Users cannot submit data to a Web site that you publish by using client certificate authentication in ISA Server 2004 (870706)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition


Beta Information

This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location where you downloaded the release.

SYMPTOMS

When you use client certificate authentication in Microsoft Internet Security and Acceleration (ISA) Server 2004 to publish a Web site, and then a user tries to submit data to that Web site, ISA Server 2004 closes the connection to the Web site.

CAUSE

This issue occurs if the following conditions are true:
  • The Web publishing rule that you created in ISA Server 2004 is applied to a user or a group.
  • The Web listener in ISA Server 2004 is not configured to require authentication.
ISA Server 2004 limits the size of the client request body that can be obtained without requiring authentication. This limit is 64 kilobytes (KB). If the client request body is greater than 64 KB, ISA Server 2004 requires the receipt of a client certificate. In this scenario, if the client request body size is greater than 64 KB, ISA Server 2004 sends a FIN packet to close the session.

RESOLUTION

To resolve this issue, configure the ISA Server 2004 Web listener for the Web publishing rule to require all users to authenticate. To do this, follow these steps:
  1. Open ISA Server Management, the Microsoft Management Console (MMC) that is included in ISA Server 2004.
  2. Expand Server_Name, where Server_Name is the name of your ISA Server 2004 computer.
  3. Click Firewall Policy, right-click the Web publishing rule that you want to modify, and then click Properties.
  4. Click the Listener tab, and then click Properties.
  5. Click the Preferences tab, and then click Authentication.
  6. Click to select the Require all users to authenticate check box, and then click OK.
  7. Click OK two times.
  8. Click Apply to update your firewall configuration, and then click OK.

MORE INFORMATION

For additional information about Web listeners in ISA Server 2004, see the "Web listener overview" topic and the "Authentication" topic in ISA Server 2004 Help. To view these topics, follow these steps:
  1. Open ISA Server Management.
  2. On the Help menu, click Help Topics.
  3. Click the Contents tab, expand Microsoft ISA Server, expand Firewall Policy, and then expand Firewall Policy: Concepts.
  4. To view the "Web listener overview topic", expand Toolbox, expand Web Listeners, and then click Web listener overview.
  5. To view the "Authentication" topic, expand Authentication, and then click Authentication Methods for Web Requests.
For additional information about related topics, click the following article number to view the article in the Microsoft Knowledge Base:

323426 How to configure the Web Publishing service to work with Internet Security and Acceleration Server in Windows Server 2003

Modification Type:MinorLast Reviewed:8/27/2004
Keywords:kbFirewall kbtshoot kbprb KB870706 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.