You should get traces of this traffic showing success and failure states. Since your ISa doesn't have "direct" access to the inner AD (goes through a firewall), you're likely seeing the results of intermittent connectivity. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 3 Sep 2003 15:05:22 +0200 "Etienne Goetynck" <Etienne.Goetynck@xxxxxxx> wrote: http://www.ISAserver.org - Firewall is a WatchGard Firewall - Microsoft note is : http://support.microsoft.com/?kbid=280132 (My objective is very similar, I would like publish a Sharepoint Portal Server). - On my LAN, I have 2 DC I have no other choice than using "Domain Traffic" across Firewall. I must keeping single sign on... and My "users database" is AD. My main problem is : sometimes, it's working perfectly (then I suppose my configuration is'nt too bad) > -----Original Message----- > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] > Sent: mercredi 3 septembre 2003 14:50 > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Domain authentication problem > > http://www.ISAserver.org > > > Without knowing : > 1. what the inner firewall is > 2. what reference you used (there are several) > 3. how many domain controllers you use > > ..it's a little difficult to say what the real problem is. > Have you traces the communications across the inner firewall while making > these tests? > > Generally speaking, domain traffic across any firewall is problematic at best > and completely unsupported across ISA (on purpose; it's VERY insecure). > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > > > On Wed, 3 Sep 2003 14:43:34 +0200 > "Etienne Goetynck" <Etienne.Goetynck@xxxxxxx> wrote: > http://www.ISAserver.org > > > Hello, > > > > I have the following problem, and I'm out of idea :-( : > > > > I have an ISA Server, configured as Reverse Proxy, in DMZ (Firewall is not an > ISA Server) > > This server publish the content of an another website, located in LAN. > > > > HTTPS and authentication are enabled for this access. Authenticated users are > from My Windows Domain, not from local server. (My ISA server is on a W2K > server, integrated to my DOMAIN and all corrects ports are open on my Firewall > (following a note from Microsoft). > > > > All is functioning correctly... but only time to time. > > > > > > When I make a request on my website (from an external connexion), I receive > authentication windows but, when I try to connect with a user, sometimes it's > OK, sometimes it's KO. > > > > When it's OK with the first user, I can try with a second one... and OK or KO > are possible. > > When it's KO with the first user, I can try with a second one... and OK or KO > are possible. > > > > Is anybody has a suggestion for me ? > > > > Thank you in advance > > > > Etienne > > > > > > ________________________________________________ > Goetynck Etienne > System Engineer Email : Etienne.Goetynck@xxxxxxx > Business Solutions Builders website : http://www.bsb.com > Place de l'université, 25 B-1348 Louvain-la-Neuve > Belgium > Phone : +32 (0)10 48.34.93 Fax : +32 (0)10 48.34.99 > ________________________________________________ > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > All mail from this domain is virus-scanned with RAV. > www.ravantivirus.com > > ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > etienne.goetynck@xxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*