Solved

Firewall Client cannot authenticate with ISA Server (ISA 2000)

Posted on 2007-11-20
4
1,667 Views
Last Modified: 2012-06-21
We have the Firewall client installed on a couple of PC's and laptops. Recently one of our company laptops has been experiencing a problem. When the user either tries to browse the Internet or download mail from Yahoo UK via Outlook Express, the firewall client icon appears with an exclamation mark. The message is "Cannot authenticate with ISA Server servername"

The strange thing is....the user was previously able to download his mail and browse. Not sure what has changed and why the problem is suddenly ocurring.

Also should mention that this machine is NOT a member of the domain, however the user does have a user account in the domain. The laptop is personal and the staff member dials-in to the company to browse and pull external mail.
0
Comment
Question by:sheynl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 125 total points
ID: 20332986
I don't think the firewall client will work with non-domain members.  If your firewall rules allow non-authenticated web access then you'll be ok, but if you are expecting users to authenticate it may break it.

First thing to try is disabling the firewall client.  Right-click on the icon and select disable to do this.

You should also check Internet Settings and see if the client is using the web proxy.  Try both with and without this option.  The web proxy does not automatically authenticate, but can support it.  The firewall client requires authentication, but uses the user's logon credentials.
0
 

Author Comment

by:sheynl
ID: 20333276
Many thanks for getting back to me.

If I put the proxy address in IE7, I can browse fine. But if I DON'T specify the address, then I can't browse. This would normally only work if the Firewall Client was authenticating properly.

Obviously I can do without the web proxy client to browse the internet,  BUT I still want the user to be able to pull external mail i.e. Outlook Express - pull mail from Yahoo UK.

The ONLY way I seem to be able to pull external mail on my company laptop, which is on the domain, is by using the firewall client. NOT sure if there are any rules I could add in ISA 2000 that would enable me to collect this mail without having to use the firewall client?
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20333328
I'm not sure about ISA 2000 specifically (I've only used 2006) but pull mail normally uses POP3 or IMAP.  POP3 uses TCP/110 and IMAP4 uses TCP/143.  In any case, both should be defined in ISA.  You could then allow a non-authenticating rule to selected (or all) hosts for these protocols.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20458621
Had another thought on this.

In ISA Server, when processing the rules, if ISA is checking an authenticated rule, e.g. only some users allowed, and cannot authenticate the client, then all following rules are ignored.  So, the question is, are your POP3/IMAP rules either authenticating (i.e. not All Users) or coming after other rules that require authentication.  Either of those will stop the rule from working with clients that cannot authenticate.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RDP access via TMG 11 533
Exchange OWA UAG question running on VMware 6 157
ForFront TMG Server Error 8 105
MS Forefront UAG Support for Windows 10 1 708
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question