Users are prompted for authentication credentials when Internet Explorer is configured for automatic discovery in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition

Consider the following scenario:

• You configure Microsoft Internet Security and Acceleration (ISA) Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition Web Proxy clients to obtain their proxy server settings by using automatic discovery.
• The Internal network object is configured to require authentication.

In this scenario, users are prompted for authentication credentials when Microsoft Internet Explorer tries to access the Wpad.dat file. This symptom occurs even though users are already logged on to the network. If users specify their user name and password, everything works as expected.

If you change the Internet Explorer local area network (LAN) settings to manual configuration and then add the proxy server information, everything works as expected. Users are not prompted to authenticate when they are already logged on to the network.

This issue occurs if the IFPCEEWebProxy.SkipAuthenticationForRoutingInformation property is set to FALSE in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition.

To resolve this issue, set the IFPCEEWebProxy.SkipAuthenticationForRoutingInformation property to TRUE. To do this, follow the steps in this section.

ISA Server 2004, Standard Edition

Service pack information

To resolve this problem, obtain the latest service pack for ISA Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Installation information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

You must have ISA Server 2004 Service Pack 1 or a later ISA Server 2004 service pack installed to resolve this issue. After you install the latest ISA Server 2004 service pack, set the value of the SkipAuthenticationForRoutingInformation registry entry to a value of 1 or to a higher value to skip authentication for routing information. Set this value even if the Internal network object is configured to require all users to authenticate. To configure this registry entry, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Services\W3Proxy\Parameters
3. If the Parameters key does not exist, follow these steps:
   1. Right-click W3Proxy, point to New, and then click Key.
   2. Type Parameters as the key name, and then press ENTER.
   If the Parameters key does exist, right-click Parameters, point to New, and then click DWORD Value.
4. Type SkipAuthenticationForRoutingInformation as the entry name, and then press ENTER.
5. Right-click SkipAuthenticationForRoutingInformation, and then click Modify.
6. In the Value data box, type a value of 1 to enable the registry setting, and then click OK.
   
   Note To enable or to disable the registry setting, use the following guidelines.
   Collapse this tableExpand this table

   Value set to 0, or the registry entry does not exist	Require authentication for routing information if the internal network object is configured to require all users to authenticate.
   Value set to 1 or to a higher value	Skip authentication for routing information, even if the internal network object is configured to require all users to authenticate.

7. Exit Registry Editor.
8. Restart the Microsoft Firewall service. To do this, follow these steps:
   1. Click Start, click Run, type services.msc, and then click OK.
   2. Right-click Microsoft Firewall, and then click Restart.

ISA Server 2004, Enterprise Edition; ISA Server 2006, Standard Edition; ISA Server 2006, Enterprise Edition; and Microsoft Forefront Threat Management Gateway, Medium Business Edition

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

1. Copy the following Microsoft Visual Basic Scripting Edition (VBScript) code to a text editor such as Notepad.exe, and then use a .vbs extension to save the file.

   set ar = WScript.CreateObject( "FPC.Root" ).GetContainingArray
   set wp = ar.ArrayPolicy.WebProxy
   wp.SkipAuthenticationForRoutingInformation = True
   wp.Save

2. Double-click the .vbs file to run the script.
3. Restart the Microsoft Firewall service. To do this:
   1. Click Start, click Run, type services.msc, and then click OK.
   2. Right-click Microsoft Firewall, and then click Restart.

For more information, click the following article number to view the article in the Microsoft Knowledge Base: