Microsoft KB Archive/884560

= Enabling RADIUS authentication for the OWA Forms-Based Authentication in ISA Server 2004 =

Article ID: 884560

Article Last Modified on 4/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





SYMPTOMS
When you use the OWA (Outlook Web Access) Forms-Based Authentication on a Web publishing rule to publish an internal Web site such as OWA, you cannot use the RADIUS (Remote Authentication Dial-In User Service) authentication protocol to authenticate a user who logs on to the published site.



CAUSE
This problem occurs because Internet Security and Acceleration (ISA) Server 2004 uses Microsoft Windows authentication to authenticate a user who logs on to the published site that is configured for OWA Forms-Based Authentication.

Note If you use the RADIUS authentication on a Web publishing rule, you can no longer use the OWA Forms-Based Authentication to authenticate a user who logs on to the published site.



Service pack information
To resolve this problem, obtain and install the latest service pack for ISA Server 2004. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

891024 How to obtain the latest ISA Server 2004 service pack



After you install ISA Server 2004 Service Pack 1 (SP1), enable ISA Server 2004 to use RADIUS authentication for Web publishing rules that use OWA Forms-Based Authentication. To do this, follow these steps:  Click Start, click Run, type regedit, and then click OK. In Registry Editor, locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy

 On the Edit menu, point to New, and then click Key. Type Parameters, and then press ENTER.

Note A  key already exists under the   subkey. However, this is a different key. On the Edit menu, point to New, and then click DWORD Value. Type OwaAuthenticatesUsingRadius, and then press ENTER.</li> Right-click OwaAuthenticatesUsingRadius, and then click Modify.</li> In the Value data box, type 1, and then click OK.</li> Exit Registry Editor.</li> Restart the Microsoft ISA Server Control service.</li></ol>

To disable the RADIUS authentication for Web publishing rules that use OWA Forms-Based Authentication, follow these steps: <ol> Click Start, click Run, type regedit, and then click OK.</li> In Registry Editor, locate and then click the following registry key: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters

</li> In the right pane, right-click OwaAuthenticatesUsingRadius, and then click Modify.</li> In the Value data box, type 0, and then click OK.</li> Quit Registry Editor.</li> Restart the Microsoft ISA Server Control service.</li></ol>

Note This problem has been fixed in Microsoft ISA Server 2004 Enterprise Edition. However, you must follow the steps that are mentioned in the &quot;Resolution&quot; section of this article to enable ISA Server 2004 to use RADIUS authentication.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
To enable the OWA Forms-Based Authentication on a Web publishing rule in ISA Server 2004, follow these steps:
 * 1) Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
 * 2) In the left pane, expand.
 * 3) Click Firewall Policy.
 * 4) In the right pane, right-click the Web publishing rule that you want to configure.
 * 5) Click Properties, and then click the Listener tab.
 * 6) In the This rule applies to requests received on the following listener list, click the listener, and then click Properties.
 * 7) Click the Preferences tab, and then click Authentication.
 * 8) In the list, click to select the OWA Forms-Based check box.
 * 9) Click OK three times.

For more information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:

816915 New file naming schema for Microsoft Windows hotfix packages

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional query words: FBA

Keywords: kbisa2006swept kbqfe kbhotfixserver kbfix kbbug KB884560

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.