Microsoft KB Archive/313525

= Proxy-to-Proxy Authentication Does Not Work Between a Downstream ISA Server and an Upstream Proxy 2.0 Server =

Article ID: 313525

Article Last Modified on 10/29/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q313525



SYMPTOMS
If you use a client computer that is behind an Internet Security and Acceleration (ISA) server, you may not be able to connect to external resources if the ISA server is configured to authenticate with an upstream Microsoft Proxy 2.0 server by using NTLM authentication.



CAUSE
This problem occurs because the ISA server goes into an authentication request loop when you use proxy-to-proxy NTLM authentication between a downstream ISA server and an upstream Proxy 2.0 server.

The Proxy 2.0 Server does not use a keep-alive connection when performing NTLM authentication and closes the session after an initial Hypertext Transfer Protocol (HTTP) 407 (&quot;proxy authentication required&quot;) response. The ISA server goes into an authentication request loop because the ISA server needs the session to remain open because NTLM authentication is treated as session-based authentication.



RESOLUTION
This problem was corrected in Internet Security and Acceleration Server Service Pack 1.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack



WORKAROUND
To work around this problem, use basic authentication for proxy-to-proxy authentication.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbproductlink kbenv kbprb KB313525

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.