We have approx. 100 clients (domain accounts, nt4) using isa with no problems.
We have another 50 clients (XP Tablet) non domain machines, local NT account.
Of the 50, all theses users have domain user accounts for using proxy, citrix etc. Some of these clients get authenticated on the proxy with no problems, while others do not, and end up locking out their domain accounts. All machines are created with the same image, but some will not authenticate to the proxy using domain credentials, not even domain admin accounts. We have isolated this problem to be the machine itself. Some work, some do not.
Now, on the machines that do not work, if I specify a local account on the ISA server, they can authenitcate and use the proxy.
Are the one's locking their domain accounts out logging into the machines with local machine user accounts? If so, if the userid's are the same locally as the domain accounts, I believe it may be sending passthru authentication and if the passwords for the local accounts do not match the same userid on the domain's passwords, the lockout can occur.