[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ISA Server Authentication Problem - Active directory

Posted on 2011-05-13
8
Medium Priority
?
744 Views
Last Modified: 2012-05-11
Hi experts,
I'm having several troubles with ISA SERVER 2006 SP1.
Here is my scenary:

Active Directory:
192.168.1.1 / 255.255.248.0
GW: 192.168.1.10 (also tried with 192.168.1.1)
DNS1: 192.168.1.1
DNS2: 192.168.1.2

ISA Server NIC 1
192.168.1.10 / 255.255.248.0
GW: none
DNS1: 192.168.1.1
DNS2: 192.168.1.2

ISA Server NIC 2
200.41.239.x / 255.255.248.0
GW: 200.41.239.y
DNS1: none
DNS2: none

DHCP Clients:
192.168.7.x / 255.255.248.0
GW: 192.168.1.10
DNS1: 192.168.1.1
DNS2: 192.168.1.2

I've got 1 access rule in my ISA (Except for the default)
Allow / All outbound Traffic / From All networks / To All Networks / All Users
And 3 published servers in different protocols.

The problem is that every computer I connect, request authentication to connect to the internet, so, I'm obligated to migrate every mail client to outlook express (from outlook).
Besides, the only credential that Internet Explorer accepts is the ADMINISTRATOR account. None of the others seems to have permision.
I need to grant outbound access to every client to my mail server (200.80.42.x), even anonymous.
Also, I need to grant outbound access to some web pages to few clients.
But I'm stucked with this authentication issue.

I'm begging for your help, this is extremely critical.

If you could give me some examples on how to configure an access rule to -for example- limit web access to one group of users of my active directory. Or maybe you could tell me why I have to authenticate every time I try to navigate the web.

Any help would be appreciated.

Thanks in advance,

Regards,

Leandro Nuñez.
0
Comment
Question by:Leandronn
  • 4
  • 2
  • 2
8 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35752723
ISA GUI--> configurations--> networks--> internal network properties. then go to proxy - un-heck require all users to be authenticated.

BTW, how you clients connected ? secure nat, proxy  or firewall client ?
0
 
LVL 2

Author Comment

by:Leandronn
ID: 35752785
Dear Sulimanw,
Thanks for your quick answer.
Clients are connected vía firewall client.
I'm testing your solution and I'm leting you know.
Thanks a lot.
Regards,

Leandro Nuñez.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35752876
Also please disable firewall client and test for secure NAT...
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 35754959
Outlook does not use the FIrewall Client until you go into the Firewall Client Settings in the ISA MMC and set it to outlook, disabled=0 then give it about 30 minutes to take effect at the Clients

The global forcing of authentication (that Sulimanw mentioned) should never be enabled.



0
 
LVL 2

Author Comment

by:Leandronn
ID: 35760490
@sulimanw: tried that but it was already unchecked.
@pwindell: i've tried your solution and -by now- there's no problem. I have to go today to the office so, I'm going to declare all rules and then I'll let you know the results.

Thank
0
 
LVL 2

Author Comment

by:Leandronn
ID: 35760491
@sulimanw: tried that but it was already unchecked.
@pwindell: i've tried your solution and -by now- there's no problem. I have to go today to the office so, I'm going to declare all rules and then I'll let you know the results.

Thank You both so much.
0
 
LVL 2

Author Closing Comment

by:Leandronn
ID: 35774181
Thank you so much
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35776938
You're welcome sir!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question