Is it Enterprise or Stand alone? Does your ISA communicate with the Domain Controller? It seems to me that ISA cannot authenticate your users within the Active Directory, like if ISA couldn´t check it out with AD if your users are really who they mean to be. I would advise you to start from the beggining. 1. Create only one site and content rules that allows everything to everyone. 2. Create a protocol rule which allows all IP traffic to everyone. See if everything works fine. Then start closing things... Allow all sites to specific users. Tell me if you´ve had any progres