My order of rules is : Name Action Protocols From To Condition Windows Update Allow HTTP/HTTPS Internal Windows update All Users Overheid.nl Allow HTTP/HTTPS Internal Overheid.Nl All Users HTTP/HTTPS Allow HTTP/HTTPS Internal External Domain Users The rule is on the second place, and there are no authorisation rules before. Arjan > Nothing you've offered changes my observations or the > questions I asked. > Yes, it's likely an ISA configuration issue; this is why I > asked where the rule sits in the rule order. > Have you examined the ISA logs to see what the ISA response > to those connections was? > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > Sent: Wednesday, December 29, 2004 02:45 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Java problems. > > http://www.ISAserver.org > > Normaly behavoir is that all users who have access to the > internet needs to authenticate before they can use the > internet, so my default setup was that alle users from a > specific domain group have internet access. > > This behavoir happens on a NT workstation, with a XP > workstation, the problem doesn't exist. > > The site the users connecting to is a external site, so i'm > unable to change the external site, and when i connect with a > xp workstation, i don't have to authenticate on the external > web site, so i think they don't use NTLM authentication. > > Cause of an other problem which i have posted here, i have > disabled the rule for anonymous access to the site, so the > problem raised again. > > With the proxy 2.0 server which we used before, we have no > problems with the site, so i think it's a configuration > problem within ISA 2004. > > An other expirence which i had with the migration from proxy > to isa, was that i alway coud make use of the ftp protocol, > but when chaning the settings to the isa server, i was unable > to use it, after adding my self to the domain ftp group > (which includes all users with ftp access), i was able to ftp again. > > Arjan > > > 99 times out of 10, this is an authentication issue. > > Where does this rule sit in the overall order? > > If you have any authenticated rules before this, your Java app will > > likely fail. > > As you can see from your rule, allowing anonymous (all users) makes > > this traffic work. > > Check with your Java runtime authors to see if they have an update > > that supports Integrated (NTLM) authentication. > > > > -----Original Message----- > > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx] > > Sent: Monday, December 27, 2004 01:25 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Java problems. > > > > http://www.ISAserver.org > > > > When a user tries to connect to a site witch uses java, not > the whole > > screen is displays, the user is using Windows NT with IE > 5.5, when i > > try to reach the site everything goes well, i'm using XP > with IE 6, i > > need to turn off pop-ups for the site. > > > > I have created a rule for the site, so that the site can be reached > > anonymous, all the other sites needs to be authenticated. When the > > user tries again, there are no problems with the site, i have wrote > > the following rule: > > > > Name Overheid.nl > > Action Allow > > Protocols HTTP/HTTPS > > From Local,Internal > > To overheid.nl (domain name set) > > Users All Users > > Schedule Always > > > > I'm running ISA 2004 as a proxy server only. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: > http://www.windowsecurity.com/ Network Security Library: > http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: ahendriks@xxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx >