• RSS
  • Twitter
  • FaceBook

Deb Shinder Blog RSS

All Blogs  »  Deb Shinder Blog  »  ISA Central  »  Blog article: Client requests to access a published Web site are blocked when you configure ISA Server 2006 to allow direct authentication to access a published Web server

Client requests to access a published Web site are blocked when you configure ISA Server 2006 to allow direct authentication to access a published Web server

You configure a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2006 to use pass-through authentication to access a published Web server. After you do this, all client requests to access the published Web site are blocked. Additionally, you may receive an error message that resembles the following:

Error Code: 403 Forbidden. ISA Server is configured to block HTTP requests that require authentication. (12250)

  • You experience this issue when you use the No delegation, but client may authenticate directly (pass-through) authentication method.
  • This issue may occur even if the ISA Server 2006 computer publishes a site that requires no authentication.

This issue may occur if the following conditions are true:

  • The Allow client authentication over HTTP check box in the Web listener’s Advanced Authentication Options dialog box is not selected.
  • The Web listener is not enabled to listen for Secure Sockets Layer (SSL) requests.

For the solution, check out the KB article here:

http://support.microsoft.com/kb/924374

HTH,

Tom

Thomas W Shinder, M.D.
Site: http://www.isaserver.org/
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: tshinder@isaserver.org
MVP — Microsoft Firewalls (ISA)

This entry was posted on Wednesday, October 17th, 2007 at 8:32 am and is filed under ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Client requests to access a published Web site are blocked when you configure ISA Server 2006 to allow direct authentication to access a published Web server”

  1. Guus Says:

    June 14th, 2009 at 12:47 pm

    Hi,

    I’m also having this problem, but far more peculiar.
    I’m publishing several sites (websites, owa and other stuff) but ISA2006 suddenly decided not to handle traffic anymore for one IP address.
    I ‘fixed’ the problem by using another public IP address, but ever wondered how this could happen.
    Now I want to publish an internal FreeBDS webserver, and thought I could use that IP address. But now I keep getting these 12250 error again, even if I did allow al those needed settings like ‘Allow client authentication over HTTP’.

    This is really the last drop in the bucket for me, and I’m seriously thinking about dumping ISA and using FreeBSD for all firewall stuff.

    Greetz,
    Guus

  2. eye cream for dark circles Says:

    December 11th, 2010 at 3:12 am

    Nice post had great time reading it . thanks a lot.

  3. Rick K Says:

    May 13th, 2011 at 6:18 am

    Hi.
    Greta tip, but what if the checkbox ‘Allow client authentication over HTTP’ is grayed out? Anyone who has experienced this?

    I am using ISA server 2006 Std.

Leave a Reply


Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!