Proxy-to-Proxy Authentication Does Not Work Between a Downstream ISA Server and an Upstream Proxy 2.0 Server (313525)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
This article was previously published under Q313525 SYMPTOMS
If you use a client computer that is behind an Internet Security and Acceleration (ISA) server, you may not be able to connect to external resources if the ISA server is configured to authenticate with an upstream Microsoft Proxy 2.0 server by using NTLM authentication.
CAUSE
This problem occurs because the ISA server goes into an authentication request loop when you use proxy-to-proxy NTLM authentication between a downstream ISA server and an upstream Proxy 2.0 server.
The Proxy 2.0 Server does not use a keep-alive connection when performing NTLM authentication and closes the session after an initial Hypertext Transfer Protocol (HTTP) 407 ("proxy authentication required") response. The ISA server goes into an authentication request loop because the ISA server needs the session to remain open because NTLM authentication is treated as session-based authentication.
RESOLUTIONThis problem was corrected in Internet Security and Acceleration Server Service Pack 1. For additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
WORKAROUND
To work around this problem, use basic authentication for proxy-to-proxy authentication.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
| Modification Type: | Major | Last Reviewed: | 2/4/2002 |
|---|
| Keywords: | kbenv kbISAServ2000sp1fix kbprb KB313525 |
|---|
|