[isalist] Re: ISA 2006 NLB Causing Multiple Prompts Per Session
- From: "Eric Poole, CISSP" <EPoole@xxxxxxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 14 Jan 2008 09:35:19 -0800
http://www.ISAserver.org
-------------------------------------------------------
Thanks, that gives me a pretty clear direction to look in. Funny, I've read
and read on this and we had an ISA Health Check about a month ago and this
never popped up.
Basic is still in use because of some legacy apps that we can't touch. I'm
going to start testing without the WPAD today.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Regional Medical Center
1140 "T" Street, Fresno, California 93721
phone x56784 (559-459-6784)
fax x56025 (559-459-6025)
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Friday, January 11, 2008 5:21 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 NLB Causing Multiple Prompts Per Session
http://www.ISAserver.org
-------------------------------------------------------
You can't (effectively) combine WPAD with NLB internally. ..unless you have a
complete dislike for any cranial covering you may still possess.
Why are you using Basic auth? This is a per-proxy, per-domain re-auth
requirement. The ISA WPAD script will redirect the URLs to separate ISA
servers, depending on where the CARP script decides it should go. Since each
request to a different server necessitates a new authentication, your users
will get auth-prompted to death.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Eric Poole, CISSP
Sent: Friday, January 11, 2008 5:11 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 NLB Causing Multiple Prompts Per Session
http://www.ISAserver.org
-------------------------------------------------------
Correct. Basic and Integrated and also supporting WPAD.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Regional Medical Center
1140 "T" Street, Fresno, California 93721
phone x56784 (559-459-6784)
fax x56025 (559-459-6025)
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Friday, January 11, 2008 4:40 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 NLB Causing Multiple Prompts Per Session
http://www.ISAserver.org
-------------------------------------------------------
Sounds like you're using a combination of Basic auth (or perhaps RADIUS) and
supporting WPAD?
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Eric Poole, CISSP
Sent: Friday, January 11, 2008 3:26 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] ISA 2006 NLB Causing Multiple Prompts Per Session
http://www.ISAserver.org
-------------------------------------------------------
Have a question for all.
We have an ISA 2006 array using ISA load balancing.
We are in the process of migrating all users from our old ISA 2004 server.
A majority of our PC's do not have Internet rights. Individual users are
prompted (once to the ISA 2004 server) to login when they go out.
In our test group, when a user attempts to access the Internet, they are
prompted to first login to the ISA 2006 primary configuration server and then
with any link they click on, are subsequently prompted by each array member
until they've authenticated to each one.
Once they've authenticated to each one they are fine for that session.
Once they close their browser and re-launch, the whole thing starts over.
Is there a way to have users only login once per array, instead of logging in
to each server?
Let me know if I'm not making sense or if anyone needs more info.
_______________________________________________
Eric Poole, CISSP
Senior Information Security Analyst
Community Regional Medical Center
1140 "T" Street, Fresno, California 93721
phone x56784 (559-459-6784)
fax x56025 (559-459-6025)
-------------------------------------------------------
WARNING/CONFIDENTIAL:
-------------------------------------------------------
This email, including attachments, may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law (including,
but not limited to, protected health information). It is not intended for
transmission to, or receipt by, any unauthorized persons. If the reader of
this message is not the intended recipient you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you believe this email was sent to you in error, do not read
it. Reply to the sender informing them of the error and then destroy all
copies and attachments of the message from your system. Thank you.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
-------------------------------------------------------
WARNING/CONFIDENTIAL:
-------------------------------------------------------
This email, including attachments, may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law (including,
but not limited to, protected health information). It is not intended for
transmission to, or receipt by, any unauthorized persons. If the reader of
this message is not the intended recipient you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you believe this email was sent to you in error, do not read
it. Reply to the sender informing them of the error and then destroy all
copies and attachments of the message from your system. Thank you.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
-------------------------------------------------------
WARNING/CONFIDENTIAL:
-------------------------------------------------------
This email, including attachments, may contain information that is privileged,
confidential, and/or exempt from disclosure under applicable law (including,
but not limited to, protected health information). It is not intended for
transmission to, or receipt by, any unauthorized persons. If the reader of
this message is not the intended recipient you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you believe this email was sent to you in error, do not read
it. Reply to the sender informing them of the error and then destroy all
copies and attachments of the message from your system. Thank you.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
