It's clear that both 'www.domain.com' and 'domain.com' should refer to the same ip to make client browser to show the same content. Or 'domain.com' could perform simple unconditional redirect to 'www.domain.com'. It appears that in your case the remote web site doesn't use any of two above mentioned techniques. That is why your users are experiencing difficulties while browsing that site.
The resolution you have introduced (to add hosts entry for that domain) is very common in such cases.
The ISA firewall will perfrom name resolution based on its DNS settings. There's never a reason to include HOSTS files entries for forward proxy. It's up to the organizaiton to determine how they want to map domain names. Most orgs have www.domain.com and domain.com map to the same address, although this is never a requirement.
Just to confirm, is this a fowrard proxy or a Web Publishing scenario?
OK, so it's up to the person running the Web site and it's DNS how www. and non-www. names are resolved. There's nothing that you need to do to reslove this issue, as things are working as they should be.
I understand what you are saying, unfortunately, my clients do not see it as running as it should be. They see it as the site they need works with out ISA and does not work with it. The site does work with the ISA hosts file entry. (which sucks as a long-term solution)
My concern is that I have a misconfiguration, but I don't know where.
(I can't imagine that I would be alone in this unless I had something incorrect.)
Comments, suggestions and ideas would be welcomed.
There's nothing you need to do with your ISA Firewall, it's a problem with their DNS configuration that's causing the problem. You might want to let them know that they might have spurious entries for the non-www entry.