Hi Martjin, Is the ISA firewall/IAS server installed on Win2k? Thanks! Tom www.isaserver.org/shinder <http://www.isaserver.org/shinder> Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Martijn de Vries [mailto:martijnv@xxxxxxxxxxxxxxx] Sent: Tuesday, January 04, 2005 3:56 AM To: [ISAserver.org Discussion List] Subject: [isalist] VPN clients, IAS proxy, remote radius server groups and ISA 2004 http://www.ISAserver.org Hello, With ISA 2000 it was possible to authenticatie vpn clients on two different domains. The method I used for this depended on a feature in IAS of windows server 2003 called Remote radius server groups. On the ISA Server I installed the IAS Service and configured the remote radius server groups for the different domains, the ISA/RRAS server authenticated vpn clients against the IAS service on the local machine, the local IAS service proxyd the requests to the correct IAS service. With ISA 2004 it is possible to make the same configuration, however all authentication requests will fail. The IAS service on the ISA server logs an event with source IAS and ID 3. Description includes "Access request for user DOMAIN\userid was discarded." and "The request was discarded by a third-party extension DLL file.". My best guess is that the ISA Quarantine feature makes use of a special extension dll wich is incompatible with remote radius server groups. Local authentication works fine, but is a little useless on a standalone server. Can someone comment on this, perhaps from the development team. Maybe this is an unsupported configuration (which unintentionally worked with ISA 2000), maybe this can be fixed with an update. Or perhaps there is another way the get the same results. Are there others with the same problem? Sincerely, Martijn de Vries ************************************************************************ **** Info Support - http://www.infosupport.com Alle informatie in dit e-mailbericht is onder voorbehoud. Info Support is op geen enkele wijze aansprakelijk voor vergissingen of onjuistheden in dit bericht en staat niet in voor de juiste en volledige overbrenging van de inhoud hiervan. Op al de werkzaamheden door Info Support uitgevoerd en op al de aan ons gegeven opdrachten zijn onze Algemene Voorwaarden van toepassing (te vinden op onze website). De informatie in dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. Gebruik van deze informatie door anderen is verboden. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van deze informatie aan derden is niet toegestaan. Dit e-mailbericht kan vertrouwelijke informatie bevatten. Indien u dit bericht dus per ongeluk ontvangt, stelt Info Support het op prijs als u de zender door een antwoord op deze e-mail hiervan op de hoogte brengt en deze e-mail vervolgens vernietigt. ************************************************************************ **** ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx