"Authenticated Users" vs. "Users"

Similar Messages

• ISE 1.3 Why are Windows endpoints defaulting to 802.1x machine authentication in wireless profile and not User or User&Computer

  We are running ISE 1.3 tied to AD with WLC 7.6.130.0.  Our ISE has a GoDaddy (none wildcard) certificate loaded for https and EAP.  We are just running PEAP.  We have a mix of IOS, Android, and Windows 7/8 devices.  IOS and Android devices can self create a wireless profile and after entering credentials can connect without issue.  Our Windows 7/8 devices, when auto creating a wireless profile are selecting 802.1x machine authentication instead of User authentication or the best option which is machine or user authentication.  This is problematic as we do allow for machine authentication but have an authorization rule limiting machine auth to domain controller and ISE connectivity only.  This is to allow domain Windows 7/8 devices to have domain connectivity prior to user sign-in but force user auth to get true network connectivity.  The problem is why are the Windows devices not auto setting to user authentication (as I think they did when we ran ISE1.2), or the best option which is to allow both types of authentication?  I have limited authentication protocols to just EAP CHAP and moved the machine auth profile to the bottom of the list.  Neither have helped.  I also notice that the Windows 7/8 endpoints have to say allow connectivity several times even though we are using a global and should be trusted certificate authority (probably a separate issue).
  Thank you for any help or ideas,

  When connecting a windows device to the ISE enabled SSID when there is not a saved wireless profile on that machine, it will connect and auto create the profile.  In that profile, 802.1x computer authentication option is chosen by windows.  That has to be changed to computer or user for the machine to function correctly on the network.
  On 1.2, this behavior was different.  The Windows device would auto select user authentication by default.  At other customer sites, windows devices auto select user authentication.  This of course needs  to be changed to user or computer in order to support machine auth, but at least the default behavior of user authentication would allow machines to get on the network and functional easily to begin with.

• "Authentication failed. User is already authenticated as a different user."

  Hello,
  Initially I was not able to log into the Visual Admin. When I logged into the Visual Admin, I got authenication failed. I reset the password of Administrator in the User Administration on the portal. Now I can log into the Visual Admin using the password I just changed on the portal .
  I am not able to logon to the portal using "Administrator". I get this message: "Authentication failed. User is already authenticated as a different user."
  The URL is somewhat different as this is a production portal: "http://host.com/sld" (/irj/portal)
  Does any one have a clue.
  Thanks
  Srinivas

  There were no relevant roles assigned.

• Authentication failed: invalid user/password.

  After uploading a new RPD in obiee( 11.1.1.5), my obiee has started failing with following error in nqserver.log. I have verified that BISystemUser password is the same in console and EM. I have also verified that I am entering correct RPD password while uploading it through EM. What else may be wrong ?
  [2011-08-23T03:52:39.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [36007] Loading repository /product/obiee_11.1.1.5/instances/instance1/bifoundation/OracleBIServerComponent/coreapplication_obis1/repository/iipreports_BI0038.rpd.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b0923b90] [14055] Loading subject area: AIP ...
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b0923b90] [14056] Finished loading subject area: AIP.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [85003] MDX Member Name Cache subsystem started successfully.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [85004] MDX Member Name Cache subsystem recovered entries: 0, size: 0 bytes.
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] [13026] Error in getting roles from BI Security Service: 'Error Message From BI Security Service: [nQSError: 46164] HTTP Server returned 404 (Not Found) for URL .'
  [2011-08-23T03:52:40.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b38396d0] nqsserver:     Clustered Oracle BI Server started. Version: 11.1.1.5.0.110427.0846.000.
  [2011-08-23T03:52:44.000+00:00] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: 004emGWVmAQAtHd5Tf^Ayc0000K2000000] [tid: b0923b90] [43071] A connection with Cluster Controller xxx.us.oracle.com:9706 was established.
  [2011-08-23T03:52:46.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 004emGWtbaWAtHd5Tf^Ayc0000K3000001] [tid: b00beb90] Error Message From BI Security Service: [nQSError: 46164] HTTP Server returned 404 (Not Found) for URL .
  [2011-08-23T03:52:46.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 004emGWtbaWAtHd5Tf^Ayc0000K3000001] [tid: b00beb90] [nQSError: 43126] Authentication failed: invalid user/password.
  If I run opmnctl status then BIServer is up but the presentation services is down.
  Following error is observed in sawlog0.log
  [2011-08-22T22:52:46.000-05:00] [OBIPS] [ERROR:10] [] [saw.security.odbcuserpopulationimpl.initialize] [ecid: ] [tid: ] Authentication Failure.
  Odbc driver returned an error (SQLDriverConnectW).
  State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
  [nQSError: 43113] Message returned from OBIS.
  [nQSError: 43126] Authentication failed: invalid user/password. (08004)[[
  File:odbcuserpoploaderimpl.cpp
  Line:292
  Location:
       saw.security.odbcuserpopulationimpl.initialize
       saw.catalog.local.loadCatalog
       saw.subsystems.catalogbootstrapper.loadcatalog
       saw.webextensionbase.init
       saw.sawserver
  ecid:
  [2011-08-22T22:52:46.000-05:00] [OBIPS] [NOTIFICATION:1] [] [saw.sawserver] [ecid: ] [tid: ] Oracle BI Presentation Services are shutting down.[[
  File:sawserver.cpp
  Line:712
  Location:
       saw.sawserver
  ecid:

  Hi,
  I have upgraded a existing OBIEE 10G file EBSAnalyticMaster.rpd to 11G using ua (upgrade assistant) and getting the same error while upgrading the catalog.
  Presentation service is not starting. Do you have a solution yet.

• Cisco ISE (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out)

  Hi,
  I have a setup ISE 1.1.1. Users are getting authenticate against AD. Everything is working fine except some users report disconnection. I see in the ISE that (Authentication failed: 24415 User authentication against Active Directory failed since user's account is locked out). Users are using Windows 7 OS.
  Error is enclosed & here is the port configuration.
  Port Configuration.
  interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30 interface GigabitEthernet0/2
  switchport access vlan 120
  switchport mode access
  switchport voice vlan 121
  authentication event fail action next-method
  authentication event server dead action reinitialize vlan 120
  authentication event server alive action reinitialize
  authentication host-mode multi-auth
  authentication order mab dot1x
  authentication priority dot1x mab
  authentication port-control auto
  authentication periodic
  authentication timer reauthenticate server
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 60
  spanning-tree portfast
  ip dhcp snooping limit rate 30
  Please help.

  The error message means that Active Directory server Reject the authentication attempt
  as for some reasons the user account got locked.I guess, You should ask your AD Team to check in the AD
  Event Logs why did the user account got locked.
  Under Even Viewers, You can find it out
  Regards
  Minakshi (Do rate the helpful posts)

• NoMachine(freenx) Authentication failed for user (MYUSERNAME)

  Hi all,
  I have quite a few experience with freenx on other linux distributions, but this is my first time setting up freenx on archlinux. After following the instructions in the wiki, authentication keeps failing no matter what I do.
  Stuff I've done from the wiki:
  1. install freenx
  2. add RSAAuthentication yes AllowUsers someuser nx to sshd_config
  3. add md5sum to node.conf
  4. pacman -S xdialog xterm
  5. run "/usr/bin/nxsetup --install --setup-nomachine-key"
  6. modify /etc/nxserver/node.conf so that "USER_X_STARTUP_SCRIPT=.xinitrc"
  7. pick the right configurations when connecting to my server
  I have "exec startxfce4" in .xinitrc.
  It always goes up to "Waiting for authentication" and then "Authentication failed for user (MYUSERNAME)" pops up. I think it should not be a XFCE issue since authentication itself didn't even pass. I assume if it is a X window problem, what I would get is something like a blank screen.
  I'm using public key, so I didn't really copy anything from the server to my client.
  I couldn't think of a second reason why this wouldn't work. Is there any thing obvious that I missed? (If so, please move this thread to the newbie corner. lol)
  Any thoughts would be highly appreciated.
  Thanks
  Aweather

  Hi,
  I did update the password in the properties file but still I get the error
  BUILD FAILED
  C:\product\10.1.3.1\OracleAS_1\bpel\samples\utils\CreditRatingService\build.xml:
  79: Authentication failed for user "oc4jadmin" on host
  I am able to deploy from JDEV. and could configure as per documentation
  Thanks in advance,
  Anand
  I had to update the <OH>/bpel/utilities/ant-orabpel.properties file for the password and now I can deploy successfully...information was there in the readme file...
  Anand
  Message was edited by:
  AnandP

• Essbase Error 1051440 - Authentication fails for user admin

  We are facing a very unique problem...
  The application is up & running.. even I can login into the application, can perform member addition, editing & mamage database from planning.... but I get this error while retreiving from excel addin or running scripts.
  What I analysed is that this problem is Actually coming when a particular set of members are called anywhere either in scripts or during retreival thru Addin.
  Recently we had added one dimension in one of the database of our application. After that that this problem started.
  There were fewer Xref functions used to pull data from other cubes.... The problem is cominng with only those set of members where this Xref function has been used.
  Even I had changed the formulas & incorporated member of new dimension in the formulas to point to target members....
  Can you guys ever had faced such kind of issue....
  Please help in resolving....
  Complete Error is: msg fromremote site[date n time] Local////Error(1051440) Essbase user[admin] Authentication fails against shared services serverwith Error[30:1005:Authentication failed for user admin. Enter valid credentials.]]

  Hi,
  are you sure that user "admin" has all necessary rights to run your scripts? I have to ask because we sometimes had problems with our admin user... There is an "native essbase server admin" and the admin user in shared services.
  We dont had any idea how this could happen but sometimes our admin user changed to the mentioned "native essbase server admin" - you can see it if you are connected as "admin (internal)".
  If you are logged in as "admin (internal)" you have to "externalize" this user.
  Hope this helps and my bad english is not so much confusing... :-)
  Kind regards
  André

• Defining an Authentication Scheme for user ID and password and client certi

  Hi,
                  I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                  Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
       I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
       So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
  Best Regards
  Claudio Rocha

  Hi
  Did you get an answer for this Query ?
  Regards
  Priyanka

• Authentication Fault: Invalid User Session Token

  Hi,
  I am trying to protect a call to third party webservices using OWSM and OAM. I followed the steps mentioned in Oracle Web Services Manager
  Deployment Guide to integrate OAM in OWSM, but not able to make any break through. I am getting following error if I test my web service using OWSM's inbuilt test tool:
  <SOAP-ENV:Envelope
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Body>
  <SOAP-ENV:Fault>
  <faultcode
  xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.AuthorizationFault</faultcode>
  <faultstring>Authentication Fault: Invalid User Session Token</faultstring>
  null</SOAP-ENV:Fault>
  </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>
  In gateway.log file, I get following oneliner message:
  security.SimpleXMLCredsExtractor - SimpleXMLCredsExtractor failed to Extract creds.
  I am using standalone OWSM installation.
  Installed OAM SDK on the same machine of OWSM.
  Added OAM SDK libraries into OWSM's path.
  Please advise as I have already wasted 3-4 weeks into it.
  .. Paresh
  Edited by: user10301925 on Sep 29, 2009 2:24 AM
  Edited by: user10301925 on Sep 29, 2009 2:24 AM

  Hi,
  Yes, I have registered the service in OWSM and calling that service through OWSM testing tool only...
  Following is the request message:
  <?xml version="1.0" encoding="UTF-8" ?>
  - <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  - <soap:Header>
  - <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  - <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>owsmuser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome11</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  - <soap:Body xmlns:ns1="http://service/">
  <ns1:getDateTime />
  </soap:Body>
  </soap:Envelope>
  Please advise.
  .. Paresh

• Authentication of XI users using Webdynpro

  Hi,
  Here is a scenario that I am dealing with currently.Appreciate any help.
  There is a XI system which contains some data in the form of customer tables.
  A webdynpro for Java application needs to built which get the data from XI and displays it in the browser.This webdynpro application is to run on WAS6.40 of the XI system.
  All the users of the system would be created using the user managemnt function of the XI.
  Now the issue is:
  How to authenticate the users created in XI from the system developed in webdynpro.
  Please remeber that there is no EP here.Only an XI system and and webdypro application.
  regards,
  Bhupesh

  Bhupesh,
  if you set this parameter to true, the Standard-Netweaver Logon-Screen appears before your application, if the user wasn't authenticated yet against the UME of the WAS. After positive authentication, you'll be redirected to your application (and you can e.g. use the IUSER-Interface within your application to get the Username like this:
  IWDClientUser user;
  try {
  user = WDClientUser.getCurrentUser();
  String authenticated_User = user.getSAPUser().getUniqueName().toUpperCase());
  I'm not quite sure, why you still want to send the user/pw to the XI. I understood your application and the XI are running on the same WAS...
  You are able to change the Standard-Logon-Screen (http://help.sap.com/saphelp_nw2004s/helpdata/en/23/c0e240beb0702ae10000000a155106/frameset.htm)
  kr, achim

• [nQSError: 43126]Authentication failed:invalid user/password, how to avoid?

  Hi,
  I encountered following error: [nQSError: 43126] Authentication failed: invalid user/password.
  when I was starting weblogic server, and server used to shutdown.
  After snooping around on net, came across this blog: http://obiee11gqna.blogspot.com/2011/09/obiee-11g-errors-nqserror-43113.html
  Found that password for MDS & BIPLATFORM was 'expired', was able to solve my problem and my Presentation Services were up & running.
  My question is, how to avoid password of MDS & BIPLATFORM from getting expired in future??
  Regards,
  Jitendra

  Dpka,
  Thanx for the link, it shows the way to avoid expiry of password.
  I also found another link, in comment section which is equally useful: http://www.artofbi.com/index.php/2011/03/mds-or-biplatform-schema-password-change-considerations/
  PS: Thanx to Deva as well for replying to my query.
  Regards,
  Jitendra

• Authentication of inside users ASA (EasyVPN)

  Greetings All
  Authentication of users behind ASA 5505 connected to VPN3000 Concentrator with EasyVPN
  According to the law in a certain country, we need to log the following:
  Time & Datestamp
  Username/ip address of the pc inside
  Which sites they have visited (ip's, URL's etc..)
  Eg. 11/4-2008 domain\john ip 192.168.2.23 visited ip 212.232.232.21/80
  I would like to achieve this with using the ASA 5505 and my Cisco ACS 4.1 on my LAN behind the VPN3000 Concentrator.
  Im trying to setup forced authentication for the users on the inside interface (lan) of the ASA5505. I need to force them to authenticate before they will be able to get any access outside their lan.
  I have read on the forum, and tried som different solutions, but not been able to get any solution to work with all the needed info and also to work in conjunction with EasyVPN (Network Extension-Mode).
  I tried with cut-thru proxy solution from the guide here:
  http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml
  It does not work, because the include/exclude statements is not allowed in conjunction with EasyVPN.
  Error: WARNING: <_vpnc_nwp_acl> found duplicate element
  WARNING: <_vpnc_nwp_acl> found duplicate element
  Hybrid configurations using 'match' and 'include|exclude' are not supported
  I have then looked at enabling "Individual User Authentication (IUA)", but since Im using split-tunneling, it seemes like its only for the
  tunnelled networks authentication is enforced. And I dont want to tunnell all- hence the repsone-times to the remote site is very high.
  Last I tried to make som HTTP redirect with aaa authentication listener http[s] interface_name [port portnum] [redirect], but thats also not
  allowed in conjunction with EasyVPN.
  Error:
  * Remove 'aaa authentication listener' configuration
  CONFIG CONFLICT: Configuration that would prevent successful Cisco Easy VPN Remote
  operation has been detected, and is listed above. Please resolve the
  above configuration conflict(s) and re-enable.
  The ASA is currently running IOS 7.2(4), but there's no problem in upgrading it to 8.0(4) if that could help me make a solution.
  Is it possible to make this work somehow ?
  /Claus

  Hello Claus,
  Have you tried downloadable access lists in combination with the ACS for the authentication? You can then use the accounting options of that downloadable access list to register who has done what.
  You can do this in combination with the virtual http listener or the virtual telnet listener.
  Check out: http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwaaa.html
  Hope this helps
  Regards
  P-J Nefkens

• Internal Web Authentication + Local Net User

  Hi all,
  I'm trying to setup the WLC with internal web authentication + local net user account. I've setup a WLAN for this local net user configure the user profile map to this WLAN.
  When the laptop get associated with the designated WLAN, and user tried to browse to the internet, the internal web authentication page doesn't appear on the browser.
  I'm just curious is there any DNS server require in order to direct the user entered URL request to the virtual interface?
  regards.

  Well if you are using webauth for guest users, you really want to have an open ssid and wither have a username and password on the wlc or use a passthrough webauth where the guest users just have to click submit or accept. If you are using this for internal users, then you really shouldn't use webauth since this will not be single sign on. Again, you can if you want your internal users to sign on again. There is wpa/wpa2 PSK and then there is wpa/wpa2 8021.x in which this will require either using local EAP or a Radius Server. Ther radius server will either have the local user accounts or you can point this to AD. Depending on if you use EAP-PEAP (certificate on the radius server only) or EAP-TLS (certificate on both the radius and clinet) you will need a certificate.
  For webauth only, you do not need a certificate on the user or radius server, a certificate will be required on the wlc if you don't want users to be promted with a certifcate error message. 5.1 supports unchained certificates, but I always use RapiddSSL for a root ca cert just to make deployment mush simpler for the client. So webauth and EAP will require certifcates with webauth being optional.

• External table authentication not updating user group changes

  Hello
  I have a question..
  In OBIEE, i am using external table authentication. I have user and user group tables where users and groups are stores.. Every Time I create a new user and assign them to a group, these records get inserted immediately to these tables with the correct user and group ID that matches with each other.. Then in my initialization block I have the query that fetches the user name and psswd as well as groups names..
  All these are working at the initial user creation. For example, when I create user A and assign it to group A, the DB table has all of the records inserted correctly. When I log in to OBIEE using User A login, I see it is assigned to Group B.
  The problem comes when I change the user A from Group B to Group C. When I did that, although the DB table gets updated correctly, OBIEE session seems to still be the previous one. As a result, when I log in the second time, I see the user A is still assigned to Group B instead of Group C.. This seems to be cached..
  I double check these user tables in OBIEE, none of them are cache enabled.. The connection pool setting of the isolation level is set as default..
  When I reinstall OBIEE all over again and re-log in the first time, this User is now assigned to Group C..
  So seems to be that it is caching issue.
  How should I go about solving this issue
  Appreciate in advance

  Make sure you check the box for 'Required for authentication' and also 'Use caching' should not check.
  Edited by: Srini VEERAVALLI on May 15, 2013 9:05 PM

• Authenticated = HttpContext.Current.User.Identity.IsAuthenticated is not working in IE browsers only

  Hi,
  Login of my application is not working on testing server only.
  It is working fine on Google chrome and firefox, On few machine's which is having IE11, it is working.
  but not on IE10,IE9 and all lower version,it's not working.
  While Login, we use custom membership provider.
  After checking the code, its giving problem with below code.
  authenticated = HttpContext.Current.User.Identity.IsAuthenticated;
  The above authentication is not working for IE only.(The code is working fine on production server but not working on testing server)
  Please guide us on the same.
  Thanks,
  Gayatri

  "HttpContext.Current.User.Identity.IsAuthenticated" is false after successfully login on IE version only.
  The code was working before but suddenly it is not working on IE on testing server only. On chrome and firefox its working.
  I moved the code on production and integration server, and it is working properly on other server's. I am not getting the issue with testing server. only
  on testing server the value of "HttpContext.Current.User.Identity.IsAuthenticated" is getting false after successfull login.
  Can someone please reply on above

• VNC not working in All Authenticated mode of User

  Hello,
  I have TMG installed in my environment through which user access filtered internet. A rule in which i have enabled URL filtration is in Authenticated mode of user and proxy address is also added in all internet explorer of user. when ever user try to VNC
  a computer it says "connection timed out" and when i add " all user" instead of Authenticated mode in TMG rule. its is able to connect.

  Hi,
  if your force user / group authentication in Firewall Policy rules, the clients must be TMG clients for protocols other than HTTP and HTTPS:
  http://technet.microsoft.com/en-us/library/bb794762.aspxThis guide is also valid for TMG and the ISA Firewall client is now called the TMG client
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3570