I have an ISA 2004 Standard Server (on Win2k3 SP2) used as proxy in a Windows 2003 Active Directory. Client is Win XP SP2, IE7
Today I suddenly had a problem with one single user, and it just started during the day. I am not aware of any changes on his machine or the proxy server. The user's password was reset by the helpdesk this morning. The user is in a remote site.
When he tries to open a web page thru the proxy, he gets a popup box asking for his credentials. In the proxy log I can see that it's not authenticating correctly, we only get "anonymous" as username. I confirmed that his password is correct. His client was rebooted. He has current Kerberos tickets (krbtgt, Service Tickets for the proxy server). Entering the correct username does not help.
Now when he tries to logon or enters his password, I get a 529 Logon Failure Audit in the event log in the proxy, however it looks like that (see code window). So instead of his using user name I get this strange string.
When we enter a different username and password in the popup box, it authenticates just fine, and we get to the Internet. This made me think it's only a problem when using Kerberos, so I disabled "Integrated Windows Authentication" in his Internet Explorer, restarted it, and now it works just fine.
Anybody seen this before?
Reason: Unknown user name or bad password
User Name: ` F+
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: MYPROXYSERVER
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 320
Transited Services: -
Source Network Address: -
Source Port: -