Microsoft KB Archive/916705

= After you configure the rules on a ISA Server 2004 Service Pack 2 (SP2)-based computer, the computer may try to authenticate users =

Article ID: 916705

Article Last Modified on 7/25/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server Enterprise Edition Service Pack 2
 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 2

-





SYMPTOMS
You configure the rules on a Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2) computer to apply to all users. After you do this, the ISA Server computer may sometimes try to authenticate users who are running virtual private network (VPN) client computers. When ISA Server rules apply to all users, there is no reason to authenticate users.



RESOLUTION
To resolve this problem, follow these steps:  On the ISA Server computer, install the hotfix that is described in the following Microsoft Knowledge Base article:

916106 Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2

  Run the following Microsoft Visual Basic script on the ISA Server computer.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

Note After you run this script, the ISA Server computer no longer authenticates users when the computer evaluates the firewall policy rules. If any rule is applied to a user group, the rule will not match. We recommend that you be careful when you use this script. 'DisablePortPermAuthen begin Sub AddDisablePortPermissionAuthentication

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(&quot;DisablePortPermissionAuthentication&quot;) End If

if VendorSet.Value(&quot;DisablePortPermissionAuthentication&quot;) <> true Then

Err.Clear VendorSet.Value(&quot;DisablePortPermissionAuthentication&quot;) = true

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done with DisablePortPermissionAuthentication, saved!&quot; End If       End If    Else WScript.Echo &quot;Done with DisablePortPermissionAuthentication, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

AddDisablePortPermissionAuthentication 'DisablePortPermAuthen end --- To run this script, follow these steps:  Copy the script to a text editor such as Notepad, and then use a .vbs extension to save the file. Double-click the .vbs file to run the script. 



MORE INFORMATION
To revert to the default behavior that existed before you ran the script that is described in the &quot;Resolution&quot; section, run the following script. 'EnablePortPermAuthen begin Sub RemoveDisablePortPermissionAuthentication

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(&quot;DisablePortPermissionAuthentication&quot;) End If

if VendorSet.Value(&quot;DisablePortPermissionAuthentication&quot;) <> false Then

Err.Clear VendorSet.Value(&quot;DisablePortPermissionAuthentication&quot;) = false

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done with EnablePortPermissionAuthentication, saved!&quot; End If       End If    Else WScript.Echo &quot;Done with EnablePortPermissionAuthentication, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

RemoveDisablePortPermissionAuthentication 'EnablePortPermAuthen end ---

Keywords: kbhotfixserver kbtshoot KB916705

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.