Solved

ISA 2004 domain user ---  access failure

Posted on 2006-07-09
4
336 Views
Last Modified: 2013-11-16
Using ISA 2004 as a web proxy only.  No firewall.

I installed ISA 2004 Standard Edition on a Windows 2003 member (not a dc) server running in a Windows 2000 network.  I can login from the console using my domain account without any problem.  Initially I setup the ISA to allow anonymous access, and that worked fine.  When I view the ISA monitor I see the IP addresses of the stations accessing the Internet.

Now the problem.  When I set the ISA to require “all users must authenticate” the users are then prompted for username and password when they try to open a connection to a web site.  We are running IE 6.  No matter what username or password they enter the authentication fails.  I tried  username  and domain\username. In reality they should never be prompted at all !

The event log on the ISA server indicates the ISA server cannot find a domain controller to use to check the username.
I do not have the exact error code at this time.  ISA 2004 cannot find a dc to use, while the Windows OS seems to have no problem (when I login using domain\user) I am successfully granted access.

Remember I can login on the console using my domain username and password.  

The ISA server joined the domain without error.  The server seems to have registered correctly in ‘users and computers’.  I set the domain to trust "local system account" services on the ISA 2004 server.

One other note.  This ISA server is replacing a ISA 2000 server running on an old PIII machine.  I turned off the old server and removed it’s name from the domain users and computers AD tool.  The ISA 2000 server was not a DC.  I gave the new ISA 2004 server the same name and IP address as the old server.  Un-authenticated access works fine.  I can ping the server from other servers and the nslookup from another server correctly id’s the ISA 2004 address.

When I check all users must authenticate and access the Web from the ISA 2004 console it works fine. I see my local username in the ISA monitor.  I also logged on from a client computer to a Local account on the ISA 2004 machine (administrator). This also worked.
Example.  domain/user  fails     isa2004computername\user  works.
The prblem is definitly the fact that ISA cannot find a DC, while the netlogin service of Windows 2003 can.


0
Comment
Question by:sjepsen
4 Comments
 
LVL 7

Expert Comment

by:Kumar_Jayant123
ID: 17074123
Hi,

As you said ISA is in Web Proxy and not a firewall do you have a rule which allows the ISA 2004 to go to Internal Networking.
Where the ISA server is pointing to for the DNS.
Try to DISABLE the RPC Filter and restart the ISA server services from the Services Console and check.

Kumar
0
 

Author Comment

by:sjepsen
ID: 17075021
After all that posting info. I was searching other solutions and found a comment indicating to make sure the server is already a domain member before installing ISA.  So, I removed ISA 2004 and did a reinstall of Windows 2003 just to be 100% clean.  Joined the W2000 domain, applied all the service packs and then ISA.  Installed SP1 and SP2 for ISA (Watch out for SP2, read the releease notes and Microsoft articles).  ISA seems to be working fine at this time.

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 17258301
PAQed with points refunded (250)

CetusMOD
Community Support Moderator
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now