ISA Web Access rule for AD group fails

[wciccadmin]

Hello,

We are using ISA server for authentication control for web browsing on our Active Directory domain.

We have primary and secondary AD servers. We have a single AD group which contains all users that we allow internet access to.

The rule is simple, allow internal to external traffic for those certain users to all external sites.

The problem I have is this...

If one of our AD servers is offline (for example during a reboot) All of our users in the internet access group cannot access the internet. They get prompted for a username and password from the ISA server. The only username and password that will work is the local admin account on the ISA server.

I can see why this would happen if our primary and secondary AD servers were offline, then ISA would not know the credentials of the AD group in the access rule.

However, the problem arises if only one AD server is offline. If I reboot one AD server, some internet users are prompted for crediantials and are denied access, If I reboot the other AD server, the same thing happens.

Any ideas?

 

[bobej]

This sounds more like your DNS is not working properly try entering both dns server ip addresses staticly on the nic of the isa server