Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ISA 2004 Proxy Logging

Posted on 2006-07-10
5
220 Views
Last Modified: 2010-05-18
Hi

Just a quick questing regarding proxy logging in ISA-2004. I’ve set all my users to authenticate with my server before being allowed access to the internet. When I view the proxy logs I see anonymous listed in ‘Client Username’ which have ‘failed connection’ before a third log below it with the correct domain/user details and access being allowed.

Basically it’s this:
 https://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tb_logging.mspx#LogsShowRequestsfromAnonymousUsers

I have validated that the anonymous requests are followed by a request from an actual, authenticated user. But I can’t get it to stop.

I’m not using the firewall client.

Any ideas?

Thanks.  
0
Comment
Question by:MrPrince
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17077782
I know it is not the answer you want but the truth is it is doing what it should. Part of this process is the ISA returning a 'failed' signal and asking for the authentication.
0
 

Author Comment

by:MrPrince
ID: 17079740
I thought it was, so is it safe to ignore these events? I.E. for every 'real' log entry there are two redundant ones. Can they be filtered out?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17083664
Not as such as the purpose of the log is to show the activity and sequence of events. As the process (for example when you select authenticated users rather than All Users or you have ticked the box stating that all users must authenticate) demands these actions, the log would be incomplete without them. it is also a key part of the troubleshooting process. For example; you select Authenticated users for outbound web access. Now, the only anonymous connections should be from users who are going to fail or are going to receive the authentication box.
0
 

Author Comment

by:MrPrince
ID: 17090473
Thought so... Ah well, thanks for the sounding board.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17092619
Welcome :)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FQDN config to internal server 3 41
Sonicwall Email los and Alerts 1 63
palo alto VM series in AWS 3 116
Which the best UTM recommended ? 2 109
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question