Troubleshoot ISA Server 2000 configuration issues

Get suggestions on how to resolve problems configuring ISA Server 2000 in this ITKnowledge Exchange Tip of the Week.

The following is the ITKnowledge Exchange Tip of the Week for Feb.21, 2005.

Question #1

"waynebk" writes:
I'm having a problem configuring our ISA Server 2000 to show user names in the weekly reports that we generate. I found the following suggestions at http://www.isaserver.org/tutorials/userinfo.html and have completed the following steps, but to no avail:
- Configure the log files to record user information
- Configure all machines on the internal network as Web Proxy and Firewall clients
- Remove all anonymous access Site and Content and/or Protocol Rules
- Disable the HTTP Redirector

The ISA Firewall client was installed on all of our approximately 40 workstations via a login script. They are configured to connect to our ISA Server via the IP address specified. The weird thing is, three or four of the users are logging correctly, but the rest show only IP addresses. I cannot for the life of me figure out what is causing this. Any help is greatly appreciated.

Responses

  • "ghigbee" writes: I had a similar problem, and the only way I found to resolve it was to remove ANY rules that involved anonymous access. Once I did that it seemed to work okay.
  • Follow-up Question

    "waynebk" writes:
    I have the following three site and content rules:
    1. Users Allow Rule -- Applies to:Users and group specified below:Everyone
    2. Servers allow rule -- Applies to:Client address sets specified below:[A client address set the I created that contains IP addresses for our servers]
    3. Proxy rule -- Applies to:Any request

    Is there something wrong in this configuration? Might I have anonymous access rules in my protocol rule set up? Could you provide insight as to how these should be configured? I am definitely new at this and am in the process of reading an ISA Server book written by Shinder as we speak.

    Responses

  • "ghigbee" writes: The third rule that you listed appears to be an anonymous rule. I would change that to authenticated users or Domain Users for the group if you need it to apply to everyone. See if that takes care of the problem. The issue is that anonymous rules get applied before the other rules.
  • Get additional recommendations here.
  • Start your own discussion

    Do you have a Windows security dilemma that needs quick attention? Talk about it in ITKE.


    About the ITKnowledge Exchange
    ITKnowledge Exchange is a place where IT pros can share ideas, expertise and get answers to their technical and strategic questions. It provides direct access between groups or individuals who are grappling with similar IT issues in a safe and seamless environment. Click to start participating today or go to the Tip of the Week archives.

    Dig deeper on Windows Server and Network Security

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close