I have an ISA Proxy 2004 running on a Windows 2003 (standard edition)
When I am trying to add users to the firewall policy so they can authenticate to my AD, I get: EVENT_GPO_QUERY_FAILED in the event log. When I shut the ISA firewall down the queries go through no problem.
I tried all of the suggestions given by Microsoft to verify if I have conectivity with a domain controller and indeed even when the firewall is running I can connect to any domain controller in my AD. The problem is that when I connect to an AD and get the list of users or groups that I want to add to my firewall policy and then I click on "OK" or "Check names", it comes back with an error (only when the isa firewall is running): "Windows cannot process the object with the name "internet access group" because of the following error: The remote procedure call failed and did not execute."
And in the event log:"Windows cannot bind to mydomain.com domain. (Timeout). Group Policy processing aborted. " and "Windows cannot determine the user or computer name. (The remote procedure call failed and did not execute. ). Group Policy processing aborted."
The ISA server is running as an "edge firewall" and I have opened up the rules to completly trust and communicate with all subnets within my network. I have also allowed all protocols to be used for communications.