Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Incomplete HTML Pages and Random Authentication Messages Occur When ISA Server Is Chained to an Anonymous Upstream Web Proxy Server


View products that this article applies to.

This article was previously published under Q307457

↑ Back to the top


Symptoms

Incomplete Hypertext Markup Language (HTML) pages and random authentication messages may be displayed in the Web browser when you chain Internet Security and Acceleration (ISA) Server 2000 to an anonymous upstream Proxy 2.0 Web proxy server.

↑ Back to the top


Cause

This problem can occur if you configure the downstream ISA Server computer to use the Integrated Windows authentication method, and if the upstream Proxy 2.0 Web proxy server does not require any access control (it allows Anonymous access).

Under certain circumstances, a Web browser may try to authenticate a connection with the downstream ISA Server computer that has already been authenticated by using the Integrated Windows authentication method. As a result, the downstream ISA Server computer passes those credentials to the upstream Proxy 2.0 Web proxy server. Because the credentials are for the downstream ISA Server computer and not for the upstream Proxy 2.0 Web proxy server, the Proxy 2.0 Web proxy server may return a "407 Proxy authentication required" Hypertext Transfer Protocol (HTTP) response. The downstream ISA Server computer passes this HTTP response back to the Web browser, and an authentication message is displayed on the client computer.

↑ Back to the top


Resolution

To resolve this issue implement the fix described in the following Microsoft Knowledge Base article:
317822� FIX: Problems with Web Browser If ISA Server 2000 Is Chained to an Upstream Web Proxy Server

↑ Back to the top


Workaround

To work around this problem, disable either Windows NT Challenge/Response (if you are running Internet Information Server [IIS] 4.0) or Integrated Windows authentication (if you are running Internet Information Services [IIS] 5.0) on the default Web site on the upstream anonymous Proxy 2.0 Web proxy server. To do so:
  1. Click the Directory Security tab in the default Web site properties
  2. Click to clear either the Windows NT Challenge/Response check box (in IIS 4.0) or the Integrated Windows authentication check-box (in IIS 5.0).
After you complete this procedure, the upstream Proxy 2.0 Web proxy server consumes the redundant Proxy-Authorization HTTP header that is sent by the browser. As a result, the server does not reply with a "407 Proxy authentication required" HTTP response.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


More information

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
297080� Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy

↑ Back to the top


Keywords: KB307457, kbprb, kbenv

↑ Back to the top

Article Info
Article ID : 307457
Revision : 2
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 359