Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1700
  • Last Modified:

Firewall Client cannot authenticate with ISA Server (ISA 2000)

We have the Firewall client installed on a couple of PC's and laptops. Recently one of our company laptops has been experiencing a problem. When the user either tries to browse the Internet or download mail from Yahoo UK via Outlook Express, the firewall client icon appears with an exclamation mark. The message is "Cannot authenticate with ISA Server servername"

The strange thing is....the user was previously able to download his mail and browse. Not sure what has changed and why the problem is suddenly ocurring.

Also should mention that this machine is NOT a member of the domain, however the user does have a user account in the domain. The laptop is personal and the staff member dials-in to the company to browse and pull external mail.
0
sheynl
Asked:
sheynl
  • 3
1 Solution
 
SteveH_UKCommented:
I don't think the firewall client will work with non-domain members.  If your firewall rules allow non-authenticated web access then you'll be ok, but if you are expecting users to authenticate it may break it.

First thing to try is disabling the firewall client.  Right-click on the icon and select disable to do this.

You should also check Internet Settings and see if the client is using the web proxy.  Try both with and without this option.  The web proxy does not automatically authenticate, but can support it.  The firewall client requires authentication, but uses the user's logon credentials.
0
 
sheynlAuthor Commented:
Many thanks for getting back to me.

If I put the proxy address in IE7, I can browse fine. But if I DON'T specify the address, then I can't browse. This would normally only work if the Firewall Client was authenticating properly.

Obviously I can do without the web proxy client to browse the internet,  BUT I still want the user to be able to pull external mail i.e. Outlook Express - pull mail from Yahoo UK.

The ONLY way I seem to be able to pull external mail on my company laptop, which is on the domain, is by using the firewall client. NOT sure if there are any rules I could add in ISA 2000 that would enable me to collect this mail without having to use the firewall client?
0
 
SteveH_UKCommented:
I'm not sure about ISA 2000 specifically (I've only used 2006) but pull mail normally uses POP3 or IMAP.  POP3 uses TCP/110 and IMAP4 uses TCP/143.  In any case, both should be defined in ISA.  You could then allow a non-authenticating rule to selected (or all) hosts for these protocols.
0
 
SteveH_UKCommented:
Had another thought on this.

In ISA Server, when processing the rules, if ISA is checking an authenticated rule, e.g. only some users allowed, and cannot authenticate the client, then all following rules are ignored.  So, the question is, are your POP3/IMAP rules either authenticating (i.e. not All Users) or coming after other rules that require authentication.  Either of those will stop the rule from working with clients that cannot authenticate.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now