Enabling RADIUS authentication for the OWA Forms-Based Authentication in ISA Server 2004 (884560)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition

SYMPTOMS

When you use the OWA (Outlook Web Access) Forms-Based Authentication on a Web publishing rule to publish an internal Web site such as OWA, you cannot use the RADIUS (Remote Authentication Dial-In User Service) authentication protocol to authenticate a user who logs on to the published site.

CAUSE

This problem occurs because Internet Security and Acceleration (ISA) Server 2004 uses Microsoft Windows authentication to authenticate a user who logs on to the published site that is configured for OWA Forms-Based Authentication.

Note If you use the RADIUS authentication on a Web publishing rule, you can no longer use the OWA Forms-Based Authentication to authenticate a user who logs on to the published site.

RESOLUTION

Service pack information

To resolve this problem, obtain and install the latest service pack for ISA Server 2004. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

891024 How to obtain the latest ISA Server 2004 service pack

After you install ISA Server 2004 Service Pack 1 (SP1), enable ISA Server 2004 to use RADIUS authentication for Web publishing rules that use OWA Forms-Based Authentication. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy

  3. On the Edit menu, point to New, and then click Key.
  4. Type Parameters, and then press ENTER.

    Note A Parameters key already exists under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Performance subkey. However, this is a different key.
  5. On the Edit menu, point to New, and then click DWORD Value.
  6. Type OwaAuthenticatesUsingRadius, and then press ENTER.
  7. Right-click OwaAuthenticatesUsingRadius, and then click Modify.
  8. In the Value data box, type 1, and then click OK.
  9. Exit Registry Editor.
  10. Restart the Microsoft ISA Server Control service.
To disable the RADIUS authentication for Web publishing rules that use OWA Forms-Based Authentication, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters

  3. In the right pane, right-click OwaAuthenticatesUsingRadius, and then click Modify.
  4. In the Value data box, type 0, and then click OK.
  5. Quit Registry Editor.
  6. Restart the Microsoft ISA Server Control service.
Note This problem has been fixed in Microsoft ISA Server 2004 Enterprise Edition. However, you must follow the steps that are mentioned in the "Resolution" section of this article to enable ISA Server 2004 to use RADIUS authentication.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

To enable the OWA Forms-Based Authentication on a Web publishing rule in ISA Server 2004, follow these steps:
  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. In the left pane, expand ServerName.
  3. Click Firewall Policy.
  4. In the right pane, right-click the Web publishing rule that you want to configure.
  5. Click Properties, and then click the Listener tab.
  6. In the This rule applies to requests received on the following listener list, click the listener, and then click Properties.
  7. Click the Preferences tab, and then click Authentication.
  8. In the list, click to select the OWA Forms-Based check box.
  9. Click OK three times.
For more information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:

816915 New file naming schema for Microsoft Windows hotfix packages

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Modification Type:MinorLast Reviewed:9/18/2006
Keywords:kbISA2006Swept kbQFE kbHotfixServer kbfix kbbug KB884560 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.