1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

ISA Server 2006 VPN Authentication

Discussion in 'Windows Server System' started by windux, 2007/07/18.

  1. 2007/07/18
    windux

    windux Inactive Thread Starter

    Joined:
    2005/06/12
    Messages:
    181
    Likes Received:
    0
    Hello guys,

    VPN users (windows xp pro and home edition) receive multiple authentication prompts to allowed intranet sites.
    I have ISA Server 2006 installed and they are not running firewall client or proxy. Integrated authentication is configured in ISA.
    No ssl, no ISA Array. VPN users are supplying credentials for a Web site and then credentials are again requested.
    Can you help me please?


    Thanks in advance.
     
    windux,
    #1
  2. 2007/07/20
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    You mention that the problem is Intranet pages : does this mean you are hosting the web applications they are connecting to?

    If so, I think it may be the way the applications are set up.

    If IIS is set up for anonymous connection, it will be the IIS service account (IUSR_SERVERNAME) that actually accesses the files used by or comprising the application.

    The alternative is for IIS to use Windows integrated authentication for each user. If you enable this option, each user will need to authenticate and have rights to the files used. If the application itself has its own authentication, you will then be running two authentication processes.

    I think VPN users may not be authenticating as easily or completely via Windows authentication as local users and therefore, are getting more prompts to log on.

    If your applications have their own authentication system, I'd check to see if you have anonymous IIS connection set up and if not consider using it. That is choose one authentication method rather than two. If IIS's authentication is the only one running, its probably best to leave it set.

    I'd start by testing the effect of changing the setting. Does it make a difference: if not return it to how it was set before you started testing.

    Also do think through the security implications of turning anonymous access on if it is off. Having your VPN users inconvenienced may be preferable to opening a security hole to everyone else. Read up on the use of these settings to make sure you have the right set up for your requirements. Here are a couple of places to start:

    http://support.microsoft.com/kb/264921

    http://technet2.microsoft.com/windo...261e-4bb4-bd6d-a394f61054041033.mspx?mfr=true
     
    ReggieB,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...