Article ID: 905767
Article Last Modified on 12/4/2007
APPLIES TO
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
SYMPTOMS
Consider the following scenario:
- You are using a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004.
- The access rules include a Content Type rule to limit access to specific content.
- The ReturnAuthRequiredIfAuthUserDenied property is set to True for the relevant Web listener.
- ISA Server successfully validates a client's credentials the first time.
- The ISA Server rule base does not give access to the requested resource for the client's authenticated account.
In this scenario, the ReturnAuthRequiredIfAuthUserDenied property setting does not work. The client receives an error message that is similar to the following:
The client is then sent a Web page that indicates that a resource was denied. Additionally, if the rule base does not approve the initial credential request, ISA Server 2004 does not prompt the client for alternative credentials.
You expect the client to receive an error message that is similar to the following:
You also expect ISA Server 2004 to prompt the client for alternative credentials.
Note In this scenario, when the ReturnAuthRequiredIfAuthUserDenied property is set to False, the client receives the "HTTP Error 502" error message as you expect.
RESOLUTION
ISA Server 2004, Standard Edition
Service pack information
To resolve this problem, obtain the latest service pack for Internet Security and Acceleration Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024 How to obtain the latest ISA Server 2004 service pack
Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Prerequisites
To install this hotfix, you must have ISA Server 2004, Standard Edition Service Pack 1 (SP1) installed.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024 How to obtain the latest ISA Server 2004 service pack
Restart requirement
You do not have to restart the computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace any other hotfixes.
File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name ------------------------------------------------------- 10-Aug-2005 08:52 4.0.2163.279 661,216 W3filter.dll
ISA Server 2004, Enterprise Edition
Service pack information
To resolve this problem, obtain the latest service pack for Internet Security and Acceleration Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024 How to obtain the latest ISA Server 2004 service pack
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Internet Security and Acceleration Server 2004 Service Pack 2.
MORE INFORMATION
For more information about how to install ISA Server 2004 hotfixes and updates, click the following article number to view the article in the Microsoft Knowledge Base:
885957 How to install ISA Server hotfixes and updates
For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
REFERENCES
For more information about the ReturnAuthRequiredIfAuthUserDenied property, visit the following Microsoft Web site:
Keywords: kbbug kbfix kbqfe kbpubtypekc kbhotfixserver KB905767