Configuring Automatic Discovery for ISA Server Clients.

by Curt Simmons [Published on 15 May 2001 / Last Updated on 20 May 2013]

Consider this scenario: In your network, you use a number of ISA Server arrays in various sites and domains scattered throughout North America. In your company, about thirty percent of your network clients belong to traveling sales people who must be able to access the Internet via laptop computer from different domains using different ISA Server arrays. You want this traveling sales force to be able to access the Internet using any ISA Server array in any location without having to make configuration changes with each trip to a new site or domain. How can you configure this?

Consider this scenario: In your network, you use a number of ISA Server arrays in various sites and domains scattered throughout North America. In your company, about thirty percent of your network clients belong to traveling sales people who must be able to access the Internet via laptop computer from different domains using different ISA Server arrays. You want this traveling sales force to be able to access the Internet using any ISA Server array in any location without having to make configuration changes with each trip to a new site or domain. How can you configure this?

 

Realizing that mobile nature of many users in distributed networking environments today, ISA Server provides a way for Firewall and Web Proxy clients to automatically discover the appropriate ISA Server computer that should be used, depending on the current location of the client. In short, automatic discovery provides a way for roaming network clients to find the appropriate ISA Server so that Internet connectivity is available in any location.

Auto Discovery works with either DNS or DHCP (or both), depending on your current configuration and needs. Using the Web Proxy AutoDiscovery Protocol (WPAD), entries can be configured in DNS and DHCP so that roaming clients can find an appropriate ISA Server. For example, let's say that your laptop is configured to use the TXarray located in Dallas. You travel to the Seattle site, where the SEarray is used. When you computer attempts to connect, it makes a request to the TXarray, which is not available in Seattle. When the TXarray does not answer, the automatic discovery process is begun. With automatic discovery, the client can find what SEarray by accessing information in DHCP or DNS.

 

Curt Simmons is the Author of 'Microsoft ISA Configuration and Administration '

Click Here to purchase his book from Amazon.com

Amazon.com (April, 2001)

 

When automatic discovery is in use, Web Proxy or Firewall clients connect to either a DNS or DHCP server and request a WPAD entry, which essentially points to the ISA Server. Once the WPAD entry is found, the identified ISA Server can then be used to fulfill the client's request.

Auto Discovery works for all Firewall clients and for Web Proxy clients, provided that Web Proxy clients are using Internet Explorer 5.0 or later. Specifically, DHCP can be used for Auto Discovery for clients running Windows 2000, 98, and Me. DNS can be used for Auto Discovery for clients running Windows 2000, Windows NT 4.0, 98, and Me. Auto Discovery will also work for Windows 95 clients if DNS is statically configured.

Configuring Auto Discovery requires two basic steps - configure the WPAD entries in DHCP or DNS (or both) and publish the information on the ISA Server. The following sections show you how to configure these items.

Configuring the DNS WPAD Entry

In order to use automatic discovery, you must create DNS and DHCP entries so that point to the ISA Server.  To configure the DNS WPAD entry, just follow these steps:

      1.    Click Start | Programs | Administrative Tools | DNS.

      2.    Expand the console tree and right-click the appropriate forward lookup zone, then click New Alias, which will create a new CNAME record.

      3.    In the New Resource Record window, enter WPAD for the alias, then enter the fully qualified DNS name for the ISA Server or array, shown in Figure 1. You can also use the Browse button to locate the desired server or array.

      4.    Click OK to save the record.

Configuring the DHCP WPAD Entry

      1.    Click Start | Programs | Administrative Tools | DHCP.

      2.    In the DHCP console, select the desired DHCP server, then click Action | Set Predefined Options.

      3.    In the Predefined Options and Values window, click the Add button.

      4.    In the Option Type window, enter WPAD for the name, 252 for the code, and select "string" for the data type, as shown in Figure 2, then click the OK button.

      5.    In the Predefined Options and Values window, shown in Figure 3, the 252 WPAD entry appears. Now you need to enter a string value for the entry. If you configured DNS to resolve the WPAD entry to the ISA server or array name, type http://WPAD/wpad.dat in the string dialog box. If you did not configure DNS, then you can simply enter the ISA Server or array name as http://server_name/wpad.dat. Make your entry and click the OK button.

      6.    In the console, expand the server where you created the WPAD entry, select Server Options, then click Action | Configure Options.

      7.    In the Available Options window, locate and select the check box next to 252 WPAD. In the String Value dialog box, ensure that the correct string appears as entered in Step 5.  Click OK.

ISA Server Auto Discovery Publication

Automatic Discovery is performed using a Web Proxy Autodiscovery entry in either DNS or DHCP (or both). However, you can also use the ISA Server to answer, or publish auto discovery information about itself on port 80 by default. To use the auto discovery publication feature, just follow these steps:

      1.    Click Start | Programs | Microsoft ISA Server | ISA Management.

      2.    In the ISA Management, expand Arrays and select the desired array, or simply select the desired standalone server. Click Action | Properties.

      3.    Click the Auto Discovery tab. To enable automatic publication, click the "publish automatic discovery information" check box, then click OK.

      4.    A message appears telling you that the Web proxy service must be restarted for the change to take effect. You have the option of stopping and restarting the service now or later.

Setting the Client Configuration

Once you have created your WPAD entries and configured ISA Server to publish auto discovery information, you can enable auto discover for both Firewall and Web Proxy clients. To enable Auto Discovery, follow these steps:

      1.    Click Start | Programs | Microsoft ISA Server | ISA Management.

      2.    In the ISA Server Management console, expand Servers and Arrays, then expand the desired array and select Client Configuration.

      3.    In the details pane, double-click Web Browser and click the Automatically Discover Settings check box on the General tab. Click OK.

      4.    In the details pane, double-click Firewall Client. On the General tab, click the Enable ISA Firewall automatic discovery in Firewall Client check box. Click OK.

Advertisement

Featured Links