spacer search

After Hours Information Technology -
The small IT business for your small business.

Main Menu
Web Hosting
Domain Lookup
Speed Test
Contact Us
Privacy Policy
News Feeds
Microsoft ISA Server

The case of the unusual credential popup PDF Print E-mail
Frequently Asked Questions - Microsoft ISA Server

I recently replied to a post by someone on the forums where he was having a problem with a particular site and defined destination set not working.

(See;f=2;t=014532 for original posting)

Basically he had a destination to that contained the site in question, lets say and then he had a S&C (Site & Content) rule allowing access to that destination set all the time for all users (anonymous access.)
Like a good administrator he normally required user authentication for Internet usage but had set this up as a "can go anywhere" site.

The problem was, when someone who wasn't specifically allowed internet access tried to access that site, they were prompted to enter user credentials... despite his rule allowing it.

Fortunately, we've encountered this type of thing before when trying to set up other "freebie" sites for users, such as & (Australia phone listings). In those cases the original website tries to load images from other another site. From memory it was something like

Now these images could have been "static" pictures on the page or often as part of add banner rotations.

The killer of course is we've defined a rule that says we allow, not and so that's why the user is prompted for credentials.
Normally it's really easy to see what's actually causing this credential popup. 2 methods come to mind:

1) Simply go to the page, cancel the popup request for credentials... over and over if need be and when the page finally finishes loading, click "View" "Source" from your browser toolbar and then do a text search for "http". This will find either a "a href" link to another site or an "img src" for images. If the later, and the URL is different from the site you're visiting, then there's your culprit

2) The second method is a little more long winded. When prompted for credentials, enter some that have "full" internet access and browse around the site, then about 10 minutes after you've finished, go to the (default location) c:\program files\microsoft isa server\ISAlogs and search for the IP address of the client machine you were using in the days logfiles. eg: find "" webdyyyymmdd.log > where.txt
Now you can look at "where.txt" and it will show everywhere that machine has browsed to. Do a quick text search for the username you entered above and you can see exactly what is forcing the credential popup. More often than not it's an image or a flash file. In the case of the problem mentioned from, this was a secure site so the browser won't let your view source!

In the case of the problem mentioned from, this was a secure site so the browser won't let your view source!

One caveat with the logging of access for secure sites is that it lists basically ONLY the base URL eg: and not the "full" URL of as ISA maintains the users "privacy". In actual fact, ISA is rally just passing the results of the browsers request direct to the client as it can't see "inside" the encrypted SSL (Secure Sockets Layer) data stream.

Fortunately for Jim an educated guess managed to identify the culprit. It was a "secure site" logo/image that was coming from the external site.
Sometimes you can get lucky with secure site by doing the 2nd method above and it'll show the external site.
Oh, and remember, when defining the sites in a destination set that will be accessed via HTTPS (secure), NEVER EVER put in a subdirectory, only ever put the base URL name. As above , ISA cant see inside the secure data stream and because it cant decipher what's coming in to check if it's allowed based on matching the subdir in the destination list, it'll deny the whole thing regardless!



< Prev   Next >
Who's Online
We have 36 guests online
Locations of visitors to this page
I plan on installing Microsoft Vista:


Copyright 2004 2005 After Hours Information Technology