Stephen, When you add the AD domin in yoour NT 4 trusted domains, did you specify the pre-windows 2000 domian name or the FQDN such as 2000domain.com ? Regards, Raj -----Original Message----- From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx] Sent: January 06, 2002 7:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org Thank you Tom. I may have not stated my situation clearly. The ISA Server is a stand alone server in an NT40 domain that is a public subnet. ISA server is a member of the public domain, the private internal domain is W2K AD. When I tried ISA as a workgroup, it would only authenticate local machine accounts. I want ISA to authenticate the accounts that are users of the internal AD domain. I hope I said this clearly. Thank you for a quick response, but I'm still not clear on this Steve -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, January 06, 2002 5:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org Hi Stephen, You got your trust backwards! You want the ISA Server Windows 2000 domain to trust the NT domain. Otherwise, all heck might break loose :-) Trusts are very dependent on name resolution. NT uses NetBIOS and Windows 2000 DNS. HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx] Sent: Sunday, January 06, 2002 5:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org I have ISA installed on W2KS in firewall mode as a member of an NT4 domain with a public TCP/IP subnet. I have a non-routable subnet behind the ISA Server which is a W2K AD domain. I want users to have authenticated access to the Internet from SecureNAT clients and/or Web Proxy clients. So, I want a one way trust. The NT4 domain trusts the W2K AD domain. This way ISA will authenticate users in the the internal AD domain. BUT...... When I try to add the internal W2K domain to the trusted domains on the PDC it cannot find the internal W2K AD domain, either before or after ISA is installed. If I think about this, that is as I would expect. How would the NT4 PDC find the W2K AD domain? BUT... Page 93 of Configuring ISA Server 2000 actually refers to explicit one-way trusts between the ISA Server domain and each of the other individual domains. It also visualizes the situation in figure 2.5 SO.... What am I missing? Or.... Can this not be done when ISA Server is in an NT 40 domain? Thank you for your assistance in advance. Stephen D. Pidgeon ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: pidgeon@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: psraj@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')