Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Users cannot submit data to a Web site that you publish by using client certificate authentication in ISA Server 2004


View products that this article applies to.



Beta Information
This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location where you downloaded the release.
Beta Information
This article discusses a Beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this Beta product. For information about how to obtain support for a Beta release, see the documentation that is included with the Beta product files, or check the Web location where you downloaded the release.

↑ Back to the top


Symptoms

When you use client certificate authentication in Microsoft Internet Security and Acceleration (ISA) Server 2004 to publish a Web site, and then a user tries to submit data to that Web site, ISA Server 2004 closes the connection to the Web site.

↑ Back to the top


Cause

This issue occurs if the following conditions are true:
The Web publishing rule that you created in ISA Server 2004 is applied to a user or a group.
The Web listener in ISA Server 2004 is not configured to require authentication.
ISA Server 2004 limits the size of the client request body that can be obtained without requiring authentication. This limit is 64 kilobytes (KB). If the client request body is greater than 64 KB, ISA Server 2004 requires the receipt of a client certificate. In this scenario, if the client request body size is greater than 64 KB, ISA Server 2004 sends a FIN packet to close the session.

↑ Back to the top


Resolution

To resolve this issue, configure the ISA Server 2004 Web listener for the Web publishing rule to require all users to authenticate. To do this, follow these steps:
1.Open ISA Server Management, the Microsoft Management Console (MMC) that is included in ISA Server 2004.
2.Expand Server_Name, where Server_Name is the name of your ISA Server 2004 computer.
3.Click Firewall Policy, right-click the Web publishing rule that you want to modify, and then click Properties.
4.Click the Listener tab, and then click Properties.
5.Click the Preferences tab, and then click Authentication.
6.Click to select the Require all users to authenticate check box, and then click OK.
7.Click OK two times.
8.Click Apply to update your firewall configuration, and then click OK.

↑ Back to the top


More information

For additional information about Web listeners in ISA Server 2004, see the "Web listener overview" topic and the "Authentication" topic in ISA Server 2004 Help. To view these topics, follow these steps:
1.Open ISA Server Management.
2.On the Help menu, click Help Topics.
3.Click the Contents tab, expand Microsoft ISA Server, expand Firewall Policy, and then expand Firewall Policy: Concepts.
4.To view the "Web listener overview topic", expand Toolbox, expand Web Listeners, and then click Web listener overview.
5.To view the "Authentication" topic, expand Authentication, and then click Authentication Methods for Web Requests.
For additional information about related topics, click the following article number to view the article in the Microsoft Knowledge Base:
323426 How to configure the Web Publishing service to work with Internet Security and Acceleration Server in Windows Server 2003

↑ Back to the top


Keywords: KB870706, kbprb, kbfirewall, kbtshoot

↑ Back to the top

Article Info
Article ID : 870706
Revision : 3
Created on : 8/27/2004
Published on : 8/27/2004
Exists online : False
Views : 372