RE: [islets] RE: ISA 2004 authentication issue

  • From: "MJ" <mjtech@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 23 Jan 2006 23:40:23 -0500

I mean welcoming me!!

 -----Original Message-----
From:   MJ [mailto:mjtech@xxxxxxxxx]
Sent:   Monday, January 23, 2006 11:22 PM
To:     [ISAserver.org Discussion List]
Subject:        [isalist] RE: [islets] RE: ISA 2004 authentication issue

http://www.ISAserver.org

Is this a tricky message, or you're really coming me?

Thanks any way

 -----Original Message-----
From:   John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent:   Monday, January 23, 2006 1:00 AM
To:     [ISAserver.org Discussion List]
Subject:        [isalist] RE: [islets] RE: ISA 2004 authentication issue

http://www.ISAserver.org

I tried and I tried and I tried but I can not hold back no more.

MJ, welcome to the Andrew club! You are now an honorary member.

John T
eServices For You


> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Saturday, January 21, 2006 4:49 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
> http://www.ISAserver.org
>
> how that disagreed with the description of the problem?
>
> I was trying use "Require All Users to Authenticate" with the prompt, this
> KB Article did just that for me.
>
>
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Saturday, January 21, 2006 7:35 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
>
> http://www.ISAserver.org
>
> Interesting, since this disagreed with your description of the problem.
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Saturday, January 21, 2006 4:18 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
> http://www.ISAserver.org
>
> it's working now.
>
> the answer is in this KB Article 885683
>
> Thanks all for trying to help me.
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Saturday, January 21, 2006 5:18 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
>
> http://www.ISAserver.org
>
> That's the category all right, although I don't' have any experience
> with it causing such behavior.
> Try to disable the filter and retry your tests.
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Saturday, January 21, 2006 2:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
> http://www.ISAserver.org
>
> Will this 3rd-party be GFI Web Monitor?
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Saturday, January 21, 2006 4:58 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
>
> http://www.ISAserver.org
>
> There are several circumstances where the user *will* see this prompt:
> - The user can't type
> - ISA can't resolve the user's credentials (typed or interactive)
> - The selected ISA auth methods aren't known to the client app
> - ISA has a 3rd-party filter installed that's mucking the whole process
>
> Since:
> - ISA is a member server in the root domain
> - auth failures are occurring in the child domain accounts
> - by extension, auth failures are *not* occurring for root domain
> accounts?
>
> ..it's time to start looking into your domain structure for errors.
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Saturday, January 21, 2006 1:40 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
> http://www.ISAserver.org
>
> which sounds right, and if asked it should use the credentials used to
> logon
> to the computer/domain, and the user shouldn't see this prompt.
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Saturday, January 21, 2006 4:36 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
>
> http://www.ISAserver.org
>
> You will *never* completely rid yourself of "anonymous" log entries and
> you'll only drive yourself to bad girls (like Susan) if you try.
>
> *All* browsers and many other applications make their requests as
> anonymous first and only provide authentication if they're asked.
>
> --------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> --------------------------------------------
>
> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Saturday, January 21, 2006 1:34 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
> http://www.ISAserver.org
>
> did that, and started to prompt again.
>
> I don't know what else will I do to fix this problem, but I am going to
> work
> with MS Support later and hopefully they will figure out what's going
> on.
>
> Thanks
>
> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> Sent: Saturday, January 21, 2006 4:26 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
>
> http://www.ISAserver.org
>
> Yes- require authentication, and have the rule based on a group with
> defined
> users ;)
>
> t
>
> -----
> "I'll see your Llama and up you a Badger."
> John T
>
>
>
> ----- Original Message -----
> From: "MJ" <mjtech@xxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Saturday, January 21, 2006 1:10 PM
> Subject: [isalist] RE: [islets] RE: ISA 2004 authentication issue
>
>
> > http://www.ISAserver.org
> >
> > that's how I exactly did few minutes ago, but I am still seeing
> > "unauthenticated users"
> >
> > do you I need to enable the "Require All Users to Authenticate" again.
> > Just
> > asking :)
> >
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Saturday, January 21, 2006 4:06 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 authentication issue
> >
> >
> > http://www.ISAserver.org
> >
> > Create a "local" ISA group, and add the domain's "Domain Users" group
> to
> > it.
> > Then remove "All Users" from the rule and add only the new group you
> > specified.
> >
> > Give that a shot and let us know...
> >
> > t
> >
> > -----
> > "I'll see your Llama and up you a Badger."
> > John T
> >
> >
> >
> > ----- Original Message -----
> > From: "MJ" <mjtech@xxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Saturday, January 21, 2006 12:46 PM
> > Subject: [isalist] RE: ISA 2004 authentication issue
> >
> >
> >> http://www.ISAserver.org
> >>
> >> then what group should I selcet?
> >>
> >> -----Original Message-----
> >> From: Steve Moffat [mailto:steve@xxxxxxxxxx]
> >> Sent: Saturday, January 21, 2006 3:34 PM
> >> To: [ISAserver.org Discussion List]
> >> Subject: [isalist] RE: ISA 2004 authentication issue
> >>
> >>
> >> http://www.ISAserver.org
> >>
> >> Exactly.............All Users is the anonymous group
> >>
> >> -----Original Message-----
> >> From: MJ [mailto:mjtech@xxxxxxxxx]
> >> Sent: Saturday, January 21, 2006 4:25 PM
> >> To: ISA Mailing List
> >> Subject: [isalist] RE: ISA 2004 authentication issue
> >>
> >> http://www.ISAserver.org
> >>
> >> I do have all users selected
> >>
> >> do you I need to select specific groups or what?
> >>
> >> Thanks
> >>
> >> -----Original Message-----
> >> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> >> Sent: Saturday, January 21, 2006 3:21 PM
> >> To: [ISAserver.org Discussion List]
> >> Subject: [isalist] RE: ISA 2004 authentication issue
> >>
> >>
> >> http://www.ISAserver.org
> >>
> >> MJ- is your outbound access rule set to "All Users" or do you have it
> >> set to a group containing your domain users?
> >>
> >> I too require user-based logs, and have "require authentication"
> checked
> >> (integrated only selected) and have set the "Users" to a group I
> created
> >> that contains "Domain Users" as the only group that has access.
> While
> >> this creates several "denied" entries for "anonymous," all users are
> >> logged appropriately, and have seamless access.
> >>
> >> When you/PSS get it sorted out, please do tell us what the problem
> >> was...
> >> You've got something strange going on...
> >>
> >> t
> >>
> >> -----
> >> "I'll see your Llama and up you a Badger."
> >> John T
> >>
> >>
> >>
> >> ----- Original Message -----
> >> From: "MJ" <mjtech@xxxxxxxxx>
> >> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >> Sent: Saturday, January 21, 2006 12:08 PM
> >> Subject: [isalist] RE: ISA 2004 authentication issue
> >>
> >>
> >>> http://www.ISAserver.org
> >>>
> >>> sounds good.
> >>>
> >>> then please tell me how to fix it, if you say that I don't need then
> I
> >>
> >>> promise you I will turn off that option.
> >>>
> >>> Thanks
> >>>
> >>> -----Original Message-----
> >>> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> >>> Sent: Saturday, January 21, 2006 3:04 PM
> >>> To: [ISAserver.org Discussion List]
> >>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>
> >>>
> >>> http://www.ISAserver.org
> >>>
> >>> Yep, but there's a secret registry entry that will fix it ;-)
> >>>
> >>> Thomas W Shinder, M.D.
> >>> Site: www.isaserver.org
> >>> Blog: http://spaces.msn.com/members/drisa/
> >>> Book: http://tinyurl.com/3xqb7
> >>> MVP -- ISA Firewalls
> >>> **Who is John Galt?**
> >>>
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> >>>> Sent: Saturday, January 21, 2006 1:48 PM
> >>>> To: [ISAserver.org Discussion List]
> >>>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>>
> >>>> http://www.ISAserver.org
> >>>>
> >>>> As I think about it more, I do remember putting a check mark in the
> >>>> "Require all users to authenticate" once.  Shortly afterwards,
> after
> >>>> a hundred phone calls about people getting login prompts, I had to
> >>>> turn it back off.
> >>>>
> >>>> -----Original Message-----
> >>>> From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> >>>> Sent: Saturday, January 21, 2006 2:34 PM
> >>>> To: [ISAserver.org Discussion List]
> >>>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>>
> >>>> http://www.ISAserver.org
> >>>>
> >>>> Okay, NOW I remember that option...
> >>>>
> >>>> -----Original Message-----
> >>>> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> >>>> Sent: Friday, January 20, 2006 11:59 PM
> >>>> To: [ISAserver.org Discussion List]
> >>>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>>
> >>>> http://www.ISAserver.org
> >>>>
> >>>> In 2004, you can still configure the the authentication method for
> >>>> the web proxy listener.  Go to the properties for the network,
> select
> >>
> >>>> Web Proxy, and then click the "Authentication" button.
> >>>>
> >>>> This allows you to choose the auth methods supported for your
> >> clients.
> >>>> This
> >>>> is where the OP had to select "require all users to authenticate."
> >>>> Just
> >>>>
> >>>> making sure someone didn't put him in "basic auth" land...
> >>>>
> >>>> t
> >>>>
> >>>>
> >>>> -----
> >>>> "I'll see your Llama and up you a Badger."
> >>>> John T
> >>>>
> >>>>
> >>>>
> >>>> ----- Original Message -----
> >>>> From: "Ball, Dan" <DBall@xxxxxxxxxxx>
> >>>> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >>>> Sent: Friday, January 20, 2006 8:32 PM
> >>>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>>
> >>>>
> >>>> http://www.ISAserver.org
> >>>>
> >>>> It's ISA2004, not 2000, it uses regular groups.  Unless there is a
> >>>> setting with that name that completely escapes my memory.
> >>>>
> >>>> -----Original Message-----
> >>>> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> >>>> Sent: Friday, January 20, 2006 11:08 PM
> >>>> To: [ISAserver.org Discussion List]
> >>>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>>
> >>>> http://www.ISAserver.org
> >>>>
> >>>> The authentication method wasn't changed to "basic" by chance, was
> >> it?
> >>>> Still at "Integrated Authentication?"
> >>>>
> >>>> t
> >>>>
> >>>> -----
> >>>> "I'll see your Llama and up you a Badger."
> >>>> John T
> >>>>
> >>>>
> >>>>
> >>>> ----- Original Message -----
> >>>> From: "MJ" <mjtech@xxxxxxxxx>
> >>>> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> >>>> Sent: Friday, January 20, 2006 7:31 PM
> >>>> Subject: [isalist] RE: ISA 2004 authentication issue
> >>>>
> >>>>
> >>>> > http://www.ISAserver.org
> >>>> >
> >>>> > I rebooted and didn't fix it.
> >>>> > I believe that something was change by some body else while
> >>>> > troubleshooting another problem about not being able to hit some
> >>>> > web sites.
> >>>> > Thanks
> >>>> >
> >>>> > -----Original Message-----
> >>>> > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> >>>> > Sent: Friday, January 20, 2006 10:21 PM
> >>>> > To: [ISAserver.org Discussion List]
> >>>> > Subject: [isalist] RE: ISA 2004 authentication issue
> >>>> >
> >>>> >
> >>>> > http://www.ISAserver.org
> >>>> >
> >>>> > Had that happen a couple of times, a reboot usually cleared it.
> >>>> > Anything changed?
> >>>> >
> >>>> > -----Original Message-----
> >>>> > From: MJ [mailto:mjtech@xxxxxxxxx]
> >>>> > Sent: Friday, January 20, 2006 9:14 PM
> >>>> > To: [ISAserver.org Discussion List]
> >>>> > Subject: [isalist] RE: ISA 2004 authentication issue
> >>>> >
> >>>> > http://www.ISAserver.org
> >>>> >
> >>>> > ISA is a member server of the root domain,and all users are in
> the
> >>>> child
> >>>> > domain.
> >>>> > the funny thing is that this been working for about 2 months with
> >>>> > no problems.
> >>>> >
> >>>> > -----Original Message-----
> >>>> > From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
> >>>> > Sent: Friday, January 20, 2006 8:59 PM
> >>>> > To: [ISAserver.org Discussion List]
> >>>> > Subject: [isalist] RE: ISA 2004 authentication issue
> >>>> >
> >>>> >
> >>>> > http://www.ISAserver.org
> >>>> >
> >>>> > There can be a lot of different reasons for it, but it
> "shouldn't"
> >>>> > happen.  Is your ISA server a member of said domain?
> >>>> >
> >>>> > -----Original Message-----
> >>>> > From: MJ [mailto:mjtech@xxxxxxxxx]
> >>>> > Sent: Friday, January 20, 2006 8:16 PM
> >>>> > To: [ISAserver.org Discussion List]
> >>>> > Subject: [isalist] ISA 2004 authentication issue
> >>>> >
> >>>> > http://www.ISAserver.org
> >>>> >
> >>>> > ISA Server 2004, with "Windows Authentication" and "Require
> >>>> All Users
> >>>> To
> >>>> > Authenticate"
> >>>> >
> >>>> > Now with this ISA shouldn't prompt domain users for a user and a
> >>>> > password.
> >>>> >
> >>>> > The one I have still prompting. Is there a reason for this?
> >>>> How can I
> >>>> > fix
> >>>> > it?
> >>>> >
> >>>> > Thanks
> >>>> >
>
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mjtech@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mjtech@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mjtech@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mjtech@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mjtech@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



Other related posts: