Authentication in ISA 2006

Posted on 2008-11-11
Medium Priority
Last Modified: 2012-06-27

This should be an easy enough question but for some reason I can't figure it out.  Anyway, I've installed ISA on a member server (although to install ISA I had to remove the server from the domain, install it, then rejoin the domain).  All is working fine except in the log all client usernames show up as anonymous.  I changed the rules so as they only allowed authenticated users, rather than all users but that just blocked all requests, the log showing because the user was anonymous

I've installed the Firewall Client on my machine but that didn't do anythign to help this particular problem.  How do I set it so that the clients authenticate?

Try make the answer sound a little difficult so I don't seem so stupid :)

Thanks for your help.
Question by:lee_murphy
  • 2
  • 2

Author Comment

ID: 22937533
Just noticed something else, when I opened uTorrent, which is blocked, all the denied logs had a username lee.murphy, although it had a (?) after it.  But the web requests are still anonymous.

Expert Comment

ID: 22990018
You don't have to remove the server from the domain when installing ISA server. Maybe this is the origin of your problem.

Accepted Solution

NicolasQuenard earned 1500 total points
ID: 22990068
Also, i'm not to use authenticate user is the best way. Why aren't you using an ISA object user group YourCompanyNameUsers where you add the User Domain group of your Active Directory in it.

Finally, you will always find anonymous username in the logs, in general the client 1st try to not authenticate and then give the credentials once it got the access denied from ISA.

Author Comment

ID: 22992541
Hi Nicolas,  I had to remove it fromt he domain because as a member server I was getting the error "Setup failed while creating ISA Server storage" during install, then install would fail. I googled the error and pretty much everyone was saying, remove the server from the domain, install ISA, rejoin the domain.  I did that and it "seemed" to work.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question