Isa server 2000 fully patched sp3 etc will only authenticate against a particular bdc in our NT domain. As soon as we switch off this one particular bdc, ISA stops authenticating. The only slight clue we have is that this BDC was at one time the PDC, but this was before the ISA server was in place. Can any one shed any light on a) By what process ISA picks an NT domain controller to authenticate against b) How can you change this if it is predefined. thank you... Mark (puzzled)