There is no RAS Servers group in Active Directory and the ISA firewall is a member of the domain. -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, May 15, 2007 9:36 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: VPN Issue You'll need to add the ISA Firewall to the RAS servers group manually in the Active Directory. I've seen this a few times before, although it was quite awhile ago. Are you logged on as domain admin when you enabled the RRAS functionality? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > Sent: Tuesday, May 15, 2007 8:36 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] VPN Issue > > I'm enabling client VPN access. I'd like to authenticate them using an > active directory user group. When I enable VPN Access using > the ISA 2006 > Wizard I get an message that "this computer cannot be added > to the list > of valid remote access servers in active directory". What is > it talking > about? Is this saying that ISA can't talk to Active Directory? Looking > at the packets it seems that ISA is attempting to > authenticate the users > locally rather than through Active Directory. I see a chap challenge = > firewall and then a chap response from the VPN client with their > domain\username then authentication fails. > > Amy > > -- > ExchangeDefender Message Security: Click below to verify authenticity > http://www.exchangedefender.com/verify.asp?id=l4FDSMmi007060&f > rom=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > -- ExchangeDefender Message Security: Click below to verify authenticity http://www.exchangedefender.com/verify.asp?id=l4FEciSM016455&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx