Iíve got a situation that might be interesting for someone here to tackle.
First, Iím running ISA 2004 on a domain, call it DOMAIN1.
We also have a TRUST established with another domain, call it DOMAIN2.
Next, I have a rule allowing outbound Internet access via the ISA server for clients in a specific security group. This works.
And, I have created a Domain Local security group in DOMAIN1 containing specific users from DOMAIN2 who often visit our sites and want access to the Internet.
Within ISA, Iíve granted access to this Domain Local security group to the Internet Access rule, and this works. Also, Windows Live messenger works, as it uses the IE proxy settings. When I remove the Domain Local security group from this rule, the users cannot browse or use IM.
Now, hereís the interesting part: I have modified the settings on the ISA server to allow Outlook to not be ignored per your article and suggestions within. Iíve also created a rule for outbound DNS, POP, & SMTP and granted this Domain Local (users from DOMAIN2) group access to it.
DOMAIN2 users log into their laptops with their DOMAIN2 credentials at DOMAIN1 locations. After login, they are prompted by ISA for user credentials. They use their DOMAIN2 credentials and IE and IM work. However, Outlook 2003 still errors out when sending and receiving mail.
In reviewing the logs, there seems to be no traffic on 110 or 25 in the ISA monitor logs.
Also, Iíve tried to use this both with and without the Firewall Client. When using the Firewall Client, hovering the mouse above the system tray icon reveals the message, ďCannot Authenticate to ISA Server ÖĒ
I would assume that there was a problem authenticating these ďforeign accountsĒ in the Domain Local security group; however, since these users can be allowed/denied access via the ISA Internet Access rule, Iím re-questioning that concept.
To further troubleshoot, Iíve modified the hosts file on the laptops to ensure that DNS resolution is working properly as well as adding this Domain Local Security Group to another rule that grants full access to this Domain Local Security Group.
In short, users from DOMAIN2 seem to be able to browse and use IM through ISA, but cannot use Outlook 2003 for POP & SMTP email. This occurs both with and without the FWC. Iím still leaning towards an authentication issue, but canít seem to find the solution.