It appears that RAS is using active directory. On an old account, I turned of "Dial in access', and the account can no longer VPN in, turn back on "Dial in', and the account can VPN in again. Interesting to note, that while the change replicated to the other servers as one would expect, it DID NOT replicate to the active directory running on the ISA server, even after an hour, the ISA server still showed the account as having Dial in allowed, when the rest of the servers showed the account as not having dial in allowed. So obviously active directory replication issues exist between the rest of the servers and the ISA. O what joy, another problem to toss on the already far too big pile. Again broached the question of a server rebuild with the office manager, answer is a very loud, very firm "NO WAY". This combined with, the fact that I have been refushed permission to even uninstall ISA server & reinstall, may put this in a rock and a hard place basket. If infact this is recoverable without a full server rebuild, which I am far from convinced at this point it is ??? I believe the first step necessary is to regain access to the ISA server management interface, and make sure the rule set, networks etc are consistent and sensible. However, when you start the mangement interface, it gives several "There was a problem sending the command the to program" errors. The ISA management interface opens, but there is nothing behind any of the levels. You click on firewall rules, and it displays a blank screen. Technet has nothing on this, anyone have any ideas on how to solve this ?