ISA Server Proxy Authentication issue with windows 7 Series

Symptom

Windows 7 Browser prompts with window for username/password every time when tried to access outside web page through ISA Server.
Does anyone have a hint about this issue ?

Background

Client is the Windows 7 Home, does not join the domain. The company’s proxy, ISA server 2006 was part of one domain. So, when I tried to connect to the ISA proxy it was not possible to be authenticated in it.
I disabled the windows integrated authentication in IE8 and ensure that input the correct credentials for the proxy, but it did not work, a message was shown telling that the proxy authentication failed.
I’ve try all the Windows 7 browsers, for example: IE version 8, FF version 16 and Chrome version 23.
The results of the testing is the same, a message proxy authentication failed.

Troubleshooting and Solution

1. Try to check Date and Time, Timezone and recommend to use time server to synchronize your window time with it.
2. Try to adjust and add parameters by choosing only 1 method
   1. Local Security Policy Editor
   2. Registry Editor
3. Restart windows to take effect

Local Security Policy Editor

The Local Security Policy Editor will only be available in the Windows 7 Professional, Ultimate, and Enterpise editions.
You will not have the Local Security Policy Editor available in the Windows 7 Starter and Home Premium editions.
So if your OS is based on Windows 7 Starter or Home Premium editions, try next method below !

1. Click Start, then Run (or press [windows button] + [R] on the keyboard)
2. Then type “gpedit.msc” , Goto Local Computer Policy → Windows Settings → Security Settings
   or shortcut by type “secpol.msc” This should bring up the Security Policy system window.
3. On the left, select Local Policies → Security Options.
4. On the right, scroll down to and double-click on each parameters :
   1. “Network Security: LAN Manager authentication level” change the setting to “Send LM & NTLM — Use NTLMv2 session security if negotiated”.
5. Restart the computer
6. If not work try to change more these parameters :
   1. “Network Security: Allow Local System to use computer identity for NTLM” change the setting to “Enabled”
   2. “Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients” to “No minimum”
   3. “Network security: Minimum session security for NTLM SSP based (including secure RPC) servers” to “No minimum”
7. Restart the computer again

Registry Editor

1. Click Start, then Run (or press [windows button] + [R] on the keyboard)
2. Then type “regedit” or “regedt32” and OK, Registry Editor window bring up.
3. On the left, Browse and goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Find LmCompatibilityLevel then set the value to 2, If the key does not exist, create a DWORD value named LmCompatibilityLevel and set the value to 2 to use NTLM and NTLMv2 if is negotiated
5. If you are System Administrator, you can check which mode is used during authentication.
6. Restart Windows to make changes to this entry effective

LmCompatibilityLevel

Specifies the mode of authentication and session security to be used for network logons

Address and Data Type

Address : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Type : REG_DWORD
Possible Value : 0 – 5
Default Value : 0

Table Values

• http://technet.microsoft.com/en-us/library/cc960646.aspx
• The Most Misunderstood Windows Security Setting of All Time