N-central Help

KBA20007: ISA Firewall and Proxy Troubleshooting

Knowledge Base Article #: 20007
Applicable Versions: N-central 6.x, 7.x, 8.x, 9.x
Date Created/Updated: April 27, 2011

Introduction

Internet Security and Acceleration Servers, or ISA Servers, add an extra layer of security to your or your customer's network. This extra layer of security can prevent Agent and Probe communication and therefore render your Monitoring disabled.

Agents and Probes: Interaction with Authenticating Proxies (Microsoft ISA Server)

Agents and Probes are capable of communicating through the following Proxy Types.

  1. Non-Authenticating proxies
  2. Clear-Text Authenticating proxies
  3. ISA Authenticating Proxies (Microsoft ISA 2000 and 2004 Server )
Discussion
  1. Non-Authenticating proxies

    Confirm that the configured Proxy String is a properly formatted URI

    • http://<server name>:<port number>
    • https://<server name>:<port number>
    • https://192.168.0.10:8080
  2. Clear-Text Authenticating proxies.Confirm that the configured

    Proxy String is a properly formatted URI with the necessary Clear-Text Authentication credentials.

    • http://<proxy user>:<proxy password>@<server name>:<port number>
    • https://<proxy user>:<proxy password>@<server name>:<port number>
    • https://jsmith:Password@192.168.0.10:8080
  3. ISA Authenticating Proxies (Microsoft ISA 2000 and 2004 Server)

    Basic HTTP authentication must be turned on for the this to work, see method two in the below Microsoft knowledge base article.

    Authenticating Proxies, like Microsoft ISA 2000 and 2004 Server, require a properly formatted URI with the necessary ISA Authentication credentials.

    • https://<domain of the proxy>\<proxy user in domain>:<proxy password in domain>@<server name>:<port number>
    • https://OFFICE\jsmith:Password@192.168.0.10:8080

    However, it is possible to configure ISA Server to permit Direct Access which will allow the Agents and Probes to communicate with the Central Server.

Caution

The following document is an External Link and should be reviewed, approved, and implemented by a Microsoft Certified Professional holding a 'Microsoft Certified Systems Engineer + Internet' or equivalent designation.

Confirm with your Customer that the following operations are considered permissible. Do not proceed without their consent.

External Web Page : How to Allow Third-Party Internet Application Connections Through ISA Server 2000. Relevant Section: Method 2: Enable Basic Authentication for Outgoing Web Requests

This article should assist during your development of a configuration for the ISA server to permit Direct Access for the Agents and Probes through the ISA server.

How do I configure ISA Server to allow communication from Agents and Probes?

Agents and Probes are capable of communicating through the following Proxy Types.

  • Non-Authenticating proxies
  • Clear-Text Authenticating proxies
Authenticating Proxies

Authenticating Proxies, like Microsoft ISA Server, or the ISA Server instance within Microsoft Small Business Server, require an authentication type which prevent Agents and Probes from communicating with the Central Server.

However, it is possible to configure ISA Server to permit Direct Access which will allow the Agents and Probes to communicate with the Central Server.

Caution

The following document is an External Link and should be reviewed, approved, and implemented by a Microsoft Certified Professional holding a 'Microsoft Certified Systems Engineer + Internet' or equivalent designation.

Confirm with your Customer that the following operations are considered permissible. Do not proceed without their consent.

External Web Page: Configuring Web Proxy Clients for Direct Access

This article should assist during your development of a configuration for the ISA server to permit Direct Access for the Agents and Probes through the ISA server.