1. Your network definitions are broken - just plain broken. You're operating with the Edge Template, have no addresses assigned to the Internal network and the only hosts using the "Intra-array" net are the ISA servers 2. You have GFI WebMonitor installed, but ISAInfo doesn't know how to read this configuration (yet; David?) Have you tried to disable or remove the filter? GFI WebMonitor3 filter Enabled Description GFI WebMonitor3 filter for ISA server Filter Direction Forward Priority Medium Relative Path WebMonPlg.dll Vendor GFi Software Ltd. Version 3.1.421 I can't speak to the version displayed (David again?), but you should check to ensure you have the latest bits. In the intra-array capture, Proxy2 (192.168.254.2) is attempting to authenticate with Proxy1 (192.168.254.1) via a "GET http://ms_proxy_intra_array_auth_query/" request and receives a "400" response from Proxy1. Under normal circumstances, this response should never happen. The destination ISA would respond with a "407" if authentication actually failed. Because this request is strictly for authentication to the upstream , ISA interprets any non-200 response as "failed authentication" and reports it back down the chain as such. Repeat the test with isabpapack +repro on both servers and respond with a link to both packages. One change - log on as a domain admin - the bizranet\florin account failed to authenticate to MSDE and so we have no logs. This way, we can see what both servers thought of the communication. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Bogdan Florin Sent: Tuesday, February 13, 2007 1:47 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA Intra Array Authentification We'll try it one more time and I'll be as specific as possible: 1. Log on to your problematic ISA Server using an account which has local administrator privileges 2. Breathe in; breathe out 3. Start | Run | cmd 4. Breathe in; breathe out 5. Navigate to the ISABPA installation folder 6. Breathe in; breathe out 7. Type 'isabpapack +repro' (no quotes) 8. Breathe in; breathe out 9. When ISABPAPack prompts you, hit <space> 10. Breathe in; breathe out 11. Move to the test client machine 12. Breathe in; breathe out 13. Perform the action at a client machine which produces the "Error Code: 502 Proxy Error. Logon failure: unknown user name or bad password. (1326) " error. 14. Breathe in; breathe out 15. Return to the ISA Server 16. Breathe in; breathe out 17. In the cmd window where ISABPA is patiently waiting for your return, hit <space> 18. Breathe in; breathe out 19. Observe the messaging in the command window 20. Breathe in; breathe out (repeat while ISABPAPack finishes its tasks) 21. Observe the .cab file that appears on the desktop when the process completes (ISABPAPack also tells you this) 22. Breathe in; breathe out 23. Copy that .cab file to your web site 24. Breathe in; breathe out 25. Respond with a link to the resulting data 26. Breathe in; breathe out Any further respiration is your own responsibility. Everything completed exactly. http://web.bizarnet.ro/IsaPackage.zip Proxy2 have CARP load factor 1 while Proxy"1" have CARP load factor 100 wich conclude that all Web Requests heading to proxy2 it will be retrived from Proxy1. this is the moment when IntraArray authentification return the error. The client computer was manualy setup to ask Proxy2. I will read your comments with much interest. I will be back online over 8 hours. Thank you for your support ! I'm patience to see the end of this intra array mistery. All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned.