I don't know what's changed, nothing that I can think of.
When you run a query in Logging and it displays the Client Username they all appear as Anonymous, but it wasn't always like this.
I've checked the Authentication settings for the Local Network and Local Host and both are set to 'Require all users to Authenticate' using 'Integrated',
What's wrong with that? Surely it should be showing them up as they're Windows logon names not Anonymous?
(sp3)
I've got random users appearing as anonymous.
It happens on win xp clients and not on 2k clients
furthermore my first rule is a "banned rule" that denies access to members of an arbitrary security group.
for NO APPARENT REASON, anonymous matches this rule.
require all users to authenticate has to be off in order for anonymous to work
disabling banned rule causes anonymous to find the rule (#9) I want it to use.
If you have an anonymous Access Rule (which I guess a deny would count too) which is applied before other rules, then Usernames are not logged.
the 1st rule (banned) wasnt an anonymous access rule.
Was something I read somewhere but I dont' think that's the case sorry.
My first rule is for 'Pupils' only and I've got the problem.
i think its a side effect of this:
if ISA Server is unable to authenticate the user for whatever reason, that means that no credentials at all are presented to the ISA Server, then any request from that user will be denied by the first rule requiring user authentication regardless of whether its an allow or deny rule
my answer is that kerberos v5 in IE7 is incompatible with ISA2004. In order to stop all the anonymous connections you have to disable "Enabled Windows Integrated Authentication" but that option is omitted from group policy but i found an adm file here:
http://www.pragmaticutopia.com/index...ask=view&id=90
this thread details the issue more:
http://forums.isaserver.org/Proxy_au...2033963/tm.htm
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks