Solved

Firewall Client cannot authenticate with ISA Server (ISA 2000)

Posted on 2007-11-20
4
1,662 Views
Last Modified: 2012-06-21
We have the Firewall client installed on a couple of PC's and laptops. Recently one of our company laptops has been experiencing a problem. When the user either tries to browse the Internet or download mail from Yahoo UK via Outlook Express, the firewall client icon appears with an exclamation mark. The message is "Cannot authenticate with ISA Server servername"

The strange thing is....the user was previously able to download his mail and browse. Not sure what has changed and why the problem is suddenly ocurring.

Also should mention that this machine is NOT a member of the domain, however the user does have a user account in the domain. The laptop is personal and the staff member dials-in to the company to browse and pull external mail.
0
Comment
Question by:sheynl
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 125 total points
ID: 20332986
I don't think the firewall client will work with non-domain members.  If your firewall rules allow non-authenticated web access then you'll be ok, but if you are expecting users to authenticate it may break it.

First thing to try is disabling the firewall client.  Right-click on the icon and select disable to do this.

You should also check Internet Settings and see if the client is using the web proxy.  Try both with and without this option.  The web proxy does not automatically authenticate, but can support it.  The firewall client requires authentication, but uses the user's logon credentials.
0
 

Author Comment

by:sheynl
ID: 20333276
Many thanks for getting back to me.

If I put the proxy address in IE7, I can browse fine. But if I DON'T specify the address, then I can't browse. This would normally only work if the Firewall Client was authenticating properly.

Obviously I can do without the web proxy client to browse the internet,  BUT I still want the user to be able to pull external mail i.e. Outlook Express - pull mail from Yahoo UK.

The ONLY way I seem to be able to pull external mail on my company laptop, which is on the domain, is by using the firewall client. NOT sure if there are any rules I could add in ISA 2000 that would enable me to collect this mail without having to use the firewall client?
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20333328
I'm not sure about ISA 2000 specifically (I've only used 2006) but pull mail normally uses POP3 or IMAP.  POP3 uses TCP/110 and IMAP4 uses TCP/143.  In any case, both should be defined in ISA.  You could then allow a non-authenticating rule to selected (or all) hosts for these protocols.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20458621
Had another thought on this.

In ISA Server, when processing the rules, if ISA is checking an authenticated rule, e.g. only some users allowed, and cannot authenticate the client, then all following rules are ignored.  So, the question is, are your POP3/IMAP rules either authenticating (i.e. not All Users) or coming after other rules that require authentication.  Either of those will stop the rule from working with clients that cannot authenticate.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configuring TMG for Exchange 2010 7 725
ActiveSync issues 16 144
Break Outlook RPC connection when employee is FIRED!!! 8 144
Dynamic CRM config with outlook 4 100
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now