[isapros] Re: WMP auth prompts

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Thu, 22 Nov 2007 09:24:32 -0600

Hey Jim,
Great tip! I had to use it today.

Thanks!
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Saturday, November 03, 2007 2:25 PM
> To: isapros@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx
> Subject: [isapros] WMP auth prompts
> 
> (Hi, Dan)
> 
> Problem:
> WMP sometimes displays auth prompts even though the logged-on 
> user account is resolvable by ISA and has permissions to 
> access the content through ISA policies.
> 
> 
> Scenario:
> ISA web proxy is configured for Windows Integrated authentication
> ISA enforces authentication for HTTP traffic
> WinMedia Player is configured to use a proxy (includes 
> "autodiscover" or "browser") for HTTP protocol
> 
> 
> Discussion:
> When WMP is acting as a web (CERN) proxy client, and the 
> proxy requires Windows Integrated authentication, WMP will 
> not auto-authenticate to the proxy if the proxy is specified 
> as either FQDN or IP address.  If the proxy is specified as 
> NetBIOS (unqualified) name, WMP will auto-authenticate using 
> the interactive account credentials.  If the proxy requires 
> Basic or Digest auth, an auth prompt is expected, regardless 
> of how the proxy is specified.  This behavior is the same if 
> the proxy is obtained via an autoconfiguration (wpad) script.
> 
> By default, ISA 2004+ lists the proxies using their IP 
> addresses in the wpad script.  This default was chosen to 
> prevent name resolution errors from impeding normal 
> client-to-web proxy communications.  While this works well 
> enough for browsers, WMP "has issues" (yeh; we'll go with 
> that) when the proxy is specified using anything other than 
> NetBIOS name.
> 
> 
> Solution (two-part):
> 1. Disable the proxy settings for HTTP (pick one).
>     - Using WMP; Tools, Options, Network, Protocols, HTTP, 
> set to "None"
>     - Using Regedit:
>       Key: 
> HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
>       Name: ProxyStyle
>       Type: DWORD
>       Value: 0
>     - Using GPO; under "User Configuration\Administrative 
> Templates\Windows Components\Windows Media 
> Player\Networking", set the "Configure HTTP Proxy" option to 
> "Disabled"
> 
> 2. Install the FWC from MS downloads 
> http://www.microsoft.com/downloads/details.aspx?FamilyID=05c2c
> 932-b15a-4990-b525-66380743da89
> 
> 
> After making this change, the FWC will handle all HTTP 
> requests from WMP and ISA authentication will now be 
> satisfied through the FWC control channel instead of the HTTP 
> protocol mechanisms.  This will stop the random auth prompts from WMP.
> 
> Enjoy,
> JimmyJoeBob Alooba
> 
> 

• Follow-Ups:
  • [isapros] Re: WMP auth prompts
    • From: Jim Harrison

Other related posts:

• » [isapros] WMP auth prompts
• » [isapros] Re: WMP auth prompts
• » [isapros] Re: WMP auth prompts

1. Home
2. isapros
3. Archive
4. 11-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---