Here’s the solution for enabling Quicken 2001 Internet Update features through ISA Server (QuickBooks thru ISA Server is a little different, as detailed below):
You must enable Basic Authentication for Outgoing Web Requests. Apparently, Quicken uses IE’s Integrated Authentication capability for some Internet functions, but then uses its own code to perform other Internet functions. When its own code is used, it can only provide Basic Authentication, which fails unless Basic Authentication is enabled in ISA.
In the ISA Server Properties dialog (under Servers and Arrays, right-click the server name and select Properties), choose the Outgoing Web Requests tab. In the Identification area, your server name should appear in the white area. Highlight the server and click Edit. At the next dialog, under Authentication, Integrated is the only method selected by default. To enable Quicken to successfully authenticate, select “Basic with this domain” as well. You can ignore the Select Domain button/field unless authentication needs to be sent to a domain
other than the one this ISA server belongs to.
Additionally, make sure that you have configured Quicken to use the correct ISA server and provide valid user authentication info via Quicken’s Internet Connection Setup. The ISA server should be input as just “ServerName” (use your server name–no other characters required), with Port 8080. In the Authentication dialog, just provide a valid user
account that has access to the Internet through ISA Server, according to your ISA policies.
QuickBooks seems to be able to use IE’s Integrated Authentication capabilities and so Proxy settings are not required within the QuickBooks Internet Connection Setup. All that is required is that the QuickBooks user has access to the Internet thru ISA.
For reference, I have my ISA Server configured so that all LAN clients have the Firewall Client installed AND they are configured as Web Proxy clients. On ISA, I set the HTTP Redirector to ignore all web requests from Firewall and SecureNAT clients in order to force Web Proxy to be used for web traffic (allows detailed user logs and allows for user/group-based web access rules). Finally, under Outgoing Web Requests, I check “Ask Unauthenticated Users for Identification”.
I believe that Basic Authentication in this case will not present an Internet security risk, since clear-text passwords are only being transmitted internally, from the client to the ISA server. Please correct me if I’m wrong on this! However, it does present the opportunity for password sniffing on the internal LAN, so I use a special user account with very limited rights to “stand in” as the account used by Quicken/QuickBooks for Basic Authentication.
Leave a Reply