Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Users are prompted for authentication credentials when Internet Explorer is configured for automatic discovery in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition


View products that this article applies to.


Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows registry

↑ Back to the top


Symptoms

Consider the following scenario:
  • You configure Microsoft Internet Security and Acceleration (ISA) Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition Web Proxy clients to obtain their proxy server settings by using automatic discovery.
  • The Internal network object is configured to require authentication.
In this scenario, users are prompted for authentication credentials when Microsoft Internet Explorer tries to access the Wpad.dat file. This symptom occurs even though users are already logged on to the network. If users specify their user name and password, everything works as expected.

If you change the Internet Explorer local area network (LAN) settings to manual configuration and then add the proxy server information, everything works as expected. Users are not prompted to authenticate when they are already logged on to the network.

↑ Back to the top


Cause

This issue occurs if the IFPCEEWebProxy.SkipAuthenticationForRoutingInformation property is set to FALSE in ISA Server or in Microsoft Forefront Threat Management Gateway, Medium Business Edition.

↑ Back to the top


Resolution

To resolve this issue, set the IFPCEEWebProxy.SkipAuthenticationForRoutingInformation property to TRUE. To do this, follow the steps in this section.

ISA Server 2004, Standard Edition

Service pack information

To resolve this problem, obtain the latest service pack for ISA Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024� How to obtain the latest ISA Server 2004 service pack

Installation information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

You must have ISA Server 2004 Service Pack 1 or a later ISA Server 2004 service pack installed to resolve this issue. After you install the latest ISA Server 2004 service pack, set the value of the SkipAuthenticationForRoutingInformation registry entry to a value of 1 or to a higher value to skip authentication for routing information. Set this value even if the Internal network object is configured to require all users to authenticate. To configure this registry entry, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Services\W3Proxy\Parameters
  3. If the Parameters key does not exist, follow these steps:
    1. Right-click W3Proxy, point to New, and then click Key.
    2. Type Parameters as the key name, and then press ENTER.
    If the Parameters key does exist, right-click Parameters, point to New, and then click DWORD Value.
  4. Type SkipAuthenticationForRoutingInformation as the entry name, and then press ENTER.
  5. Right-click SkipAuthenticationForRoutingInformation, and then click Modify.
  6. In the Value data box, type a value of 1 to enable the registry setting, and then click OK.

    Note To enable or to disable the registry setting, use the following guidelines.
    Collapse this tableExpand this table
    Value set to 0, or the registry entry does not existRequire authentication for routing information if the internal network object is configured to require all users to authenticate.
    Value set to 1 or to a higher valueSkip authentication for routing information, even if the internal network object is configured to require all users to authenticate.
  7. Exit Registry Editor.
  8. Restart the Microsoft Firewall service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. Right-click Microsoft Firewall, and then click Restart.

ISA Server 2004, Enterprise Edition; ISA Server 2006, Standard Edition; ISA Server 2006, Enterprise Edition; and Microsoft Forefront Threat Management Gateway, Medium Business Edition

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Copy the following Microsoft Visual Basic Scripting Edition (VBScript) code to a text editor such as Notepad.exe, and then use a .vbs extension to save the file.
    set ar = WScript.CreateObject( "FPC.Root" ).GetContainingArray
    set wp = ar.ArrayPolicy.WebProxy
    wp.SkipAuthenticationForRoutingInformation = True
    wp.Save
  2. Double-click the .vbs file to run the script.
  3. Restart the Microsoft Firewall service. To do this:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. Right-click Microsoft Firewall, and then click Restart.

↑ Back to the top


More information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
885683� You receive error messages if the Internet Security and Acceleration Server 2004 Firewall Client program is configured for auto-discovery or if you try to configure this program for auto-discovery

↑ Back to the top


Keywords: KB889035, kbprb, kbfirewall, kbauthentication, kbautodiscovery

↑ Back to the top

Article Info
Article ID : 889035
Revision : 9
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 444