Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
A tale of two forests
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
A tale of two forests - 16.Jul.2008 5:27:39 PM
|
|
|
Mwaters31
Posts: 39
Joined: 19.Oct.2005
From: Edmonds, Wa
Status: offline
|
Have been running ISA2006 in a single Forest/domain for a while now. I'll call this domain A. We have recently created a Sharepoint site in domain A and are publishing several sites for our internal users through the ISA. By the way, ISA is our main firewall, no other route out to Internet except through ISA.
Last week, a new Sharepoint server was created in a new domain B. The new Sharepoint will be used by outside agencies/users as well as a few internal users. The idea behind two domains is that we didn't want users from who knows where accessing our resources directly or authenticating to our internal domain. Thus, domain B was created.
So far I have set up a two-way trust between the two domains. What I am having problems doing is getting ISA to authenticate users in domain B to the Sharepoint sites in domain B. Users have been created there for this purpose, but ISA doesn't seem to be able to talk to the domain B domain controller there for some reason.
Any thoughts?
Mike Waters
|
|
|
|
|
RE: A tale of two forests - 16.Jul.2008 5:42:19 PM
|
|
|
paulo.oliveira
Posts: 766
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline
|
Hi Mike,
is your ISA installed with SP1?
Regards,
Paulo Oliveira.
|
|
|
|
|
RE: A tale of two forests - 16.Jul.2008 6:50:38 PM
|
|
|
Mwaters31
Posts: 39
Joined: 19.Oct.2005
From: Edmonds, Wa
Status: offline
|
Mmmm, I don't believe that it is. Hanging my head in shame....
|
|
|
|
|
RE: A tale of two forests - 16.Jul.2008 6:53:15 PM
|
|
|
Jason Jones
Posts: 1982
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
By your post title, I assume you mean Forest A and Forest B? Rather than two domains in the same forest?
Not quite the same scenario, but maybe my recent blog post will help???
http://blog.msfirewall.org.uk/2008/06/using-isa-server-2006-to-protect-active.html
Do you system policies include the IP addresses of the DC's in domain B? Have you got any connectivity to the DC's? e.g. can you ping them?
Are you sure the trust is working properly? You could test this by using LDAP authentication and configure ISA to use LDAP auth to domain B. LDAP auth should be unnecessary as you have a trust, but it may help eliminate things...
Cheers
JJ
< Message edited by Jason Jones -- 16.Jul.2008 6:57:11 PM >
_____________________________
Jason Jones
Microsoft MVP (Forefront Edge Security)
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/
Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: A tale of two forests - 16.Jul.2008 6:55:00 PM
|
|
|
Jason Jones
Posts: 1982
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
quote:
ORIGINAL: paulo.oliveira
Hi Mike,
is your ISA installed with SP1?
Regards,
Paulo Oliveira.
Not sure the SP1 KCD cross-domain fix is relevant here, but would be good to have SP1 anyhow!
_____________________________
Jason Jones
Microsoft MVP (Forefront Edge Security)
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/
Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
