Solved

Firewall Client cannot authenticate with ISA Server (ISA 2000)

Posted on 2007-11-20
4
1,656 Views
Last Modified: 2012-06-21
We have the Firewall client installed on a couple of PC's and laptops. Recently one of our company laptops has been experiencing a problem. When the user either tries to browse the Internet or download mail from Yahoo UK via Outlook Express, the firewall client icon appears with an exclamation mark. The message is "Cannot authenticate with ISA Server servername"

The strange thing is....the user was previously able to download his mail and browse. Not sure what has changed and why the problem is suddenly ocurring.

Also should mention that this machine is NOT a member of the domain, however the user does have a user account in the domain. The laptop is personal and the staff member dials-in to the company to browse and pull external mail.
0
Comment
Question by:sheynl
  • 3
4 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 125 total points
Comment Utility
I don't think the firewall client will work with non-domain members.  If your firewall rules allow non-authenticated web access then you'll be ok, but if you are expecting users to authenticate it may break it.

First thing to try is disabling the firewall client.  Right-click on the icon and select disable to do this.

You should also check Internet Settings and see if the client is using the web proxy.  Try both with and without this option.  The web proxy does not automatically authenticate, but can support it.  The firewall client requires authentication, but uses the user's logon credentials.
0
 

Author Comment

by:sheynl
Comment Utility
Many thanks for getting back to me.

If I put the proxy address in IE7, I can browse fine. But if I DON'T specify the address, then I can't browse. This would normally only work if the Firewall Client was authenticating properly.

Obviously I can do without the web proxy client to browse the internet,  BUT I still want the user to be able to pull external mail i.e. Outlook Express - pull mail from Yahoo UK.

The ONLY way I seem to be able to pull external mail on my company laptop, which is on the domain, is by using the firewall client. NOT sure if there are any rules I could add in ISA 2000 that would enable me to collect this mail without having to use the firewall client?
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
I'm not sure about ISA 2000 specifically (I've only used 2006) but pull mail normally uses POP3 or IMAP.  POP3 uses TCP/110 and IMAP4 uses TCP/143.  In any case, both should be defined in ISA.  You could then allow a non-authenticating rule to selected (or all) hosts for these protocols.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Had another thought on this.

In ISA Server, when processing the rules, if ISA is checking an authenticated rule, e.g. only some users allowed, and cannot authenticate the client, then all following rules are ignored.  So, the question is, are your POP3/IMAP rules either authenticating (i.e. not All Users) or coming after other rules that require authentication.  Either of those will stop the rule from working with clients that cannot authenticate.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now