installed namely initially not setting and it becomes > > > > autoconfiguration webproxy client as per FWC's setting. The > > > > autoconfiguration is checked finally with no other options. That's > > why > > > I > > > > did not answer the browser's question > > > > 3) Request merchanisam on http://wpad...: It is really a helpful > > > > information for me to know those form you. I can download wpad.dat > > if > > > I > > > > replace "wpad" > > > > into "firewall_host_name:8080". Shall I sent this file to you? > Also, > > > do > > > > I need to configure DHCP to point WPAD into right ISABOX internal > > > > address, I am getting confused in WPADed things aside from > > > > autodectection. > > > >=3D3D20 > > > > Thanks, > > > >=3D3D20 > > > > Roy Tsao > > > >=3D3D20 > > > > > The discussion centers on "autoconfiguration". > > > > > This functionality is based on a request for > http://wpad/wpad.dat > > > from > > > >=3D3D20 > > > > > the browser and http://wpad/wspad.dat from the FWC. > > > > > This is why I want you to examine the wpad.dat. > > > > >=3D3D20 > > > > > You still have not answered the browser question. > > > > > You still have not provided unfiltered log entries. > > > > >=3D3D20 > > > > > This isn't magic, Roy and I don't read minds. > > > > > I do tire of playing oral surgeon, though. > > > > >=3D3D20 > > > > > -----Original Message----- > > > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > > > > > Sent: Thursday, May 26, 2005 9:04 PM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: Help with the web proxy setup in ISA 2004 > > > > >=3D3D20 > > > > > http://www.ISAserver.org > > > > >=3D3D20 > > > > > Dear Harrison-san, > > > > > =3D3D20 > > > > > The setting of my present VM lab ISA box is: > > > > > - Access rules only two: > > > > > 1) allow internal to external/all protocol /all users > > > > > 2) deny all as default > > > > > =3D3D20 > > > > > - Internal Network Property: > > > > > <Firewall Client>=3D3D20 > > > > > [CHECK] Enable Firewall Client support > > > > > [UNCHECK] Auto detect setting > > > > > [CHECK] Auto config script > > > > > [SELECT] Use custom URL =3D3D3D > > > > http://isalocal.firewall.local:8080... > > > > > [UNCHECK] Use a Web Proxy Server > > > > > <Domain> =3D3D20 > > > > > *.firewall.local > > > > > <Web Brower>=3D3D20 > > > > > [CHECK] Bypass Proxy for Web server in this network > > > > > [CHECK] Directly Access computer specified in the Domain > > tab. > > > > > Directly Access server & domain: *.firewall.local > > > > > <Web Proxy> > > > > > [CHECK] Enable Web proxy client > > > > > [CHECK] HTTP at 8080 > > > > > Authentication: [CHECK] Integrated/ Require All User =3D > > to=3D3D20 > > > > > authenticate > > > > > <Auto Discovery> > > > > > No setting > > > > > <Address> > > > > > 10.0.0.0-10.0.0.255 > > > > > =3D3D20 > > > > > Web browser setting at client end will be automatically > configured > > > by > > > > > FCW setting and become WebProxy client for HTTP. > > > > > =3D3D20 > > > > > I don't know why I need a wpad.dat since no auto discocery. > > > > > =3D3D20 > > > > >=3D3D20 > > > > >=3D3D20 > > > > >=3D3D20 > > > > >=3D3D20 > > > > >=3D3D20 > > > > >=3D3D20 > > > > >=3D3D20 > > > > > > Please stop trimming the thread. > > > > > >=3D3D20 > > > > > > I advise that you provide more than a single modified log > entry. > > > > > > I can't help you if you insist on filtering the data. > > > > > >=3D3D20 > > > > > > Additional questions: > > > > > > Q1 - exactly how is the browser configured? > > > > > > Q2 - exactly what is the web proxy configuration for the > > Internal=3D3D20 > > > > > > network? > > > > > > Q3 - when you do receive the wpad.dat file, exactly what data > > is=3D3D20 > > > > > > found between "{" and "}" in: > > > > > > "function MakeIPs" > > > > > > And > > > > > > "function MakeNames()" > > > > > >=3D3D20 > > > > > >=3D3D20 > > > > > > -----Original Message----- > > > > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx] > > > > > > Sent: Thursday, May 26, 2005 3:22 AM > > > > > > To: [ISAserver.org Discussion List] > > > > > > Subject: [isalist] RE: Help with the web proxy setup in ISA > 2004 > > > > > >=3D3D20 > > > > > > http://www.ISAserver.org > > > > > >=3D3D20 > > > > > > I did understand your points, also I have took a examin at > > whole=3D3D20 > > > > > > logs before & after changing from FQDN to hostname. > > > > > >=3D3D20 > > > > > > Anyhow, when FQDN is used, there is POPUP asking for > > > authentication, > > > >=3D3D20 > > > > > > could you advise any possible reason? > > > > > >=3D3D20 > > > > > > Thanks, > > > > > >=3D3D20 > > > > > > Roy Tsao > > > > > >=3D3D20 > > > > > >=3D3D20 > > > > > > Try not to "filter" the log data. > > > > > > "Imaginary" information is useless. > > > > > > If you have a problem sending it to the list, then you need > > to=3D3D20 > > > > > > rethink your security model. > > > > > > "Security by obscurity is no security at all". > > > > > >=3D3D20 > > > > > > Also, you should examine more than a single log entry - it's > > just > > > as > > > >=3D3D20 > > > > > > likely that you're looking at the wrong one. > > > > > >=3D3D20 > > > > > > ------------------------------------------------------ > > > > > > List Archives: =3D3D > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > > > ------------------------------------------------------ > > > > > > Other Internet Software Marketing Sites: > > > > > > World of Windows Networking: =3D > > http://www.windowsnetworking.com=3D3D20 > > > > > > Leading Network Software Directory: http://www.serverfiles.com > > > > > > No.1 Exchange Server Resource Site: =3D > > http://www.msexchange.org=3D3D20 > > > > > > Windows Security Resource Site: > > http://www.windowsecurity.com/=3D3D20 > > > > > > Network Security Library: http://www.secinf.net/ Windows > 2000/NT > > > Fax > > > >=3D3D20 > > > > > > Solutions: http://www.ntfaxfaq.com > > > > > > ------------------------------------------------------ > > > > > > You are currently subscribed to this ISAserver.org Discussion > > List > > > > as: > > > > > > jim@xxxxxxxxxxxx > > > > > > To unsubscribe visit > > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > >=3D3D20 > > > > > > All mail to and from this domain is GFI-scanned. > > > > >=3D3D20 > > > > > ------------------------------------------------------ > > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: =3D3D > > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > > ------------------------------------------------------ > > > > > Other Internet Software Marketing Sites: > > > > > World of Windows Networking: http://www.windowsnetworking.com > > > Leading > > > > > Network Software Directory: http://www.serverfiles.com > > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > Windows > > > > > Security Resource Site: http://www.windowsecurity.com/ =3D > > Network=3D3D20 > > > > > Security Library: http://www.secinf.net/ Windows 2000/NT > Fax=3D3D20 > > > > > Solutions: http://www.ntfaxfaq.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org Discussion > List > > > as: > > > > > jim@xxxxxxxxxxxx > > > > > To unsubscribe visit=3D3D20 > > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > >=3D3D20 > > > > > All mail to and from this domain is GFI-scanned. > > > >=3D3D20 > > > > ------------------------------------------------------ > > > > List Archives: =3D > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > > ------------------------------------------------------ > > > > Other Internet Software Marketing Sites: > > > > World of Windows Networking: http://www.windowsnetworking.com > > Leading > > > > Network Software Directory: http://www.serverfiles.com > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows > > > > Security Resource Site: http://www.windowsecurity.com/ Network > > > Security > > > > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > > > > http://www.ntfaxfaq.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org Discussion List > > as: > > > > isalist@xxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > >=3D3D20 > > > > The correct technical term for haggis stalking is "havering". > > >=3D20 > > > ------------------------------------------------------ > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: =3D > > http://www.isaserver.org/pages/larticle.asp?type=3D3D3DFAQ > > > ------------------------------------------------------ > > > Other Internet Software Marketing Sites: > > > World of Windows Networking: http://www.windowsnetworking.com > > > Leading Network Software Directory: http://www.serverfiles.com > > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > > Windows Security Resource Site: http://www.windowsecurity.com/ > > > Network Security Library: http://www.secinf.net/ > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > as: > > > tshinder@xxxxxxxxxxxxxxxxxx > > > To unsubscribe visit =3D3D > > > http://www.webelists.com/cgi/lyris.pl?enter=3D3D3Disalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > >=20 > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: = > http://www.isaserver.org/pages/larticle.asp?type=3D3DFAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx > > To unsubscribe visit =3D > > http://www.webelists.com/cgi/lyris.pl?enter=3D3Disalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit = > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist > Report abuse to listadmin@xxxxxxxxxxxxx