ISA2004 doesnt authenticate users

SBS SP1, ISA2004 SP1
Just had a problem where ISA stopped access to external web sites.
Monitoring showed Failure by SBS Internet Access Rule.  users were only trying as 'anonymous'
----Log show...
Event Type:      Warning
Event Source:      Microsoft ISA Server Web Proxy
Event Category:      None
Event ID:      14148
Description:
The Web Proxy filter failed to bind its socket to 192.168.1.1 port 80.  This may have been caused by another service that is already using the  same port or by a network adapter that is not functional.  To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties
 indicates the cause of the failure.
0000: 40 27 07 80               @'.?  
---------------------------------------
I have 'fixed' problem by creating a new policy allowing 'all users' to access external via HTTP , HTTPS

--- fails on SBS Internet acccess policy------------------
Original Client IP      Client Agent      Authenticated Client      Service      Server Name      Referring Server      Destination Host Name      Transport      MIME Type      Object Source      Source Proxy      Destination Proxy      Bidirectional      Client Host Name      Filter Information      Network Interface      Raw IP Header      Raw Payload      Source Port      Processing Time      Bytes Sent      Bytes Received      Result Code      HTTP Status Code      Cache Information      Error Information      Log Record Type      Log Time      Destination IP      Destination Port      Protocol      Action      Rule      Client IP      Client Username      Source Network      Destination Network      HTTP Method      URL
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      192.168.1.1      TCP      -      Internet                              -                        0      1      316      390            304       0x40801002      0x180      Web Proxy Filter      22/03/2006 7:37:06 PM      192.168.1.1      80      http      Allowed Connection      SBS Protected Networks Access Rule      192.168.1.59      anonymous      Internal      Local Host      GET      http://192.168.1.1/scripts/tglmenu.js
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -                                    -                        0      1      2244      483            12202 The ISA Server denied the specified Uniform Resource Locator (URL).       0x0      0x0      Web Proxy Filter      22/03/2006 7:37:09 PM      66.102.7.104      80      http      Denied Connection      SBS Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/
192.168.1.59      -                  NEWK            -      TCP                  -      -            -            -      -      -      1897      16      0      2244      0x80074e24             0x0      0x0      Firewall      22/03/2006 7:37:09 PM      66.102.7.104      80      HTTP      Closed Connection      Blocked Web Sites      192.168.1.59      -      Internal      External            
192.168.1.59      -                  NEWK            -      TCP                  -      -            -            -      -      -      1897      16      0      0      0x0             0x0      0x0      Firewall      22/03/2006 7:37:09 PM      66.102.7.104      80      HTTP      Initiated Connection      Blocked Web Sites      192.168.1.59      -      Internal      External            
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      192.168.1.1      TCP      -      Internet                              -                        0      15      317      393            304       0x40801002      0x180      Web Proxy Filter      22/03/2006 7:37:06 PM      192.168.1.1      80      http      Allowed Connection      SBS Protected Networks Access Rule      192.168.1.59      anonymous      Internal      Local Host      GET      http://192.168.1.1/scripts/ibqsearch.js

---- All users allowed ----
Original Client IP      Client Agent      Authenticated Client      Service      Server Name      Referring Server      Destination Host Name      Transport      MIME Type      Object Source      Source Proxy      Destination Proxy      Bidirectional      Client Host Name      Filter Information      Network Interface      Raw IP Header      Raw Payload      Source Port      Processing Time      Bytes Sent      Bytes Received      Result Code      HTTP Status Code      Cache Information      Error Information      Log Record Type      Log Time      Destination IP      Destination Port      Protocol      Action      Rule      Client IP      Client Username      Source Network      Destination Network      HTTP Method      URL
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -      Internet                              -                        0      266      4015      483            200       0x60020000      0x580      Web Proxy Filter      22/03/2006 7:41:24 PM      66.102.7.104      80      http      Allowed Connection      All Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -      Not Modified                              -                        0      1      187      465            0       0x2      0x80      Web Proxy Filter      22/03/2006 7:41:22 PM      192.168.1.1      80      http      Allowed Connection      All Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/intl/en_au/images/logo.gif
0.0.0.0      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FDM; .NET CLR 1.1.4322; .NET CLR 2.0.50727)            Proxy      NEWK      -      66.102.7.104      TCP      -      Internet                              -                        0      234      4015      353            200       0x60020000      0x580      Web Proxy Filter      22/03/2006 7:41:22 PM      66.102.7.104      80      http      Allowed Connection      All Internet Access Rule      192.168.1.59      anonymous      Internal      External      GET      http://66.102.7.104/
192.168.1.59      -                  NEWK            -      TCP                  -      -            -            -      -      -      1903      11000      3861      1669      0x80074e20             0x0      0x0      Firewall      22/03/2006 7:41:02 PM      192.168.1.1      445      Microsoft CIFS (TCP)      Closed Connection      Allow access from trusted computers to the Firewall Client installation share on ISA Server      192.168.1.59      -      Internal      Local Host            


But i want to get the probem fixed.
 I have rerun CIEW wizard.
 Had to reapply IP's to HTTP.SYS
 Reset IIS
 Stop MSFireWall
 Restart IIS
LVL 33
Robberbaron (robr)Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Sounds like IIS is using port 80.  Usually you would run your proxy on 8080.  

Open IE on your server and enter http://127.0.0.1:80 in the address bar.  Do you get your local default website? (By default you would... so this is why I would be surprised that ISA EVER worked on port 80).

Jeff
TechSoEasy
Robberbaron (robr)Author Commented:
IIS was certainly using 80. ISA on 8080.  It seems the ISA autodetect was clashing. I found a page on M&M SBS site setting it up. They used port 85 (was set to 80). This has fixed my failure to start problem.

Further digging indicates that the consultant never configured ISA for auth access as it breaks an app.
I'm going though the process of isolating and allowing just this one app.

I'll ask for Q to be closed.
thanks
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Sorry, that was a typo in my response... I had meant to say "Sounds lke "ISA" is using port 80".   Even though you say ISA is on 8080, I would check to make sure that it really is configured that way.

Jeff
TechSoEasy
GranModCommented:
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.