Hi Paul, Stefaan Pouseele discovered this phenomenum regarding the HTTP Redirector. Check it out at http://tinyurl.com/54zq HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Paul Berg [mailto:frogman1370@xxxxxxxxx] Sent: Thursday, January 30, 2003 9:44 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Prompted for User Credentials on Firewall Client http://www.ISAserver.org Tom, What a bummer, I was hoping you were NOT going to give that solution ;). Is there someway to enforce Site and Content Rules if you are configuring the HTTP redirect filter to go directly to the web site? I'm assuming no, but I wanted to ask anyway. If this is the cause it looks like they are going to have to live with manual authentication to prevent users from bypassing the SuperScout Web Filter product. Thanks, Paul Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Paul, If you want to bypass the Web Proxy service, don't configure the HTTP Redirector to reject the requests, configure it to pass the requests to the Internet server. I don't use Yahoo or other chat programs, but I believe the issue is authenticating with the Web Proxy service and the remote Web site. The key is to bypass the Web Proxy service by configuring those sites for Direct Access. As for WebTrends, I let their Tech support figure that one out :-) HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Paul Berg [mailto:frogman1370@xxxxxxxxx] Sent: Wednesday, January 29, 2003 9:22 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Prompted for User Credentials on Firewall Client http://www.ISAserver.org Tom, You're absolutly correct on the Web Proxy asking for authentication. I have now changed the HTTP Redirector to Reject HTTP requests from Firewall and SecureNAT clients and still I am prompted to authenticate at some point from the said applications. The strange thing is that when authentication is prompted for Yahoo Messenger, it doesn't matter if you authenticate or cancel out from the authentication menu. Yahoo Messenger still keeps it's functionality. I have it configured to use No Proxies for the Connection configuration - shouldn't this bypass the Web Proxy service? For Real Player it needs the authentication or you lose the functionality on the streaming video. Is there something that I'm missing in the configuration? I do have SuperScout installed on the ISA box that has the SuperScout Dummy Rule in the Site and Content Rules. However, I also have the Allow Rule for any request rule in there as well. Removing SuperScout from the picture hasn't given any progress on the authentication problem. Please let me know if you have any ideas for direction of where I should look. Thank you for your time, Paul Thomas W Shinder <tshinder@xxxxxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Paul, The firewall service won't ever ask for manual authentication. The credentials are sent in the background. Its the Web Proxy service that's asking your for credentials. Check the Web Proxy and Firewall logs to confirm this. You'll need to bypass the Web Proxy service for these app's. You can configure the sites for Direct Access, or disable the HTTP Redirector filter. HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Paul Berg [mailto:frogman1370@xxxxxxxxx] Sent: Monday, January 27, 2003 2:54 PM To: [ISAserver.org Discussion List] Subject: [isalist] Prompted for User Credentials on Firewall Client http://www.ISAserver.org Can anyone point me in the right direction on an article or give an explanation on the process of stopping manual authentication through the firewall client? I am testing on applications of Yahoo Messenger and Real One Player which ask for authentications repeatedly (but the applications work). The ISA server is using the HTTP redirect filter to the Web Proxy Service. I have tried messing around with the Application Settings (Found in the Firewall Properties) and added the "ForceCreditials" for the application "realplay", "realplayer", and "raplay" set to 0. All efforts have been without success. I'm just looking for a reason of why this happens or a process when the firewall session should know the user - or should it? For some reason, my user's find this "inconvenient" in doing their work - go figure. My environment is NT domain if that helps. Any help would be much appreciated, Paul _____ Do you Yahoo!? Yahoo! Mail Plus <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> - Powerful. Affordable. Sign up now <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: frogman1370@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') _____ Do you Yahoo!? Yahoo! Mail Plus <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> - Powerful. Affordable. Sign up now <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: frogman1370@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') _____ Do you Yahoo!? Yahoo! Mail Plus <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> - Powerful. Affordable. Sign up now <http://rd.yahoo.com/mail/mailsig/*http://mailplus.yahoo.com> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')