Microsoft KB Archive/914532

= Error message when you send an HTTP TRACE command to a Web server that is published by an ISA Server 2004 SP2-based computer: &quot;HTTP 401 Unauthorized&quot; =

Article ID: 914532

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server Enterprise Edition Service Pack 2, when used with:
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 2, when used with:
 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





SYMPTOMS
When you send an HTTP TRACE command to a Web server that is published by a Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2)-based computer, you receive the following error message.

HTTP 401 Unauthorized



CAUSE
This behavior occurs because ISA Server 2004 SP2 disables the HTTP TRACE functionality to prevent a remote attacker from accessing sensitive information, such as authentication information, that is available in the HTTP headers.



WORKAROUND
To work around this behavior, you can enable the HTTP TRACE functionality for all Web publishing rules. To do this, follow these steps.

Warning If you enable HTTP TRACE functionality, you increase the security risk to the computer.  Paste the following code into a text editor such as Notepad:

-

' This script adds a new VendorParametersSets under the array root. ' add a new VendorParametersSet and add a value called &quot;AllowTRACEForPublishing&quot; set to 1. 

Sub AddAllowTRACEForPublishing

' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(&quot;AllowTRACEForPublishing&quot;) End If

if VendorSet.Value(&quot;AllowTRACEForPublishing&quot;) <> 1 Then

Err.Clear VendorSet.Value(&quot;AllowTRACEForPublishing&quot;) = 1

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done, saved!&quot; End If       End If    Else WScript.Echo &quot;Done, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

AddAllowTRACEForPublishing

=
=================

 Save the file by using the following file name: &quot;AllowISATrace.vbs.&quot; Type the following command at a command prompt to run the script:

cscript.exe AllowISATrace.vbs

Note You must run this script from the same location at which you saved the script in step 2.

Keywords: kbtshoot kbprb KB914532

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.