Cannot Leave Basic Authentication Entry Blank (294903)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000
This article was previously published under Q294903
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


WARNING: If you use the ADSI Edit snap-in and incorrectly modify the attributes of Active Directory objects, you can cause serious problems that may require you to reinstall Microsoft Windows 2000 Server or Microsoft Internet Security and Acceleration Server 2000. Microsoft cannot guarantee that problems resulting from the incorrect modification of Active Directory object attributes can be solved. Modify these attributes at your own risk. If you are running Windows NT or Windows 2000, you should also update your Emergency Repair Disk (ERD).

SYMPTOMS

When you try to specify a blank default domain under Basic Authentication (Basic with this domain) on the Outgoing/Incoming Web Requests tab in the ISA Authentication Domain dialog box, you are unable to do so because the OK button becomes unavailable after you delete the specified domain in the Select Domain dialog box.

RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this problem, note that you can delete the string in the Registry, in Active Directory, or you must set the ISA Server domain you want to authenticate, but you cannot leave the value empty. Use the appropriate method.

You Use the Standard Edition of ISA Server

If you use the Standard Edition of ISA Server, you can delete the relevant key in the registry:
  1. Start Regedit.exe. Do not use Regedt32.exe because you cannot use Regedt32.exe to search the registry.
  2. Search for the msFPCDomain key under the following registry keys:

    Outgoing Web Requests

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Arrays\CurrentArrayGUID\Servers\CurrentServerGUID\ForwardListen

    Incoming Web Requests

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\Arrays\CurrentArrayGUID\Servers\CurrentServerGUID\ReverseListen

    Note that the Values for CurrentArrayGUID and CurrentServerGUID can be found under the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc

  3. Double-click the msFPCDomain value.
  4. Delete the (now selected) value data.
  5. Quit Registry Editor.
  6. Start the MMC for the ISA Server to note that Basic Authentication now has no default domain.

You Use the Enterprise Edition of ISA Server

If you use the Enterprise Edition of ISA Server, you can change the relevant attribute in the Active Directory by using the ADSI Edit tool:
  1. Choose the Domain NC container.
  2. Double-click the following folders to expand them:

    DC=[your domain], DC=[root domain], CN=System, CN=Fpc, CN=Arrays

  3. Use Registry Editor to view the following registry key and find the CurrentArrayGUID and CurrentServerGUID values:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc

  4. In ADSI Edit, expand CN=[CurrentArrayGUID] and CN=Servers and CN=[CurrentServerGUID] to find the CN=ForwardListen for Outgoing Web Requests entry and the CN=ReverseListen for Incoming Web Requests entry.
  5. Depending on which authentication type you want to choose, open the appropriate CN properties by right-clicking it. This starts the String Attribute Editor.
  6. The msFPCDomain attribute contains your domain. Double-click it, but do not delete it or click Clear. If you do so, you receive an error message after you close the CN properties.
  7. Press and hold down ALT, and type 127 while you are holding ALT down.
  8. After you do this, you see the symbol for a pipe, but do not use the pipe character (|).
  9. Quit the String Attribute Editor, Registry Editor, and ADSI Edit, and then close the CN properties.
  10. Start the MMC for the ISA Server to note that Basic Authentication now has no default domain.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MajorLast Reviewed:6/11/2002
Keywords:kbenv kbnetwork kbprb kbui KB294903
©2002 Microsoft Corporation. All rights reserved.