Solved

ISA 2006 keep asking user name/password

Posted on 2012-03-10
9
969 Views
Last Modified: 2012-04-14
Hi All
I have windows 2008 domain and there is a windows 2003 R2 server Ent. member server in which isa server 2006 is installed.
My ISA2006 is not at the backend on my network, it is behind a Hardware firewall. and I have one network card in ISA server.
Even though i was created access rules for particular domain users by browsing in the active directory , but now user cannot access internet.
they are getting a login screen always and it is not authenticating even if the user supplies the correct credentials.

it was work fine before few weeks a go and now in the ISA i'm not able to see my local domain when i'm trying to add new user's in to access rule it's showing ISA server computer only in the location

I restart the ISA Server, then working fine for another some time then I shuld restrat it again?

please I need help to resolve this problem
untitled2.JPG
untitled.JPG
0
Comment
Question by:AymanOZ
  • 3
  • 3
  • 3
9 Comments
 
LVL 39

Expert Comment

by:als315
Comment Utility
Try to check blocked connections in monitoring. It looks like DNS problem. Try to resolve domain controller during this lock, check access to proper DNS server.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Try to dis-join  and rejoin the ISA to domain.
0
 

Author Comment

by:AymanOZ
Comment Utility
Dear als315
I just Reed more in intenet ...

they ask me to add in host file

172.16.1.1           DNS1.domain.com         DNS1
172.16.1.2           DNS2.domain.com         DNS2

i will try it and come back to you

Dear Sulimanw
I try last week to
dis-join  and rejoin then reinstull ISA
0
 
LVL 39

Expert Comment

by:als315
Comment Utility
What DNS is in your network card's settings? Have you internal DNS server in ISA computer? Have you any VPN connections to this ISA server?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
make sure that the external NIc does not point to any external DNS servers.
0
 

Author Comment

by:AymanOZ
Comment Utility
My domain local DNS IP address is
172.16.1.1
172.16.1.2
My ISP DNS is
202.93.39.4
202.93.39.5

ISA Server is only Server with ISA Software, I did not add any other serves in ISA like DNS or fileserver or anything
I don’t have VPN connected to ISA server.

I have only one NIC in ISA server
configured like this
IP:   172.16.1.4
SM:  255.255.0.0
GW: 172.16.1.254
DNS1: 172.16.1.1
DNS2: 202.93.39.4

If I remove external DNS from ISA Server, I cannot get Internet :(
If I remove Internal DNS I cannot get Username and domain :((
0
 
LVL 39

Assisted Solution

by:als315
als315 earned 250 total points
Comment Utility
Remove ISP's DNS from list, add your second DNS. Your internal DNSs should have forwarders to ISP's DNSs
Mask is 255.255.0.0 - you have so many computers in your network?
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 250 total points
Comment Utility
Remove the 202.x.x.x from the dns ip list in the internal adapter.

create a rule to allow dns traffic from your internal dns server to the external network. last thing add the 202.x.x..x dns into the forwarders list in your internal dns server.
0
 

Author Comment

by:AymanOZ
Comment Utility
OK ,
I Add this in DNS1,DNS2
202.x.x.x you can see the attachment
I will remove external DNS IP in NIC in ISA Server After 6:00 PM only
untitled.PNG
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now