Microsoft KB Archive/305204

= Clients That Use an Automatic Configuration Script May Not Work Because of Proxy Authentication =

Article ID: 305204

Article Last Modified on 10/29/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q305204



SYMPTOMS
Browser clients that are configured to use the default &quot;Automatic Configuration Script&quot; in ISA Server or &quot;Automatically Detect Settings&quot;, may be unable to obtain access to Web sites through the Web Proxy service in ISA Server if it is configured to require proxy authentication.

The clients do not work only if proxy authentication is enforced on the ISA Server by selecting Ask unauthenticated users for identification under the Outgoing Web Requests tab. Also, the client must be requesting the automatic configuration script or the Wpad.dat file (from Automatically Detect Settings) from the TCP port that is specified on the Outgoing Web Requests tab.

If proxy authentication is instead enforced by site and content rules or protocol rules, the clients can obtain access to Web sites without any issues. Similarly, if the browser clients request the automatic configuration script or the Wpad.dat file from the auto discovery TCP port instead of the TCP port that is specified on the Outgoing Web Requests tab, access to Web Sites works correctly.



CAUSE
This problem can occur because when the browser client requests the default automatic configuration script or the Wpad.dat file on the TCP port that is specified on the Outgoing Web Requests tab, ISA Server incorrectly prompts the client for proxy authentication instead of the correct WWW authentication. Because an automatic configuration script or a Wpad.dat request is not a Web proxy request, but is instead a request for a local resource that is located on the ISA Server computer, the browser client fails when prompted for proxy authentication.



RESOLUTION
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Before you apply this hotfix, the browser will stop responding. After you apply this hotfix, the browser may prompt you for authentication information. To resolve this issue, click to clear the Ask Unauthenticated Users for Identification check box, and then create Access Policy rules that only allow User groups to get access to all sites. This might be the Everyone group if you do not want to restrict outbound access.



STATUS
Microsoft has confirmed that this is a problem in Internet Security and Acceleration Server 2000. This problem was first corrected in Internet Security and Acceleration Server 2000 Service Pack 1.



MORE INFORMATION
The request does not work only if the browser client is configured to use the default automatic configuration script. If the browser client instead is configured to use a custom automatic configuration script that is located on a different server than the ISA Server computer, there is no need to install this hotfix.

Additional query words: hf 69 hf69 isahf69.exe isahf69

Keywords: kbproductlink kbqfe kbhotfixserver kbenv kberrmsg kbfix kbprb kbui KB305204

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.