Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ISA 2004 domain user ---  access failure

Posted on 2006-07-09
4
Medium Priority
?
345 Views
Last Modified: 2013-11-16
Using ISA 2004 as a web proxy only.  No firewall.

I installed ISA 2004 Standard Edition on a Windows 2003 member (not a dc) server running in a Windows 2000 network.  I can login from the console using my domain account without any problem.  Initially I setup the ISA to allow anonymous access, and that worked fine.  When I view the ISA monitor I see the IP addresses of the stations accessing the Internet.

Now the problem.  When I set the ISA to require “all users must authenticate” the users are then prompted for username and password when they try to open a connection to a web site.  We are running IE 6.  No matter what username or password they enter the authentication fails.  I tried  username  and domain\username. In reality they should never be prompted at all !

The event log on the ISA server indicates the ISA server cannot find a domain controller to use to check the username.
I do not have the exact error code at this time.  ISA 2004 cannot find a dc to use, while the Windows OS seems to have no problem (when I login using domain\user) I am successfully granted access.

Remember I can login on the console using my domain username and password.  

The ISA server joined the domain without error.  The server seems to have registered correctly in ‘users and computers’.  I set the domain to trust "local system account" services on the ISA 2004 server.

One other note.  This ISA server is replacing a ISA 2000 server running on an old PIII machine.  I turned off the old server and removed it’s name from the domain users and computers AD tool.  The ISA 2000 server was not a DC.  I gave the new ISA 2004 server the same name and IP address as the old server.  Un-authenticated access works fine.  I can ping the server from other servers and the nslookup from another server correctly id’s the ISA 2004 address.

When I check all users must authenticate and access the Web from the ISA 2004 console it works fine. I see my local username in the ISA monitor.  I also logged on from a client computer to a Local account on the ISA 2004 machine (administrator). This also worked.
Example.  domain/user  fails     isa2004computername\user  works.
The prblem is definitly the fact that ISA cannot find a DC, while the netlogin service of Windows 2003 can.


0
Comment
Question by:sjepsen
3 Comments
 
LVL 7

Expert Comment

by:Kumar_Jayant123
ID: 17074123
Hi,

As you said ISA is in Web Proxy and not a firewall do you have a rule which allows the ISA 2004 to go to Internal Networking.
Where the ISA server is pointing to for the DNS.
Try to DISABLE the RPC Filter and restart the ISA server services from the Services Console and check.

Kumar
0
 

Author Comment

by:sjepsen
ID: 17075021
After all that posting info. I was searching other solutions and found a comment indicating to make sure the server is already a domain member before installing ISA.  So, I removed ISA 2004 and did a reinstall of Windows 2003 just to be 100% clean.  Joined the W2000 domain, applied all the service packs and then ISA.  Installed SP1 and SP2 for ISA (Watch out for SP2, read the releease notes and Microsoft articles).  ISA seems to be working fine at this time.

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 17258301
PAQed with points refunded (250)

CetusMOD
Community Support Moderator
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Experts Exchange expands question security options for members.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question