Microsoft KB Archive/903236

= You receive an &quot;HTTP 502 Proxy Error - The ISA Server requires a secure channel connection&quot; error message when you install security update MS05-034 for ISA Server 2000 =

Article ID: 903236

Article Last Modified on 6/14/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-





SYMPTOMS
After you install security update MS05-034 for Microsoft Internet Security and Acceleration (ISA) Server 2000, you no longer have outgoing Internet access. In this scenario, you receive an error message that is similar to the following:

HTTP 502 Proxy Error - The ISA Server requires a secure channel connection to fulfill the request. ISA Server is configured to respond to outgoing secure (that is, Secure Sockets Layer (SSL)) channel requests. (12211) Internet Security and Acceleration Server.



CAUSE
This problem occurs if the following conditions are true:
 * You install security update MS05-034 for ISA Server 2000.
 * The Basic authentication option is enabled on the outgoing Web proxy listener.



Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Prerequisites
You must have ISA Server 2000 Service Pack 2 installed.

Restart requirement
You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version        Size     File name -  06-Jul-2005  05:19  3.0.1200.431   402,424  W3proxy.exe



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
To work around this problem, you can set the AllowAskBasicAuthOverNonSecureConnection registry entry to a non-zero value. However, this workaround causes ISA Server 2000 to request Basic authentication over HTTP both for incoming Web publishing requests and for outgoing Web proxy requests. We recommend that you use this workaround with caution. For more information about this workaround, click the following article number to view the article in the Microsoft Knowledge Base:

821724 FIX: Basic credentials may be sent over an external HTTP connection when SSL is required

The hotfix that is described in Microsoft Knowledge Base article 821724 prevents a request by ISA Server 2000 for Basic authentication over HTTP. ISA Server 2000 makes this request when you select Basic authentication as the authentication method on the relevant Web proxy listener both for incoming Web publishing requests and for outgoing Web proxy requests.

This hotfix was intended to prevent requests for credentials over HTTP only in Web publishing scenarios. After you apply the hotfix in the Microsoft Knowledge Base article 821724, ISA Server 2000 prevents requests for Basic credentials over HTTP only for Web publishing requests. If you do not require Basic authentication for outgoing Web proxy requests, disable Basic authentication on the outgoing Web proxy listener.

For more information about security update MS05-034, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms05-034.mspx

For more information about how to install ISA Server 2004 hotfixes and updates, click the following article number to view the article in the Microsoft Knowledge Base:

885957 How to install ISA Server hotfixes and updates

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbqfe kbfix kbbug kbpubtypekc kbhotfixserver KB903236

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.