ISA authentication...
Results 1 to 9 of 9

Thread: ISA authentication...

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    177

    Angry ISA authentication...

    Hi all. I moved yesterday our ISA proxy (in cache mode) to another machine. We used to have an ISA 2000 SP1 in a Windows 2000 Server SP3 machine and now we have moved to a Windows 2003 Server with ISA 2000 SP2 (i'm waiting for the auth to acquire ISA2004) brand new machine. We use integrated authentication in the building but basic one with branch offices. The point is that in that places wher they're using basic authentication they used to write only the username and the password but now they are not able to connect if they don't use the "domain\username" form.

    I found this: http://support.microsoft.com/default...b;en-us;319376 but is not working for me even I've SP2 for ISA installed.

    Anyone who can helps me?

    Thank you all guys.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Also, if the user accounts exists in the domain where the ISA server itself is member, the "username" syntax is enough to authenticate the user.
    Did anything change regarding the domain membership of the ISA server? I.e. moved to a different domain?

    A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article.
    To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix.
    Did you obtain this fix?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Originally posted here by SirDice
    Did anything change regarding the domain membership of the ISA server? I.e. moved to a different domain?
    Actually the old ISA Server is one of the domain's DC and the new is not. We only have one domain.

    Did you obtain this fix?
    Is included in the Service Pack 2 for ISA Server 2000 which is installed in the new server.

    Thank you.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Actually the old ISA Server is one of the domain's DC and the new is not.
    This is probably it. On the old server the accounts where "local".
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Originally posted here by SirDice
    This is probably it. On the old server the accounts where "local".
    Yes, I though the same but then in the microsoft paper they say this:

    WORKAROUND
    If the user specifies "domainname\username" instead of only "username" when the user is prompted for credentials in the browser, the user is immediately authenticated against the correct domain where the user account exists. Also, if the user accounts exists in the domain where the ISA server itself is member, the "username" syntax is enough to authenticate the user.

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Yeah. I read it too. But it won't be the first time a KB article claims one thing and in reallity something else happens.

    But IIRC you can set the default domain where you define to use integrated/basic or digest authentication.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Yes, where you define the use of basic authentication there is a text box to put the default domain on it, i filled it with "domain.com", "DOMAIN" (that is how is filled in the old server) and finally, and after read this microsfot paper , with a backslash "\", but the result is the same...

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    This is the main reason why I stopped being an MS admin.......It should do this but it does that?!?!? I'm lost... It's probably something really silly..but what?!?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Senior Member
    Join Date
    Jul 2004
    Posts
    177
    Yes, I agree with you... one of the reasons I only changed the hard but not the soft (to ISA 2004) was that I've trouble enough for now and I didn't want to afford big changes with the clients... but now I've to told everyone (around 500 people) to change the authentication method even if I installed the same version of the software....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •