• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 669
  • Last Modified:

ISA not picking up users from Lotus notes

Hi,

I'm trying to get ISA to pick up AD users from Lotus Notes but am unsuccessful.  I've created an AD group and allowed that group to go out to the internet.  All AD users are in this group.  But when users are trying to get out to the internet via Lotus Notes (viewing html email), ISA rejects it.  

If I deleted the AD group and allow "everyone" to get out to internet, ISA will allow users to get out through Lotus Notes.  So I'm guessing that ISA doesn't not detect user credentials from Lotus Notes when the users are in a group.

What's the solution?

Thanks in advance
0
cooljam23
Asked:
cooljam23
  • 5
  • 3
  • 2
1 Solution
 
pwindellCommented:
You mean Lotus Notes  as an "Email Client"?

You have to install the Firewall Client on the workstations.  The mail client will not be able to aurthenticate with the proxy without that.

There are additional things that must be done if the mail client is Outlook.

0
 
cooljam23Author Commented:
Yes, email client.  Firewall client is installed on the workstations but it's still not working.
0
 
pwindellCommented:
Troubleshooting Client Authentication on Access Rules in ISA Server  2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
PorpathamCommented:
Hi,

You have to add exceptions in ISA Server rules and filters. Just check and reply.  Check ISA Server Log and Reply.
0
 
pwindellCommented:
He already had that.
The question is whether it was done correctly.
0
 
PorpathamCommented:
Hi,

        Which version of ISA Server u r Using?   And tell me u added the ISA Server in Domain or not. Actually for securiry purpose ISA Server should not connect to Domain.

Expecting Reply.
0
 
pwindellCommented:
Not correct.

For security purposes the ISA should be joined to the Domain

Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html


0
 
cooljam23Author Commented:
I don't think it's the rules I've got set up.  As I've mentioned earlier.  I have a rule that allows internal out to internet for everyone.  This works fine in lotus notes client.  But when I've created a group which contains individual users and add that group to the same rule.  Users don't get authenticated via lotus notes.  I'm guessing it's lotus notes that's not reading the credentials properly?
0
 
pwindellCommented:
Lotus Notes would not know credentials if it tripped over them.  Lotus Notes does not do any authentication and has no idea that any authentication is happening,...and it is not supposed to.  If Lotus Notes has any place for "proxy settings" (and I doubt it does) they should be left blank an unconfigured.

The Firewall Client is everything. It is what intercepts the traffic and passes it to the proxy and it is what handles the Authentication to the Proxy based on what the users are logged into their machines as using Integrated Authentication.   Any applications you run would be oblivious to this (and should remain so).  However this does require a 2-Nic ISA running as a full firewall product.  If you are trying to run it as a single-nic ISA you are just screwed and are wasting your time.

Your solution is in the links I gave earlier:

Troubleshooting Client Authentication on Access Rules in ISA  Server  2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Understanding  the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

0
 
cooljam23Author Commented:
Arh now I understand.  

I've just removed the proxy setting out of notes settings and all is working fine.  

Many thanks for your help.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now