Article ID: 916705
Article Last Modified on 7/25/2006
APPLIES TO
- Microsoft Internet Security and Acceleration Server Enterprise Edition Service Pack 2
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 2
SYMPTOMS
You configure the rules on a Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2) computer to apply to all users. After you do this, the ISA Server computer may sometimes try to authenticate users who are running virtual private network (VPN) client computers. When ISA Server rules apply to all users, there is no reason to authenticate users.
RESOLUTION
To resolve this problem, follow these steps:
- On the ISA Server computer, install the hotfix that is described in the following Microsoft Knowledge Base article:
916106 Update for HTTP issues in Internet Security and Acceleration Server 2004 Service Pack 2
Run the following Microsoft Visual Basic script on the ISA Server computer.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
Note After you run this script, the ISA Server computer no longer authenticates users when the computer evaluates the firewall policy rules. If any rule is applied to a user group, the rule will not match. We recommend that you be careful when you use this script.'------------------------------------------------------------------------DisablePortPermAuthen begin Sub AddDisablePortPermissionAuthentication() ' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject("FPC.Root") 'Declare the other objects needed. Dim array ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet ' An FPCVendorParametersSet object ' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets On Error Resume Next Set VendorSet = VendorSets.Item( "{143F5698-103B-12D4-FF34-1F34767DEabc}" ) If Err.Number <> 0 Then Err.Clear ' Add the item Set VendorSet = VendorSets.Add( "{143F5698-103B-12D4-FF34-1F34767DEabc}" ) CheckError WScript.Echo "New VendorSet added... " & VendorSet.Name Else WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value("DisablePortPermissionAuthentication") End If if VendorSet.Value("DisablePortPermissionAuthentication") <> true Then Err.Clear VendorSet.Value("DisablePortPermissionAuthentication") = true If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError If Err.Number = 0 Then WScript.Echo "Done with DisablePortPermissionAuthentication, saved!" End If End If Else WScript.Echo "Done with DisablePortPermissionAuthentication, no change!" End If End Sub Sub CheckError() If Err.Number <> 0 Then WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description Err.Clear End If End Sub AddDisablePortPermissionAuthentication '------------------------------------------------------------------------DisablePortPermAuthen end ---To run this script, follow these steps:
- Copy the script to a text editor such as Notepad, and then use a .vbs extension to save the file.
- Double-click the .vbs file to run the script.
MORE INFORMATION
To revert to the default behavior that existed before you ran the script that is described in the "Resolution" section, run the following script.
'------------------------------------------------------------------------EnablePortPermAuthen begin
Sub RemoveDisablePortPermissionAuthentication()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value("DisablePortPermissionAuthentication")
End If
if VendorSet.Value("DisablePortPermissionAuthentication") <> false Then
Err.Clear
VendorSet.Value("DisablePortPermissionAuthentication") = false
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with EnablePortPermissionAuthentication, saved!"
End If
End If
Else
WScript.Echo "Done with EnablePortPermissionAuthentication, no change!"
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
RemoveDisablePortPermissionAuthentication
'------------------------------------------------------------------------EnablePortPermAuthen end
---
Keywords: kbhotfixserver kbtshoot KB916705
