Article ID: 832168 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
When you use SecurID authentication to request a Web page that is published by a Web publishing rule in Microsoft ISA Server 2000, you are not redirected to the requested URL after you enter the correct credentials on the SecurID logon page. Instead, ISA Server responds with the SecurID logon page and prompts you to enter your SecurID credentials again.
This problem occurs if all the following conditions are true:
For more information about how to install ISA Server Feature Pack 1 and configure SecurID authentication, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2f92b02c-ac49-44df-af6c-5be084b345f9&DisplayLang=en.For more information about how to setup SecurID authentication in ISA Server 2000, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=2f92b02c-ac49-44df-af6c-5be084b345f9&DisplayLang=en.The problem does not occur if the initial request is immediately processed by the second Web publishing rule. For example, if the client first requests http://www.example.com, the page that is published by the first Web publishing rule redirects to http://www.example.com/securefolder/default.html. The second Web publishing rule processes this request, and the request is denied. If the client first requests http://www.example.com/securefolder/default.html, this problem does not occur.
This is a problem in the SecurID filter in ISA Server 2000. This filter does not send the correct redirection URL in response to a successful SecurID logon.
Hotfix informationA supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=supportNote The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
PrerequisitesISA Server 2000 Service Pack 1 and ISA Server Feature Pack 1 are required to install this hotfix.
For additional information about how to obtain ISA Server SP1 and ISA Server Feature Pack 1, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/313139/ )How to obtain the latest Internet Security and Acceleration Server 2000 service pack
(http://support.microsoft.com/kb/319380/ )ISA Server 2000 Feature Pack 1 overview
Hotfix replacement informationThis hotfix does not replace any other hotfixes.
Restart requirementYou must restart your computer after installing the hotfix.
The Hotfix applies to all ISA Server languages.
Date Time Version Size File name -------------------------------------------------- 22-Feb-2004 17:02 3.0.1200.305 178,448 Mspadmin.exe 22-Feb-2004 17:02 3.0.1200.305 103,184 Msphlpr.dll 22-Feb-2004 17:01 3.0.1200.305 393,488 W3proxy.exe 22-Feb-2004 17:02 3.0.1200.305 299,280 Wspsrv.exe 22-Feb-2004 17:01 3.0.1200.305 81,680 Sdisa.dll
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
ISA Server 2000 implements RSA authentication as follows:
To enable or to disable the SecurID authentication Webfilter, follow these steps:
To set SecurID authentication for your Web publishing rule, follow these steps:
To troubleshoot this problem, use Microsoft Network Monitor to analyze the HTTP traffic. After the client submits the SecurID credentials, the HTTP response from the ISA Server may include a response that is similar to the following:
Because the URL= field is empty, the client is not redirected to the original URL. After you install this hotfix, the response will look similar to the following:
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/824684/ )How to install Network Monitor in Windows 2000
Article ID: 832168 - Last Review: October 26, 2013 - Revision: 3.4