Users are prompted for authentication credentials when Internet Explorer is configured for automatic discovery in ISA Server 2004 (889035)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

Consider the following scenario:
  • You configure Microsoft Internet Security and Acceleration (ISA) Server 2004 Web Proxy clients to obtain their proxy server settings by using automatic discovery.
  • The Internal network object is configured to require authentication.
In this scenario, users are prompted for authentication credentials when Microsoft Internet Explorer tries to access the Wpad.dat file. This symptom occurs even though users are already logged on to the network. If users specify their user name and password, everything works as expected.

If you change the Internet Explorer local area network (LAN) settings to manual configuration and then add the proxy server information, everything works as expected. Users are not prompted to authenticate when they are already logged on to the network.

CAUSE

This issue occurs if the IFPCEEWebProxy.SkipAuthenticationForRoutingInformation property is set to FALSE in ISA Server 2004.

RESOLUTION

To resolve this issue, set the IFPCEEWebProxy.SkipAuthenticationForRoutingInformation property to TRUE. To do this, follow the steps in this section.

ISA Server 2004, Standard Edition

Service pack information

To resolve this problem, obtain the latest service pack for ISA Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

891024 How to obtain the latest ISA Server 2004 service pack

Installation information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

You must have ISA Server 2004 Service Pack 1 or a later ISA Server 2004 service pack installed to resolve this issue. After you install the latest ISA Server 2004 service pack, set the value of the SkipAuthenticationForRoutingInformation registry entry to a value of 1 or to a higher value to skip authentication for routing information. Set this value even if the Internal network object is configured to require all users to authenticate. To configure this registry entry, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Services\W3Proxy\Parameters

  3. If the Parameters key does not exist, follow these steps:
    1. Right-click W3Proxy, point to New, and then click Key.
    2. Type Parameters as the key name, and then press ENTER.
    If the Parameters key does exist, right-click Parameters, point to New, and then click DWORD Value.
  4. Type SkipAuthenticationForRoutingInformation as the entry name, and then press ENTER.
  5. Right-click SkipAuthenticationForRoutingInformation, and then click Modify.
  6. In the Value data box, type a value of 1 to enable the registry setting, and then click OK.

    Note To enable or to disable the registry setting, use the following guidelines.
    Value set to 0, or the registry entry does not existRequire authentication for routing information if the internal network object is configured to require all users to authenticate.
    Value set to 1 or to a higher valueSkip authentication for routing information, even if the internal network object is configured to require all users to authenticate.
  7. Exit Registry Editor.
  8. Restart the Microsoft Firewall service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. Right-click Microsoft Firewall, and then click Restart.

ISA Server 2004, Enterprise Edition

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Copy the following Microsoft Visual Basic Scripting Edition (VBScript) code to a text editor such as Notepad.exe, and then use a .vbs extension to save the file.
    set ar = WScript.CreateObject( "FPC.Root" ).GetContainingArray
set wp = ar.ArrayPolicy.WebProxy
wp.SkipAuthenticationForRoutingInformation = True
wp.Save
  2. Double-click the .vbs file to run the script.
  3. Restart the Microsoft Firewall service. To do this:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. Right-click Microsoft Firewall, and then click Restart.

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

885683 You receive error messages if the Internet Security and Acceleration Server 2004 Firewall Client program is configured for auto-discovery or if you try to configure this program for auto-discovery

Modification Type:MajorLast Reviewed:4/20/2006
Keywords:kbautodiscovery kbAuthentication kbFirewall kbprb KB889035 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.