The response for your question probably lies in Global Catalog Server implementation. The GCS is usually implemented by only one server. I am also open to other replies. -------------------------------------------------------------------- Rami SIK System & Network Administrator CCNA Kimyatas Istanbul / Turkey Tel:90-212-334 4963 -------------------------------------------------------------------- -----Original Message----- From: bhavani.suresh [mailto:bhavani.suresh@xxxxxxxxxxxxxxxx] Sent: Saturday, February 01, 2003 11:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Domain Controller failure-------ISA stops browsing http://www.ISAserver.org -----Original Message----- From: bhavani.suresh Sent: Sat, February 01, 2003 07:23 To: '[ISAserver.org Discussion List]' Subject: RE: Domain Controller failure-------ISA stops browsing Hi i have a case which is very annoying. I have win2k active directory domain controllers. Whenever my primary DC(Which is RID master,PDC Emulator,GC ETc.,) goes down, i find ISA doesnt authenticate users and hence browsing doesnt go through. why the hell ISA is not authenticating users against another domain controller because i have more than 1 domain controller. Is there any setting that i need to do on ISA?? PLs help -----Original Message----- From: btm [mailto:bmiyata@xxxxxxxxxxxxxxxxx] Sent: Sat, February 01, 2003 04:43 To: [ISAserver.org Discussion List] Subject: [isalist] Allowing access based on IP address http://www.ISAserver.org Hello All, We have an Enterprise ISA SP3, Integrated, in an array, on a W2K SP3. We have set up rules to allow users out only if they are part of an authorized NT global group and have "ask unauthenticated users for identification" enabled on the Outgoing Web Requests. We have configured all of the browsers to point to the ISA proxy. Authorized users go out transparantly while unauthorized users are prompted for credentials. We now have a situation where "guest" terminals (no one signs on to the domain) need access to the Internet. I have created a Client Address Set to allow the IP address out but I am still prompted for credentials. I logged into the domain with an ID that is not part of an authorized global group and I was able to access the Internet (The situation we have is that no one will be signing on to that computer). I disabled the "ask unauthenticated..." and I could access the Internet no matter what which is not good because we now lost control of who can access the Internet. Anyone have a solution for this? Thanks, Brian ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bhavani.suresh@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') DISCLAIMER: ------------------------------------------------------------------------ ------------------------------------- Please note that our domain name is changed from adnoc-fod.co.ae to adnoc-dist.co.ae Hence change your email addresses accordingly to reflect these changes. This communication may contain confidential information. If you are not the intended recipient please inform us immediately. For complete disclaimer note please visit our website at: http://www.adnoc-dist.co.ae/emaildisclaimer.htm Adnoc Distribution-Tel:02-6771300;Fax:02-6722322; Email:webmaster@xxxxxxxxxxxxxxxx;Website:http://www.adnoc-dist.co.ae ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')