Re: Domain authentication problem

• From: Jim Harrison <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 03 Sep 2003 06:22:26 -0700

You should get traces of this traffic showing success and failure states.
Since your ISa doesn't have "direct" access to the inner AD (goes through a 
firewall), you're likely seeing the results of intermittent connectivity.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Wed, 3 Sep 2003 15:05:22 +0200
 "Etienne Goetynck" <Etienne.Goetynck@xxxxxxx> wrote:
http://www.ISAserver.org


- Firewall is a WatchGard Firewall
- Microsoft note is : http://support.microsoft.com/?kbid=280132 (My objective 
is very similar, I would like publish a Sharepoint Portal Server).
- On my LAN, I have 2 DC

I have no other choice than using "Domain Traffic" across Firewall. I must 
keeping single sign on... and My "users database" is AD.

My main problem is : sometimes, it's working perfectly (then I suppose my 
configuration is'nt too bad)








> -----Original Message-----
> From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> Sent: mercredi 3 septembre 2003 14:50
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: Domain authentication problem
> 
> http://www.ISAserver.org
> 
> 
> Without knowing :
> 1. what the inner firewall is
> 2. what reference you used (there are several)
> 3. how many domain controllers you use
> 
> ..it's a little difficult to say what the real problem is.
> Have you traces the communications across the inner firewall while making
> these tests?
> 
> Generally speaking, domain traffic across any firewall is problematic at best
> and completely unsupported across ISA (on purpose; it's VERY insecure).
> 
>   Jim Harrison
>   MCP(NT4, W2K), A+, Network+, PCG
>   http://isaserver.org/Jim_Harrison/
>   http://isatools.org
>   Read the help / books / articles!
> 
> 
> On Wed, 3 Sep 2003 14:43:34 +0200
>  "Etienne Goetynck" <Etienne.Goetynck@xxxxxxx> wrote:
> http://www.ISAserver.org
> 
> 
> Hello,
> 
> 
> 
> I have the following problem, and I'm out of idea :-( :
> 
> 
> 
> I have an ISA Server, configured as Reverse Proxy, in DMZ (Firewall is not an
> ISA Server)
> 
> This server publish the content of an another website, located in LAN.
> 
> 
> 
> HTTPS and authentication are enabled for this access. Authenticated users are
> from My Windows Domain, not from local server. (My ISA server is on a W2K
> server, integrated to my DOMAIN and all corrects ports are open on my Firewall
> (following a note from Microsoft).
> 
> 
> 
> All is functioning correctly... but only time to time.
> 
> 
> 
> 
> 
> When I make a request on my website (from an external connexion), I receive
> authentication windows but, when I try to connect with a user, sometimes it's
> OK, sometimes it's KO.
> 
> 
> 
> When it's OK with the first user, I can try with a second one... and OK or KO
> are possible.
> 
> When it's KO with the first user, I can try with a second one... and OK or KO
> are possible.
> 
> 
> 
> Is anybody has a suggestion for me ?
> 
> 
> 
> Thank you in advance
> 
> 
> 
> Etienne
> 
> 
> 
> 
> 
> ________________________________________________
> Goetynck Etienne
> System Engineer                  Email : Etienne.Goetynck@xxxxxxx
> Business Solutions Builders        website : http://www.bsb.com
> Place de l'université, 25                         B-1348 Louvain-la-Neuve
> Belgium
> Phone : +32 (0)10 48.34.93                          Fax : +32 (0)10 48.34.99
> ________________________________________________
> 
> 
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> All mail from this domain is virus-scanned with RAV.
> www.ravantivirus.com
> 
> ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> etienne.goetynck@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

Other related posts:

• » Domain authentication problem
• » Re: Domain authentication problem
• » Re: Domain authentication problem
• » Re: Domain authentication problem
• » Re: Domain authentication problem
• » Re: Domain authentication problem
• » Re: Domain authentication problem

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---