Security Update MS05-034 might break outbound Web access on ISA Server 2000

by Stefaan Pouseele [Published on 16 June 2005 / Last Updated on 20 May 2013]

Applying the security update MS05-034 might break outbound Web access on ISA Server 2000.

Security update MS05-034 might break outbound Web access on ISA Server 2000

By Stefaan Pouseele
June 2005
Last Update: 21/07/2005

After applying Microsoft Internet Security and Acceleration (ISA) Server 2000 Cumulative Security Update (version 1200.430 published on 14/6/2005), internal users might be unable to get outbound Web access. Instead they receive the following error message from the ISA server:

HTTP 502 Proxy Error - The ISA Server requires a secure channel connection to fulfill the request. ISA Server is configured to respond to outgoing secure (that is, Secure Sockets Layer (SSL)) channel requests. (12211) Internet Security and Acceleration Server.

The problem seems to be caused by the fix described in the KB article Basic Credentials May be Sent over an External HTTP Connection When SSL is Required. Although this fix should only change the default behavior on the Inbound Web Request listener, apparently it also changes the default behavior on the Outgoing Web Request listener. 

Therefore, if you need Basic Authentication on the Outgoing Web Request listener, add the following registry key to roll back that "fix":

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters\AllowAskBasicAuthOverNonSecureConnection : DWORD : 1

Microsoft is currently trying to gather numbers to understand the impact of this issue. So if you have customers with this complain, please call Microsoft PSS.

Update July 21, 2005
-----------------------

To correct the above problem, a hotfix is now available. Also, a new KB article 903236 describing the problem and solution should be live within a few days.

 

See Also


The Author — Stefaan Pouseele

Stefaan Pouseele is a network engineer, working for Cevi NV in Belgium. On October 1, 2002 he received for the first time the prestigious Microsoft Most Valuable Professional (MVP) Award 2003 for his contribution to the ISA Server online community. To this very day, his award period was extended to 2008.

Featured Links