Clients That Use an Automatic Configuration Script May Not Work Because of Proxy Authentication (305204)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
This article was previously published under Q305204 SYMPTOMS
Browser clients that are configured to use the default "Automatic Configuration Script" in ISA Server or "Automatically Detect Settings", may be unable to obtain access to Web sites through the Web Proxy service in ISA Server if it is configured to require proxy authentication.
The clients do not work only if proxy authentication is enforced on the ISA Server by selecting Ask unauthenticated users for identification under the Outgoing Web Requests tab. Also, the client must be requesting the automatic configuration script or the Wpad.dat file (from Automatically Detect Settings) from the TCP port that is specified on the Outgoing Web Requests tab.
If proxy authentication is instead enforced by site and content rules or protocol rules, the clients can obtain access to Web sites without any issues. Similarly, if the browser clients request the automatic configuration script or the Wpad.dat file from the auto discovery TCP port instead of the TCP port that is specified on the Outgoing Web Requests tab, access to Web Sites works correctly.
CAUSE
This problem can occur because when the browser client requests the default automatic configuration script or the Wpad.dat file on the TCP port that is specified on the Outgoing Web Requests tab, ISA Server incorrectly prompts the client for proxy authentication instead of the correct WWW authentication. Because an automatic configuration script or a Wpad.dat request is not a Web proxy request, but is instead a request for a local resource that is located on the ISA Server computer, the browser client fails when prompted for proxy authentication.
RESOLUTIONA supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Internet Security and Acceleration Server 2000 service pack that contains this hotfix. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site: NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
Before you apply this hotfix, the browser will stop responding. After you apply this hotfix, the browser may prompt you for authentication information. To resolve this issue, click to clear the Ask Unauthenticated Users for Identification check box, and then create Access Policy rules that only allow User groups to get access to all sites. This might be the Everyone group if you do not want to restrict outbound access.
STATUSMicrosoft has confirmed that this is a problem in Internet Security and Acceleration Server 2000. This problem was first corrected in Internet Security and Acceleration Server 2000 Service Pack 1.MORE INFORMATION
The request does not work only if the browser client is configured to use the default automatic configuration script. If the browser client instead is configured to use a custom automatic configuration script that is located on a different server than the ISA Server computer, there is no need to install this hotfix.
| Modification Type: | Major | Last Reviewed: | 4/7/2006 |
|---|
| Keywords: | kbQFE KBHotfixServer kbenv kberrmsg kbfix kbISAServ2000sp1fix kbprb kbui KB305204 |
|---|
|