Problem with Proxy-to-Proxy Authentication (239541)
The information in this article applies to:
- Microsoft Proxy Server 2.0
This article was previously published under Q239541 SYMPTOMS
Web browser clients may not be able to gain access to Web sites across a proxy array if the array is configured to resolve Web proxy requests within the array before routing upstream. Depending on the configuration of the proxy array, one of the following error messages may be displayed on the browser client:
Error 1326 : Logon failure : unknown username or bad password
Error 12201 A chained proxy server or array member requires proxy-to-proxy authentication. Please contact your server administrator.
This information applies only if Web Proxy is configured to use access control. Access control is used to force client authentication at the proxy server before allowing the client to gain access to the Internet or any cached Web objects. Because intra-array communication uses standard HTTP protocol methods, an array member making a request to another another array member appears to be a client to the destination server and is required to be authenticated.
CAUSE
The user credentials entered in the Advanced Configuration dialog box for routing within the array are invalid or do not have administrative privilege on all proxy servers within the array.
RESOLUTION
To resolve this issue, create or choose a domain account and add it to the Local Administrators group on each Proxy server.
If your Proxy servers are not members of a Microsoft Windows NT domain, create a common account on each server and place it in the Local Administrators group on each server.
Explicitly grant the account access to the WWW protocol on the Web Proxy permissions tab.
Use this account for intra-array communication. To specify the account for intra-array communication, view the Advanced Array Routing properties on the Web Proxy Routing tab. If Web Proxy is using Windows NT Challenge Response (NTLM) authentication, click to select the Windows NT Authentication check box.
To check the authentication types used by Web Proxy on a Microsoft Internet Information Server (IIS) 4.0 Proxy 2.0 server, view the Default Web Site's Directory Security tab and choose to edit the anonymous access and authentication control properties.
To check the authentication types used by Web Proxy on an IIS 3.0 Proxy 2.0 server, view the properties for the WWW service.
Modification Type: | Major | Last Reviewed: | 10/6/1999 |
---|
Keywords: | kbenv kberrmsg kbprb KB239541 |
---|
|