Article ID: 941162 - View products that this article applies to.
In Microsoft Internet Security and Acceleration (ISA) Server 2006, you cannot set a session time-out for private computers in a Web listener that has the RSA SecurID authentication method configured.
If the Collect additional delegation credentials in the form check box is not selected in Authentication tab of the Web listener properties, the Timeout for private computers box is disabled in the Advanced Form Options dialog box.
If the Collect additional delegation credentials in the form check box is selected in Authentication tab of the Web listener properties, the Timeout for private computers box is enabled in the Advanced Form Options dialog box. However, the RSA credentials always time out according to the value in the Timeout for public computers box, regardless of the value in the Timeout for private computers box.
By default, ISA Server 2006 does not support a time-out setting for private computers when RSA SecurID authentication is used.
To resolve this problem, apply the hotfix package that is described in the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/943215/ )Description of the ISA Server 2006 hotfix package: October 7, 2007
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The logon form that is used for SecureID authentication is also used for Radius OTP. However, the code for Radius OTP was not changed to support private or public computers. Therefore, when ISA authenticates Radius OTP based requests, it always considers only the public time-out. The browser on client side will persist the user name when "private computer" is selected with Radius OTP. However, private time-out will not be used.
Reverting this hotfixAfter you install the hotfix rollup package 943215, you can revert the behavior that is introduced in the current hotfix. After the hotfix reversion, the ISA Server Management console will still allow you to specify a time-out for private computers. The RSA SecurID form will still display the options to specify whether the client computer is a public computer or a private computer. The settings for private computers will have no effect.
To restore ISA Server 2006 to the pre-hotfix state, follow these steps:
Article ID: 941162 - Last Review: May 21, 2010 - Revision: 2.0
Contact us for more help