After you configure the rules on a ISA Server 2004 Service Pack 2 (SP2)-based computer, the computer may try to authenticate users (916705)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 2
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 2
SYMPTOMS You configure the rules on a Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2) computer to apply to all users. After you do this, the ISA Server computer may sometimes try to authenticate users who are running virtual private network (VPN) client computers. When ISA Server rules apply to all users, there is no reason to authenticate users.RESOLUTIONTo resolve this problem, follow these steps: - On the ISA Server computer, install the hotfix that is described in the following Microsoft Knowledge Base article:
916106 Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2
- Run the following Microsoft Visual Basic script on the ISA Server computer.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
Note After you run this script, the ISA Server computer no longer authenticates users when the computer evaluates the firewall policy rules. If any rule is applied to a user group, the rule will not match. We recommend that you be careful when you use this script. '------------------------------------------------------------------------DisablePortPermAuthen begin
Sub AddDisablePortPermissionAuthentication()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value("DisablePortPermissionAuthentication")
End If
if VendorSet.Value("DisablePortPermissionAuthentication") <> true Then
Err.Clear
VendorSet.Value("DisablePortPermissionAuthentication") = true
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with DisablePortPermissionAuthentication, saved!"
End If
End If
Else
WScript.Echo "Done with DisablePortPermissionAuthentication, no change!"
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
AddDisablePortPermissionAuthentication
'------------------------------------------------------------------------DisablePortPermAuthen end
---
To run this script, follow these steps:- Copy the script to a text editor such as Notepad, and then use a .vbs extension to save the file.
- Double-click the .vbs file to run the script.
| Modification Type: | Minor | Last Reviewed: | 7/25/2006 |
|---|
| Keywords: | kbHotfixServer kbtshoot KB916705 kbAudITPRO |
|---|
|