Thomas Shinder Blog RSS

All Blogs  »  Thomas Shinder Blog  »  ISA Central  »  Blog article: Irritated by Firewall Clients Constantly Being Asked for Credentials?

Irritated by Firewall Clients Constantly Being Asked for Credentials?

A machine that is configured as a Firewall and Web proxy client (ISA Firewall best practice) should be able to transparently authenticate with the ISA Firewall when the client and the ISA Firewall as both members of the same or trusted domains. So, why would the Firewall and Web proxy clients be asked repeatedly for user credentials?

The problem is related the dreaded Ask unauthenticated users to authenticate setting on the Web proxy listener.

Check this out:

Problem: Firewall clients with Web Proxy settings specified in their browsers are being prompted with a 401: Authentication Required message, even though they are domain members in the ISA Server domain.

Cause: This problem arises when Firewall clients have automatic discovery enabled, and Require all users to authenticate is enabled on the Web Proxy listener of the Internal network. The Winsock Proxy Autodetect (WSPAD) request must be authenticated because Require all users to authenticate is set. The Firewall Client program cannot respond to the 401 response and the request fails.

Solution: Install ISA Server 2004 Standard Edition Service Pack 1. For more information, see the Microsoft Knowledge Base article 885683: “You receive error messages if the Internet Security and Acceleration Server 2004 Firewall Client program is configured for auto-discovery or if you try to configure this program for auto-discovery.”

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

This entry was posted on Wednesday, May 30th, 2007 at 8:33 am and is filed under ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Irritated by Firewall Clients Constantly Being Asked for Credentials?”

  1. empeekay Says:

    June 12th, 2007 at 12:54 am

    We have a number of generic users who are allowed to access certain web sites. This works well and the users cannot access any web sites that are not in the list. We would like to set up a method where these generic users can access the “allowed” web sites but are asked to authenticate when trying to browse to a different web site. This way we can track web traffic using Burstek. However I have been unable to make the pop up authentication screen come up. I just get the same “you do not have access to the page” error.

    Any ideas.

  2. Shahan Says:

    November 26th, 2007 at 4:48 am

    I am having same problem at random periods. Clients are using firewall clients.

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center