In the console tree of ISA Server Management, click
On the Toolbox tab, click Network Objects.
Expand Web Listeners, and then click the applicable Web
On the toolbar beneath Network Objects, click
On the RSA SecurID tab, verify that Send SecurID
cookie to upstream server is selected.
To open ISA Server Management, click Start, point to
All Programs, point to Microsoft ISA Server, and then
click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand
Microsoft Internet Security and Acceleration
Server 2006, expand Arrays, expand
Array_Name, and then click Firewall
For ISA Server 2006 Standard Edition, expand Microsoft
Internet Security and Acceleration Server 2006, expand
Server_Name, and then click Firewall
If you do not select this option, ISA Server removes the
SecurID cookie from the header, and invalid cookies are forwarded
to the Outlook Web Access server that is being published. When ISA
Server is configured to use SecurID authentication, forms-based
authentication will not function as expected, because forms-based
authentication requires its own cookie to identify the client.
After the client successfully authenticates to ISA Server and to
the Outlook Web Access server, Internet Explorer sends both cookies
to ISA Server, on the same cookie header. ISA Server removes the
SecurID cookie from the header and alters the remaining cookies so
that they are invalid. The Outlook Web Access server does not
receive the required credentials, and presents the forms-based
authentication form to the client again.