MSN messenger with ISA server 1

[Stoffeldd]

Hy,

We have in our internal LAN (W2K network) an MSN messenger over exchange server for internal messeging. Now that we configured the ISA server for file caching (not firewalling), the messenger won't work anymore with the following error message: Proxy authentication failed. Check your username and password on the connection tab. Even when we configure the right proxyserver with the right username and password it still doesn't work. when I take away the proxysettings in IE it works, but I have to make it work with the proxysettings. Is there a solution?

Thx in advance!

 

[Zelandakh]

yup - ISA is set to allow web surfing, but you gotta now allow MSN messenger through too. Going via ISA will let port 80 stuff work, taking it off means all ports work.

 

[rubbaninja]

Uncheck the "require auth for outgoing requests" under the ISA server properties and use your site and content rules, destination sets and what not to require auth then add a rule that allows any traffic to your destination.
Since this is not a firewall you will not have an issue.
You will find that this will also solve any problems you have using apps inside your browser (like java apps, online meetings, etc.)
We had users attempting to access one online app that used java applet. When I enabled the java console it kinda led me to the fact that an anonymous request was sent to the isa server first... since I had outgoing web requests set to "require authentication" it failed.
So, now if I get a user complaining they cannot get to their "sametime meeting" (for example), I get the address and add it to a destination set i dubbed "Fine just go". This destination set is added to a site and content rule that has "allow all" set.
I have another site and content rule that I plug in my "Proxy user" group into for an allow to all destinations.
The Allow all rule is applied first and allows the access.

I use a cache mode server only too. If you are using internal messaging it shouldn't even go through the ISA server but try the above anyway.

Also try:
Allow all IP traffice under proto rules too.
Add a routing rule to route the request directly to the destination.

And, finally if you want to get OUTside with messenger.... do not have your default route on your network pointing to your ISA server. All unknown traffic should go to your choke router or firewall and never to your ISA. Lots of ppl can their firewall or intergrated mode ISA configuration and do cache only because they don't realize that having their default route for unknown traffic on their internal routers pointing to their ISA. This makes everyone behind that router a NAT client. YeeeHaw. And if you don't know your all NAT clients your going to have a lot of fun trying to "fix" your ISA server.
(thought I'd throw that in cause I had that issue and found out the hard way months after the fact when I had some ISA classes) Big duh there.

Anyway, I don't know if any of that will help you. Don't know if MSN messenger has PROXY settings in the app.... if that's the case all the junk I typed above means nothing and you will need to kill proxy settings from messenger.
Also, firewall clients on users workstations must be removed.

=)
Tell me what happens, I'm curious.
A

 

[Stoffeldd]

Hy,

None of the above solutions worked. Although I did found the solution, and it was quite siple: I just had to add the dns name of our exchage (MSN Messenger) server to the proxy exceptions of the client.

Thanks anyway!

Stoffel

 

[rubbaninja]

I think that's the *only* thing I didn't say
It's always good to add your internals to exception list.

Glad yo fixed it!

A