ISA2004 - Password Prompts
Hello,
We have a problem with a single user (out of approx 80) who keeps getting prompted to enter his password every time he tries to access a website through ISA2004. This problem does not happen to any other users.
We are only using ISA in web cache mode, and not using the firewall client.
The network setup is as follows:
LAN | DMZ | Internet
Client ->| CA eTrust SCM Filter -> ISA2004 ->| external website
| |
I have done a search on the forums, and made the following changes based on my findings:
unselected "Automatically Detect Proxy Settings" on the affected client's IE
unselected "Require all users to authenticate" under web proxy settings on the Internal Interface (Integrated auth is still selected)
modified the Web access rule to include authenticated users only.
This is working perfectly for all users on our domain except one who keeps getting prompted.
Any help on this issue would be much appreciated. Thanks!
We have a problem with a single user (out of approx 80) who keeps getting prompted to enter his password every time he tries to access a website through ISA2004. This problem does not happen to any other users.
We are only using ISA in web cache mode, and not using the firewall client.
The network setup is as follows:
LAN | DMZ | Internet
Client ->| CA eTrust SCM Filter -> ISA2004 ->| external website
| |
I have done a search on the forums, and made the following changes based on my findings:
unselected "Automatically Detect Proxy Settings" on the affected client's IE
unselected "Require all users to authenticate" under web proxy settings on the Internal Interface (Integrated auth is still selected)
modified the Web access rule to include authenticated users only.
This is working perfectly for all users on our domain except one who keeps getting prompted.
Any help on this issue would be much appreciated. Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Personally, I would think that the CA device would have affected all users or none of the users; not just affect one user differently but you never know...
ASKER
I have started logging for this user, and will be having a closer look at their setting while they are on lunch today, so i will be able to provide more answers then.
In answer to 7: the users are authenticated through AD - the group is just the All Authenticated Users group. There are no rules to allow different web access for different groups, there is just the one outbound rule for all authenticated users.
The problem occurs for one user only, when accessing ALL websites.
The SCM web filter is located on a seperate server, not an ISA add-in. Clients connect to the SCM server, which is then using the ISA server as an upstream proxy.
In answer to 7: the users are authenticated through AD - the group is just the All Authenticated Users group. There are no rules to allow different web access for different groups, there is just the one outbound rule for all authenticated users.
The problem occurs for one user only, when accessing ALL websites.
The SCM web filter is located on a seperate server, not an ISA add-in. Clients connect to the SCM server, which is then using the ISA server as an upstream proxy.
Iam assuming you have set the IE proxy browser settings for this user to match all the others.
2. if a different user logs on to the work station that is failing, do they get the same error when visiting a web site?
3. open the ISA GUI.
click on montioring - logging.
Click on start query
try to connect to a web site for this user, what do you see in the log?
4. Have you reset the IE explorer settings back to default?
Open IE,
select tools - internet options - security
make sure Internet, local intranet etc are set to defaults.
select tools - internet options - general
clear the temporary internet files and any off-line content.
5. open IE -select tools - internet options - security
Select Internet
select Custom
scroll down to the bottom. What is user authentication set to?
Do the same for the Intranet zone. What is User Authentication set to?
6. If you create a new test user account, does the test user have the same issue?
7. How are your users authenticating to ISA server? Through Active Directory groups/user names?
Is this user a member of the correct groups?
Is this user in the allowed lists?