No such groups. Should the RAS service be on the ISA or on another server? Currently it's on ISA which is a member server in the domain. But there are no ras, remote, IAS, any groups of the sort. -----Original Message----- From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, May 15, 2007 10:47 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: VPN Issue Try RAS and IAS Servers group. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > Sent: Tuesday, May 15, 2007 9:46 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: VPN Issue > > There is no RAS Servers group in Active Directory and the ISA firewall > is a member of the domain. > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Tuesday, May 15, 2007 9:36 AM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: VPN Issue > > You'll need to add the ISA Firewall to the RAS servers group > manually in > the Active Directory. I've seen this a few times before, > although it was > quite awhile ago. Are you logged on as domain admin when you > enabled the > RRAS functionality? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak > > Sent: Tuesday, May 15, 2007 8:36 AM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] VPN Issue > > > > I'm enabling client VPN access. I'd like to authenticate > them using an > > active directory user group. When I enable VPN Access using > > the ISA 2006 > > Wizard I get an message that "this computer cannot be added > > to the list > > of valid remote access servers in active directory". What is > > it talking > > about? Is this saying that ISA can't talk to Active > Directory? Looking > > at the packets it seems that ISA is attempting to > > authenticate the users > > locally rather than through Active Directory. I see a chap > challenge = > > firewall and then a chap response from the VPN client with their > > domain\username then authentication fails. > > > > Amy > > > > -- > > ExchangeDefender Message Security: Click below to verify > authenticity > > http://www.exchangedefender.com/verify.asp?id=l4FDSMmi007060&f > > rom=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > > > > > > > > -- > ExchangeDefender Message Security: Click below to verify authenticity > http://www.exchangedefender.com/verify.asp?id=l4FEciSM016455&f > rom=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > > > > -- ExchangeDefender Message Security: Click below to verify authenticity http://www.exchangedefender.com/verify.asp?id=l4FEq8FB018129&from=amy@xxxxxxxxxxxxxxxxxxxxxxxxxx