I am not sure if i can make a theory out of what is happining with me. ISA 2004 is strange when it is a member of a domain. So what i did, i removed it from the domain and made it an independent server only proxy, firewall and cache server. and guys it is very nice now. but when it comes to authentication i a facing a problem. domain members are unable to browse as users are not created in the ISA server. Is there a way i can import the active directory users and groups data base into the ISA server. ?????
Please help (The YemenDomain)
B.Sc (Computer science),
Passed: 270-70 & 270-90
working on: 270-91 & CCNA
********Never hisitate asking. Not everyone knows. Seek Learning*********
Re: Why can't i get authenticated through ISA 2004
12 years 1 month ago #16253
Can you give more details of the issues you had when putting ISA Server into the domain. There has been a lot of topics regarding Standalone\Domain Membership and ISA Server. The older approach was that a Firewall should not be a member of a domain incase it is compromised. The newer way of thinking is that it should be a member of the domain in order to enhance the functionality of ISA 2004; see
for more on the subject.
Therefore, if you can give more details on the issues you have had with the domain membership it may be worth trying to get this working so you are not managing two seperate accounts (Domain Logon and Internet Access).
Another thing would be, do you use Internet Filtering ? Or are you thinking about it. I know the Websense product (which i must say is an excellent product for Internet Filtering) has an agent the will intercept the domain account information and then use its own service then to connect to a domain controller and enumerate groups, etc... for the authentication portion. This may be another way forward as you don't need to make the ISA Server part of the domain but you can still query your Active Directory (Read only) to enumerate account details.