Welcome to ISAserver.org

Authentication Issue

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Authentication Issue

Page: [1]

Message

<< Older Topic Newer Topic >>

Authentication Issue - 21.Sep.2006 11:21:15 PM

Nitroq22

Posts: 1
Joined: 21.Sep.2006
Status: offline

Hello all,
This will be my first post I usually can find my answers in the search list but this one hasn't been answered. I use ISA 2000 on a network of about 2500 computers and 8000 users. It worked flawlessly until a recent crash of another server in the domain. And now the Web Proxy works flawlessly. But the issue is with the firewall clients.
Let me give you a run down of my setup.
We have 3 domains (I will call them DomainA,DomainB,DomainC)
DomainC is a private domain for staff only and isnt included in this issue so that will be the last you here of it.

DomainA is the functional main domain where all the internal work goes on and everyone logs into.
DomainB is simply the server with the ISA on it. (it wasnt like this till a recent server crash it only acted as a member server in the domain and another server was the domain controller, but when the other server crashed we made the ISA server to be a domain controller and did away with the other)

There is is currently a 2 way trust between both DomainA and DomainB ( However it made no difference and we only had DomainB Trusting DomainA in the past without issue and I will likely put it back that way but figured that might make it work so I temporarily changed it)

The ISA server is setup to do proxy and filter traffic and as I said earlier that works like a champ. The other thing we need is some of our computers (about 10 spread across 10 different subnets) have to have outside access for applications. We have a protocol rule allow a global security group with the 10 users from DomainA to have access to everything. This is where it fails, as I can change that from just allowing that User Group access to allowing Any Request and it works flawlessly.
I will also add this my Firewall Client users show up in the sessions list when I check there however its just their user name without a domain where as the web session clients all show up with both username and domain.
When I look at the logs on the ISA it shows the request but there is no status its all just blank over there on that side of the log.
I really need this to work as I dont like allowing just anybody access to bypass the firewall.
Thanks ahead for your help, I am standing by to answer any questions that might help me resolve this issue.
My questions are:
Can ISA act as a Domain Controller when it is the only one on the domain?
Would Putting in ISA 2004 solve this?
Should I back the ISA down from the Domain Controller and then swap it over to DomainA and just do away with DomainA and would that fix this issue?

Allen