asked on Isa server 2004 and windows server 2008 ADC on branch office
Hi Experts,
I have a main office for example abc.com and here windows server 2008 domain controller is installed with 100 clinets, ISa server 2004 is used to connect one branch office with main office and windows server 2008 aditional domain controller is installed there, every things are fine, we can join clients at branch office and as well at the main office but we cant make isa member server at brach office.
also when the site to site vpn is down the branch office users can't login, I tried and worked for 5 days but could not find solution for it,
your on time assistance will be appreicated,
thanks
I have a main office for example abc.com and here windows server 2008 domain controller is installed with 100 clinets, ISa server 2004 is used to connect one branch office with main office and windows server 2008 aditional domain controller is installed there, every things are fine, we can join clients at branch office and as well at the main office but we cant make isa member server at brach office.
also when the site to site vpn is down the branch office users can't login, I tried and worked for 5 days but could not find solution for it,
your on time assistance will be appreicated,
thanks
Microsoft SharePointMicrosoft Forefront ISA ServerWindows Server 2008
Last Comment
SyedJan
but we cant make isa member server at brach office
There is no such thing as joining at one office or the other. It is ONE domain,..you either join the domain or you don't,...locations are irrelevant.
The ISA machine must be joined tot he Domain BEFORE the ISA Software is installed so that the Installation Routines detect the Domain build the correct System Policies within ISA to be able to interact with the Domain correctly.
All machines in need to list the DC from their own location as the first DNS in their TCP/IP Specs
Then you need to correctly setup Active Directory Sites and Services. This is what controls which DCs are used for authentication for particular things in a particular site. this is also what regulates the Replication between the two DCs over the WAN link.
There is no such thing as joining at one office or the other. It is ONE domain,..you either join the domain or you don't,...locations are irrelevant.
The ISA machine must be joined tot he Domain BEFORE the ISA Software is installed so that the Installation Routines detect the Domain build the correct System Policies within ISA to be able to interact with the Domain correctly.
All machines in need to list the DC from their own location as the first DNS in their TCP/IP Specs
Then you need to correctly setup Active Directory Sites and Services. This is what controls which DCs are used for authentication for particular things in a particular site. this is also what regulates the Replication between the two DCs over the WAN link.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
1. Make sure the clients at branch office uses DNS of both local server and at main office
2. Make sure DNS is running on Branch office
3. Make the branch office DC a Global Catalog server
4. Try testing : If you still have issues then check for event logs by logging locally and see if their is any log on DC
For ISA to become member, Make sure the IP is bypass in ISA for the main DC server, Make sure DNS is right for ISA, Try checking open ports to ensure you have right connectivity and you can reach to DC on 389 port and 3268 port for both branch and main office dc