• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 225
  • Last Modified:

ISA 2004 Proxy Logging

Hi

Just a quick questing regarding proxy logging in ISA-2004. I’ve set all my users to authenticate with my server before being allowed access to the internet. When I view the proxy logs I see anonymous listed in ‘Client Username’ which have ‘failed connection’ before a third log below it with the correct domain/user details and access being allowed.

Basically it’s this:
 https://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tb_logging.mspx#LogsShowRequestsfromAnonymousUsers

I have validated that the anonymous requests are followed by a request from an actual, authenticated user. But I can’t get it to stop.

I’m not using the firewall client.

Any ideas?

Thanks.  
0
MrPrince
Asked:
MrPrince
  • 3
  • 2
1 Solution
 
Keith AlabasterCommented:
I know it is not the answer you want but the truth is it is doing what it should. Part of this process is the ISA returning a 'failed' signal and asking for the authentication.
0
 
MrPrinceAuthor Commented:
I thought it was, so is it safe to ignore these events? I.E. for every 'real' log entry there are two redundant ones. Can they be filtered out?
0
 
Keith AlabasterCommented:
Not as such as the purpose of the log is to show the activity and sequence of events. As the process (for example when you select authenticated users rather than All Users or you have ticked the box stating that all users must authenticate) demands these actions, the log would be incomplete without them. it is also a key part of the troubleshooting process. For example; you select Authenticated users for outbound web access. Now, the only anonymous connections should be from users who are going to fail or are going to receive the authentication box.
0
 
MrPrinceAuthor Commented:
Thought so... Ah well, thanks for the sounding board.
0
 
Keith AlabasterCommented:
Welcome :)
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now