Hi Stephen, You got your trust backwards! You want the ISA Server Windows 2000 domain to trust the NT domain. Otherwise, all heck might break loose :-) Trusts are very dependent on name resolution. NT uses NetBIOS and Windows 2000 DNS. HTH, Tom www.isaserver.org/shinder -----Original Message----- From: Stephen D. Pidgeon [mailto:pidgeon@xxxxxxxxxxxxx] Sent: Sunday, January 06, 2002 5:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA Server in NT4 domain with 1 way trust to internal W2K AD domain http://www.ISAserver.org I have ISA installed on W2KS in firewall mode as a member of an NT4 domain with a public TCP/IP subnet. I have a non-routable subnet behind the ISA Server which is a W2K AD domain. I want users to have authenticated access to the Internet from SecureNAT clients and/or Web Proxy clients. So, I want a one way trust. The NT4 domain trusts the W2K AD domain. This way ISA will authenticate users in the the internal AD domain. BUT...... When I try to add the internal W2K domain to the trusted domains on the PDC it cannot find the internal W2K AD domain, either before or after ISA is installed. If I think about this, that is as I would expect. How would the NT4 PDC find the W2K AD domain? BUT... Page 93 of Configuring ISA Server 2000 actually refers to explicit one-way trusts between the ISA Server domain and each of the other individual domains. It also visualizes the situation in figure 2.5 SO.... What am I missing? Or.... Can this not be done when ISA Server is in an NT 40 domain? Thank you for your assistance in advance. Stephen D. Pidgeon ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')