hi all. My configuration is like that: The users in my LAN are connecting to the ISA with SSL that demands certificate authetication. An isapi filter that I wrote take the certificate authentication and insert to the new request basic authentication. The ISA redirect the request to another ISA, bridging the request to HTTP. The second ISA demands basic authentication, and redirect the request to a web server, bridging to SSL again. The isapi filter connect to AD via ldap to get the CRL from the CA. I'm using service pack 1, with no patches and hotfixs, and without the feautre pack. I have several problems: 1. When I surf with ie6 on xp, I'm loosing authentication from time to time. The major problems happen when I surf to OWA on my web server. It helps when I enable the ie's security setting "Don't prompt for client certificate selection when no certificate or only one certificate exists", but not in all cases. 2. The isa's service w3proxy is falling from time to time. how can i prevent it to fall, even if I have bugs in my filter? "try and catch blocks" don't really helps... the event log don'y really helps... 3. Can I manage connection to AD not only per request in the pfc -> FilterContext? it meens that I have to open a new connection for each request... If someone have tips on programming isapi filters for ISA, it'll help alot. 4. Maybe someone knows how can I debug the isapi filter (and I don't means writing to log file...), and check memory leaks? Thanks!