Yeah, appreciate that. Thought I had read that CERN proxies and certain other Internet devices had issues with NTLM when used between client and server using NTLM. -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: 06 September 2007 01:30 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: RPC Question How the client authenticates to its proxy is completely separate from how it authenticates to the remote server (ISA, in this case). If a proxy blocks server auth, it's a POS that doesn't deserve to live. -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Jones Sent: Wednesday, September 05, 2007 5:26 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: RPC Question I always thought NTLM to ISA wasn't a good idea as some client proxies cannot support NTLM properly?? -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: 06 September 2007 01:24 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: RPC Question Maybe a more important queston is: "Why do you want to use Integrated Authentication at the Web Proxy Listener" Since the Basic credentails are hidden in SSL tunnels, it shouldn't matter. Or is there another "hidden requirement" which is the actual basis of the question? :) Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Wednesday, September 05, 2007 7:18 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: RPC Question > > Silly wabbit... > This is an ISA 2006 deployment; none of that SBS/ISA2004 > Basic-delegation-only silliness. > > Amy - you need to get familiar with eth chart at the bottom of this > page: > http://www.microsoft.com/technet/isa/2006/authentication.mspx > > Also, if you're thinking about adding EAS clients, you're limited to > using either Basic or ClientCert auth. > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Wednesday, September 05, 2007 5:10 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: RPC Question > > So as to avoid a can of worms that can't be opened. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Wednesday, September 05, 2007 7:08 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: RPC Question > > > > Why for you be says dat? > > Snot true... > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > On Behalf Of Thomas W Shinder > > Sent: Wednesday, September 05, 2007 4:18 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: RPC Question > > > > YOU MUST USE BASIC. That is a requirement. > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- Microsoft Firewalls (ISA) > > > > > > > > > -----Original Message----- > > > From: isapros-bounce@xxxxxxxxxxxxx > > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > > > Sent: Wednesday, September 05, 2007 6:15 PM > > > To: isapros@xxxxxxxxxxxxx > > > Subject: [isapros] RPC Question > > > > > > I'm working on an ISA 2006 machine with an Exchange 2003 > > server behind > > > it to publish Outlook Anywhere. I used the wizard to create > > > the rule. If > > > I select Basic Authentication (on both ISA and IIS) the > > > publishing rule > > > works. If I use NTLM (on ISA and IIS) it doesn't. I get ISA > > > Denied logs > > > reason 12239. Does it not support NTLM authentication? > > > > > > Since this works with Basic I know I don't have certificate > > > issues and I > > > know it can authenticate usernames, passwords and find its > > way to the > > > mailbox. > > > > > > Amy > > > > > > > > > > > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > All mail to and from this domain is GFI-scanned.