1. Your network definitions are broken - just plain broken. You're operating with the Edge Template, have no addresses assigned to the Internal network and the only hosts using the "Intra-array" net are the ISA servers B> I would like to receive your opinion about network template keeping in mind my intentions: purely two ISA servers for CACHE. I accept any sugenstion about netowork template as long as I can have two ISA in Array used for cache. The end users setup proxy manualy. This is my wish, so sugest me what network template should I use and how many network adapters and I will jump for it instantly. Before having Edge .. I was using Single Network Adaper Template and I have EXACTLY the same error having of corse only one single network interface on that computer. 2. You have GFI WebMonitor installed, but ISAInfo doesn't know how to read this configuration (yet; David?) Have you tried to disable or remove the filter? B> I do nto yet try to disable the WebMomnitor. I will try this too today. GFI WebMonitor3 filter Enabled Description GFI WebMonitor3 filter for ISA server Filter Direction Forward Priority Medium Relative Path WebMonPlg.dll Vendor GFi Software Ltd. Version 3.1.421 I can't speak to the version displayed (David again?), but you should check to ensure you have the latest bits. In the intra-array capture, Proxy2 (192.168.254.2) is attempting to authenticate with Proxy1 (192.168.254.1) via a "GET http://ms_proxy_intra_array_auth_query/"; request and receives a "400" response from Proxy1. Under normal circumstances, this response should never happen. The destination ISA would respond with a "407" if authentication actually failed. B> I do not know this behavoir so deep, that;s why I came here. Because this request is strictly for authentication to the upstream , ISA interprets any non-200 response as "failed authentication" and reports it back down the chain as such. Repeat the test with isabpapack +repro on both servers and respond with a link to both packages. B> ok, I will done this today after I stop the WebMonitor as well. One change - log on as a domain admin - the bizranet\florin account failed to authenticate to MSDE and so we have no logs. B> bizarnet\florinb it is a domain account !!!!! This way, we can see what both servers thought of the communication. B> no problem, you will have both reports today. I will work on 2 clients, eachone connect to a difrent ISA, but only one client will show error because the Load is 1 % on PROXY2 and 100 % on PROXY1. All mail to and from this domain is GFI-scanned.