Enabling RADIUS authentication for the OWA Forms-Based Authentication in ISA Server 2004

Article ID: 884560 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you use the OWA (Outlook Web Access) Forms-Based Authentication on a Web publishing rule to publish an internal Web site such as OWA, you cannot use the RADIUS (Remote Authentication Dial-In User Service) authentication protocol to authenticate a user who logs on to the published site.
Back to the top | Give Feedback

CAUSE

This problem occurs because Internet Security and Acceleration (ISA) Server 2004 uses Microsoft Windows authentication to authenticate a user who logs on to the published site that is configured for OWA Forms-Based Authentication.

Note If you use the RADIUS authentication on a Web publishing rule, you can no longer use the OWA Forms-Based Authentication to authenticate a user who logs on to the published site.
Back to the top | Give Feedback

RESOLUTION

Service pack information

To resolve this problem, obtain and install the latest service pack for ISA Server 2004. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
891024
(http://support.microsoft.com/kb/891024/ )
How to obtain the latest ISA Server 2004 service pack
Back to the top | Give Feedback
After you install ISA Server 2004 Service Pack 1 (SP1), enable ISA Server 2004 to use RADIUS authentication for Web publishing rules that use OWA Forms-Based Authentication. To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy
  3. On the Edit menu, point to New, and then click Key.
  4. Type Parameters, and then press ENTER.

    Note A
    Parameters
    key already exists under the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Performance
    subkey. However, this is a different key.
  5. On the Edit menu, point to New, and then click DWORD Value.
  6. Type OwaAuthenticatesUsingRadius, and then press ENTER.
  7. Right-click OwaAuthenticatesUsingRadius, and then click Modify.
  8. In the Value data box, type 1, and then click OK.
  9. Exit Registry Editor.
  10. Restart the Microsoft ISA Server Control service.
To disable the RADIUS authentication for Web publishing rules that use OWA Forms-Based Authentication, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters
  3. In the right pane, right-click OwaAuthenticatesUsingRadius, and then click Modify.
  4. In the Value data box, type 0, and then click OK.
  5. Quit Registry Editor.
  6. Restart the Microsoft ISA Server Control service.
Note This problem has been fixed in Microsoft ISA Server 2004 Enterprise Edition. However, you must follow the steps that are mentioned in the "Resolution" section of this article to enable ISA Server 2004 to use RADIUS authentication.
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top | Give Feedback

MORE INFORMATION

To enable the OWA Forms-Based Authentication on a Web publishing rule in ISA Server 2004, follow these steps:
  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. In the left pane, expand ServerName.
  3. Click Firewall Policy.
  4. In the right pane, right-click the Web publishing rule that you want to configure.
  5. Click Properties, and then click the Listener tab.
  6. In the This rule applies to requests received on the following listener list, click the listener, and then click Properties.
  7. Click the Preferences tab, and then click Authentication.
  8. In the list, click to select the OWA Forms-Based check box.
  9. Click OK three times.
For more information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:
816915
(http://support.microsoft.com/kb/816915/ )
New file naming schema for Microsoft Windows hotfix packages
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684
(http://support.microsoft.com/kb/824684/ )
Description of the standard terminology that is used to describe Microsoft software updates
Back to the top | Give Feedback

Properties

Article ID: 884560 - Last Review: April 4, 2007 - Revision: 7.5
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
Keywords: 
kbisa2006swept kbqfe kbhotfixserver kbfix kbbug KB884560
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top