So it's failing when ISA tries to perform pass through authentication (the DsCrackName is an RPC call to the DC) - is there anything in the Event Viewer indicating a problem on the ISA Server? Check both System and Security logs. Are you Domain Controllers running Win2003? Do they have Service Pack 1 installed?
If so, have you installed ISA 2004 Service Pack 1?
HI clindt Now, i can conect by username administrator but i can not conect by user test. And when i make conection if i use firstname.lastname@example.org so i can not conect too. i don't known what's happent? can you explain to me? thanks.
From: The Netherlands
If you have windows xp sp2, then the problem is that with ipsec\l2tp connection behind nat are not supported, to fix this problem, adding the following registry key:
1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec 3. On the Edit menu, point to New, and then click DWORD Value. 4. In the New Value #1 box, type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER. 5. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify. 6. In the Value Data box, type one of the following values: ò 0 (default) A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind network address translators. ò 1 A value of 1 configures Windows so that it can establish security associations with servers that are located behind network address translators. ò 2 A value of 2 configures Windows so that it can establish security associations when both the server and the Windows XP SP2-based client computer are behind network address translators.
7. Click OK, and then quit Registry Editor. 8. Restart the computer.