Solved

ISA 2006 block media player

Posted on 2011-03-25
9
816 Views
Last Modified: 2012-08-13
I just built an ISA 2006 server running W2K3 with the following settings. The ISA server is just used for web proxy.

Enable HTTP with port 80
Integrated and Basic Authentication
Requires all users to authenticate

When a user outside our network firewall trys to connect to a webcast that is using Windows Media Player, the player show all the correct images but does not start. When I try the webcast internally, it works fine.

My old ISA 2004 server works fine for users outside our network firewall.

The only difference between the 2004 and 2006 is that the 2004 does NOT require users to authenticate. Could this be the issue?

Thanks

0
Comment
Question by:AGenMIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35234552
User authentication should be forced only at the individual Rules,...never Globally.  Disable the Global setting.   MS should have removed that ability from the GUI a long time ago and save everyone a lot of grief.

WMP almost always fails to authenticate properly to a web proxy service,...this has been a historical thing with WMP.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35234587
Since the ISA is only a near meaningless "web caching server" in the configuration model you choose,...you've already thrown away 60% of the ISA capabilities,...you'd be better off to disable the proxy settings in the WMP and let the existing Firewall handle that.

If it were me the ISA would be run as a full firewall and would replace the existing Firewall totally.
0
 

Author Comment

by:AGenMIS
ID: 35260208
I'm behind the State's firewall so there is no need for me to use the Proxy as the firewall. I can't seem to figure out why it works with ISA 2004 and not with ISA 2006. Both networks are setup for Single Network Adapter. I unchecked the option Require All Users to Authenticate in ISA 2006 but still no luck. I'm comparing my ISA 2004 and 2006 settings and I'm not finding any differences.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 29

Expert Comment

by:pwindell
ID: 35260313
I'm behind the State's firewall so there is no need for me to use the Proxy as the firewall.

That isn't true.  You would just be creating a Back-to-Back DMZ between the ISA and the State's Firewall when you run the ISA/TMG are a real Firewall.  You cannot use the Firewall Client Software in a "Hork Mode" ISA/TMG arrangment,...yet it is the Firewall Client Software (that you can't use) that fixes or overcomes the WMP issue.

In a Hork Mode arrangement you will have to make your HTTP/HTTPS Rules anonyous for WMP to function correctly.
Never ever ever enable the Global "Require All Users to Authenticate". That will wreck things faster than you can imagine.  If you want authentication,..then force it at the individual Rules.
0
 

Author Comment

by:AGenMIS
ID: 35260367
Authentication is forced at the individuals rules. I'm sorry but I'm still new to ISA. How would I create a rule to make HTTP/HTTPS anonymous?

Thanks
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 35260427
In the Users Tab in the rule,....."All Users" = anonymous

Never combine "All Users" with anything else in the Users Tab of a Rule,...it has to either be by itself or not at all.  Mixing it would be telling ISA that you want authentication and anonymous at the same time,..which is impossible.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35260683
Wait a minute.

I'm looking back at the first post.  This is going to be one of those threads that drags on forever with no solid solution.  It is all backwards from what I first believed and I was misled a bit by your description.

1. The Users having the trouble are comming from the Outside,...not the Inside.   The Resource they are trying to reach is on the Inside,...not the Outside.

2. The Webcast does not use WMP,...it is the user watching the webcast that is using WMP (the two are not the same thing).

3. The Webcast is using whatever Streaming/Webcasting Product you are providing the Webcast with.  This product has to be published using a Non-Web Server Publishing Rule in order to be made available to users on the Outside.

4. I wouldn't have a clue what the Streaming/Webcasting Product requires in order to function over the ISA.  If it worked with ISA2004 then you have to look at the Publishing Rule that was using in ISA2004 and make sure it was done the same way.

5. You have to make sure the Webcasting Product is actually using the correct ISA to make the Outbound response.  IT is a pointless exercise if the Publishign comes in through the old ISA2004 but it tries to respond out the ISA2006,...or the reverse of Publishing inbound on the ISA2006 but it tries to respond out the ISA2004.  Just because the Inbound came in a certain path does not mean the Response goes out the same path,...the two are completely independent of each other,...but anyway,..the path must be Synchronous (same in both directions).
0
 

Author Comment

by:AGenMIS
ID: 35260971
Changing the user from our domain users to All Users did the trick. WMP now works for users outside our firewall. I have no clue on why it is working on my ISA 2004 server b/c that server does not have All Users listed. Any how, changing the user to All Users did the trick. Thanks for your help.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35261269
It just means that it is not using the Rule on the 2004 that you think it is.  Just because a Rule exists does not mean it is the one the traffic in question is actually using,...it can be more complex than that.   Anywa,...glad it worked out for you.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question