+ Post New Thread
Results 1 to 1 of 1
Internet Related/Filtering/Firewall Thread, ISA 2006: GPO blocking user authentication?! in Technical; Ok we've had real problems getting our ISA 2006 up and running. Currently it's not operational which is obviously a ...
  1. #1
    Crispin's Avatar
    Join Date
    Dec 2008
    Thank Post
    Thanked 28 Times in 25 Posts
    Rep Power

    ISA 2006: GPO blocking user authentication?!

    Ok we've had real problems getting our ISA 2006 up and running. Currently it's not operational which is obviously a huge problem, so any ideas would be greatly appreciated.

    Client PC's when logged in as domain admins are able to get internet access fine. However if a non admin account tries to access we receive a 403 forbidden error.

    We traced this, and found that the clients weren't passing authentication credentials to the ISA server, they're just anonymous requests so the ISA fails due to it only accepting authenticated users.

    As a test, we put a computer object in an unmanaged OU without any group policies, gpupdated the machine and tried the internet. Works fine. Passed authentication and all rules applied perfectly to the 'all authenticated users' group. We tested this with a student/teacher account, worked fine.

    So we start disabling GPO's inherited by the original OU until we find that one of our GPO's (Curriculum User Settings) seemed to be causing the problem.

    We did the following:

    Disable the GPO (Fixes authentication problems, proxy and all rules work but obviously user settings destroyed!)
    Deleted all settings within the GPO manually (Authentication remained broken)

    Our only conclusion is that somehow that GPO has decided to arbitrarily break authentication with ISA 2006 and its clients. It's totally beyond me.

    Now the REALLY weird part...

    If we allow access to ALL users. We can get to google as students, but if we try wikipedia or other sites we get a 400 error.

    Can anyone please shed any light to this really odd problem. I've found a thread that's kind of similar but I can't be sure if it really helps:

    ISA Server 2006 Enterprise Blocking Random Sites

    Any ideas? Cos I'm totally out.

    At the moment my manager is VPNing into the network, rewriting the GPO from scratch, in the hope that will sort it. Not good!
    Last edited by Crispin; 19th February 2010 at 10:20 PM.

+ Post New Thread

Similar Threads

  1. ISA Server 2006 Enterprise Blocking Random Sites
    By fawkers in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 21st July 2009, 11:12 PM
  2. ISA 2006 blocking access to IP addresses
    By TheCrust in forum Windows
    Replies: 6
    Last Post: 16th January 2009, 01:57 PM
  3. Authentication Delegation in ISA 2006
    By KWIK in forum Windows
    Replies: 1
    Last Post: 27th March 2008, 11:02 AM
  4. ISA 2006 + blocking internet for AD group
    By Paid_Peanuts in forum Windows
    Replies: 8
    Last Post: 7th December 2007, 06:46 PM
  5. ISA Server 2006/2004 User Reports?
    By Quackers in forum Wireless Networks
    Replies: 1
    Last Post: 20th November 2006, 09:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts