Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy

Article translations Article translations
Article ID: 297080 - View products that this article applies to.
This article was previously published under Q297080
This article has been archived. It is offered "as is" and will no longer be updated.
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
Expand all | Collapse all

Symptoms

If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser.

These symptoms may occur if the downstream ISA Server computer is configured to require integrated authentication and if the upstream Web proxy server is also configured to require proxy authentication. In addition, the Routing rule on the downstream ISA Server computer is configured to provide Basic Authentication credentials to the upstream Web proxy server.

This behavior does not occur if the downstream ISA Server computer is not configured to provide any credentials or if it is configured to provide Integrated Authentication credentials to the upstream Web proxy server.

Cause

Under certain circumstances, Web browsers may try to authenticate a connection with the downstream ISA Server computer that has already been authenticated by using integrated authentication. This may cause the downstream ISA Server computer to pass those credentials to the upstream Web proxy server. Because the credentials are for the downstream ISA Server computer and not for the upstream Web proxy server, the server returns a "407 Proxy authentication required" HTTP response. The downstream ISA Server computer then passes this HTTP response back to the Web browser, causing the authentication prompt on the client computer. Because the client is unable to authenticate this request, it may cause incomplete HTML pages on the Web browser client.

Resolution

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this fix should have the following file attributes or later:
   Date      Time     Version      Size     File name  
   ----------------------------------------------------
   5/6/2001  02:03PM  3.0.1200.64  373,520  W3proxy.exe
				


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

More information

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To implement the functionality in this fix, create the following registry value:
  1. Stop the Web Proxy service.
  2. Start Registry Editor.
  3. Locate and click the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters
  4. Create a new DWORD value named RemoveRedundantProxyAuthorization. Give this new value a data value of 1.
  5. Start the Web Proxy service.
To revert to the original configuration, either remove the RemoveRedundantProxyAuthorization registry value, or change its data value to 0 (zero). After making either change, restart the Web Proxy service.

If you see the same symptoms when the upstream Web Proxy Server is running without any Access Control (it is using Anonymous access), then instead of installing this fix, implement the fix described in the following Microsoft Knowledge Base article:
317822 FIX: Problems with Web Browser if ISA Server 2000 Is Chained to an Upstream Web Proxy Server

Properties

Article ID: 297080 - Last Review: October 26, 2013 - Revision: 3.0
Applies to
  • Microsoft Internet Security and Acceleration Server 2000 Standard Edition
Keywords: 
kbnosurvey kbarchive kbautohotfix kbproductlink kbqfe kbhotfixserver kbenv kbisaserv2000sp1fix kbprb KB297080

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com