[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA2004 - Password Prompts

Posted on 2006-06-01
8
Medium Priority
?
466 Views
Last Modified: 2010-04-08
Hello,

We have a problem with a single user (out of approx 80) who keeps getting prompted to enter his password every time he tries to access a website through ISA2004. This problem does not happen to any other users.

We are only using ISA in web cache mode, and not using the firewall client.
The network setup is as follows:

   LAN         |                DMZ                               | Internet
Client      ->| CA eTrust SCM Filter -> ISA2004 ->| external website
                 |                                                     |

I have done a search on the forums, and made the following changes based on my findings:
unselected "Automatically Detect Proxy Settings" on the affected client's IE
unselected "Require all users to authenticate" under web proxy settings on the Internal Interface (Integrated auth is still selected)
modified the Web access rule to include authenticated users only.

This is working perfectly for all users on our domain except one who keeps getting prompted.

Any help on this issue would be much appreciated. Thanks!
0
Comment
Question by:shaunchristides
  • 3
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16813821
1. Can you confirm that this user has the same problem visiting a web site through isa if they log on at different work stations?
Iam assuming you have set the IE proxy browser settings for this user to match all the others.

2. if a different user logs on to the work station that is failing, do they get the same error when visiting a web site?

3. open the ISA GUI.
click on montioring - logging.
Click on start query
try to connect to a web site for this user, what do you see in the log?

4. Have you reset the IE explorer settings back to default?
Open IE,
select tools - internet options - security
make sure Internet, local intranet etc are set to defaults.

select tools - internet options - general
clear the temporary internet files and any off-line content.

5. open IE -select tools - internet options - security
Select Internet
select Custom
scroll down to the bottom. What is user authentication set to?

Do the same for the Intranet zone. What is User Authentication set to?

6. If you create a new test user account, does the test user have the same issue?

7. How are your users authenticating to ISA server? Through Active Directory groups/user names?
Is this user a member of the correct groups?
Is this user in the allowed lists?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 16813830
PS. You don't quite explain if the problem is for a user going to one specific web site (and all others are OK) OR it is this user going to any web site.
0
 
LVL 1

Assisted Solution

by:missystems
missystems earned 500 total points
ID: 16814782
I'm assuming CA eTrust SCM Filter has an ISA add-in to apply web content filtering?  If so, try disabling this add-in and seeing if the issue remains.

If the issue is fixed with CA eTrust SCM Filter add-in disabled, then CA eTrust SCM Filter is causing the issue, if not it's ISA...

MIS



0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16818413
Personally, I would think that the CA device would have affected all users or none of the users; not just affect one user differently but you never know...

0
 

Author Comment

by:shaunchristides
ID: 16838743
I have started logging for this user, and will be having a closer look at their setting while they are on lunch today, so i will be able to provide more answers then.

In answer to 7: the users are authenticated through AD - the group is just the All Authenticated Users group. There are no rules to allow different web access for different groups, there is just the one outbound rule for all authenticated users.
The problem occurs for one user only, when accessing ALL websites.

The SCM web filter is located on a seperate server, not an ISA add-in. Clients connect to the SCM server, which is then using the ISA server as an upstream proxy.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month19 days, 14 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question