ISA not picking up users from Lotus notes

Hi,

I'm trying to get ISA to pick up AD users from Lotus Notes but am unsuccessful.  I've created an AD group and allowed that group to go out to the internet.  All AD users are in this group.  But when users are trying to get out to the internet via Lotus Notes (viewing html email), ISA rejects it.  

If I deleted the AD group and allow "everyone" to get out to internet, ISA will allow users to get out through Lotus Notes.  So I'm guessing that ISA doesn't not detect user credentials from Lotus Notes when the users are in a group.

What's the solution?

Thanks in advance
cooljam23Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pwindellCommented:
You mean Lotus Notes  as an "Email Client"?

You have to install the Firewall Client on the workstations.  The mail client will not be able to aurthenticate with the proxy without that.

There are additional things that must be done if the mail client is Outlook.

0
cooljam23Author Commented:
Yes, email client.  Firewall client is installed on the workstations but it's still not working.
0
pwindellCommented:
Troubleshooting Client Authentication on Access Rules in ISA Server  2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

PorpathamCommented:
Hi,

You have to add exceptions in ISA Server rules and filters. Just check and reply.  Check ISA Server Log and Reply.
0
pwindellCommented:
He already had that.
The question is whether it was done correctly.
0
PorpathamCommented:
Hi,

        Which version of ISA Server u r Using?   And tell me u added the ISA Server in Domain or not. Actually for securiry purpose ISA Server should not connect to Domain.

Expecting Reply.
0
pwindellCommented:
Not correct.

For security purposes the ISA should be joined to the Domain

Debunking the Myth that the ISA Firewall Should Not be a Domain Member
http://www.isaserver.org/tutorials/Debunking-Myth-that-ISA-Firewall-Should-Not-Domain-Member.html


0
cooljam23Author Commented:
I don't think it's the rules I've got set up.  As I've mentioned earlier.  I have a rule that allows internal out to internet for everyone.  This works fine in lotus notes client.  But when I've created a group which contains individual users and add that group to the same rule.  Users don't get authenticated via lotus notes.  I'm guessing it's lotus notes that's not reading the credentials properly?
0
pwindellCommented:
Lotus Notes would not know credentials if it tripped over them.  Lotus Notes does not do any authentication and has no idea that any authentication is happening,...and it is not supposed to.  If Lotus Notes has any place for "proxy settings" (and I doubt it does) they should be left blank an unconfigured.

The Firewall Client is everything. It is what intercepts the traffic and passes it to the proxy and it is what handles the Authentication to the Proxy based on what the users are logged into their machines as using Integrated Authentication.   Any applications you run would be oblivious to this (and should remain so).  However this does require a 2-Nic ISA running as a full firewall product.  If you are trying to run it as a single-nic ISA you are just screwed and are wasting your time.

Your solution is in the links I gave earlier:

Troubleshooting Client Authentication on Access Rules in ISA  Server  2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Understanding  the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cooljam23Author Commented:
Arh now I understand.  

I've just removed the proxy setting out of notes settings and all is working fine.  

Many thanks for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Lotus IBM

From novice to tech pro — start learning today.