Article ID: 912122 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
When you try to connect to a Web site that is published by using Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 2 (SP2), you receive an error message. If the ISA Server Web listener has Basic authentication enabled, you receive the following error message:
If the ISA Server Web listener has RADIUS authentication or Microsoft Outlook Web Access Forms-Based authentication (Cookie-auth) enabled, you receive the following error message:
Error Code: 403 Forbidden.
The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator. (12211)
Error Code: 500 Internal Server Error.
An internal error occurred. (1359)
This issue occurs if all the following conditions are true:
For ISA Server 2004 versions that are earlier than ISA Server 2004 SP2, you are prompted to enter credentials in clear text. This behavior may cause the credentials to be transmitted over the network in clear text if you have not implemented some other form of network security, such as an external Secure Sockets Layer (SSL) accelerator or an encrypted tunnel. ISA Server does not provide these forms of security.
ISA Server 2004 SP2 prevents you from entering credentials in clear text. When you try to do this, you receive an error message.
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
To work around this issue, configure ISA Server 2004 SP2 to behave like earlier versions of ISA Server 2004. To do this, you may either run the Microsoft Fix it solution discussed in the Fix it for me section or the Microsoft Visual Basic script discussed in the Let me fix it myself section. The Fix it siolution and the script both set a value that is named AllowAskBasicAuthOverNonSecureConnection in a new vendor parameters set under the root of the ISA Server 2004 array.
Fix it for meTo fix this problem automatically, click the Fix it button or link. Click Run in the File Download dialog box, and then follow the steps in the Fix it wizard.
Fix this problem
Microsoft Fix it 50483
Note this wizard may be in English only; however, the automatic fix also works for other language versions of Windows.
Note If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD, and then you can run it on the computer that has the problem.
Let me fix it myselfTo fix this problem yourself, run the following script on the ISA Server 2004 where you want to cnage the configuration.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
For more information about ISA Server 2004, visit the following Microsoft Web site:
Article ID: 912122 - Last Review: October 11, 2010 - Revision: 2.0