Re: ISA client on a non-domain machine

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Cory,

Thanks for your update.

I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

For your issue, you may need to uninstall ISA 2004 Firewall client on the
non-domain client or join the client to SBS domain because we actually do
not support the scenario.

For more information regarding ISA 2004, you may need to refer the
following documents:

How to configure networks in ISA Server 2004
http://support.microsoft.com/?id=867483

What's New and Improved in ISA Server 2004
http://www.microsoft.com/isaserver/evaluation/whatsnew.asp

ISA Server 2004 Performance Best Practices
http://www.microsoft.com/technet/prodtechnol/isa/2004/performancebestpractic
es.mspx

ISA Server 2004 Quick Start Guide
http://download.microsoft.com/download/3/7/b/37b0cbc4-e578-4082-a779-de4fbe8
76f06/ISA2004SE_quickstartguide-Rev%201%2003.doc

ISA Server 2004 ISA Server 2004 Configuration Guide
http://download.microsoft.com/download/3/7/b/37b0cbc4-e578-4082-a779-de4fbe8
76f06/ISA2004SE_configguide-Rev%201%2003.doc

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "cory_jackson" <cory@xxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: ISA client on a non-domain machine
| Date: 1 Jun 2006 08:23:49 -0700
| Organization: http://groups.google.com
| Lines: 74
| Message-ID: <1149175428.975591.129010@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <1149121142.874075.53050@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <11NhCKVhGHA.4896@xxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 216.9.45.2
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1149175435 23060 127.0.0.1 (1 Jun 2006
15:23:55 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Thu, 1 Jun 2006 15:23:55 +0000 (UTC)
| In-Reply-To: <11NhCKVhGHA.4896@xxxxxxxxxxxxxxxxxxxxx>
| User-Agent: G2/0.2
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
NET CLR 1.0.3705; .NET CLR 1.1.4322),gzip(gfe),gzip(gfe)
| X-HTTP-Via: 1.0 SERVER
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: g10g2000cwb.googlegroups.com; posting-host=216.9.45.2;
| posting-account=q-B2eQ0AAAAqBJ9m37cSw_KGz2MN9ffM
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!msrnewsc1!
msrtrans!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newscon02.news.prod
igy.com!newscon06.news.prodigy.com!prodigy.net!border1.nntp.dca.giganews.com
!nntp.giganews.com!postnews.google.com!g10g2000cwb.googlegroups.com!not-for-
mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:272291
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Wow, thanks for the great response. I'm going to look into your
| suggestions at the bottom but I'll answer your questions first.
|
| 1) No.
| 2) No.
| 3) Not sure. Do you mean admin of the machine or the domain? On the
| machine the user account is an admin account. The machine belongs to
| another domain primarily so therefore can not join this domain. Now if
| I log into one of the domain machines I am able to make the RD client
| out there.
| 4) Yes. Here it is:
| Event Type: Error
| Event Source: Microsoft Firewall Client 2004
| Event Category: None
| Event ID: 2
| Date: 6/1/2006
| Time: 8:05:18 AM
| User: N/A
| Computer: TOWHEE
| Description:
| Application [mstsc.exe]. Authentication failed. Verify that the user
| account running this application has the required permissions. If the
| application is running under a system account, you can apply different
| credentials for this application via the client configuration and
| FwcCreds.exe.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
| Data:
| 0000: 04 03 09 80
|
| 5) What would you like a screenshot of? There really isn't anything to
| see. It's the normal message you get when you try to connect to a
| machine that isn't responding. Sorry, I'm using Google and i don't see
| a way to attach. If you really need it I'll put it on my website for
| you but there's really nothing remarkable about it.
|
|
| Let me back up a little here. It just occurred to me that I might be
| going about this the wrong way. Can you advise me as how the best way
| to do this is? IOW if I'm on a non-domain machine and want to get RD to
| work how do i do it? You say doing it with ISA is not advised so what
| is the recommended way?
|
| I apologize. I should know more about ISA than I do. To be honest I
| don't know the first thing about it and i feel like an idiot. Maybe you
| could recommend some reading for me to get started with? Personally I
| like books with functional descriptions of the systems followed by
| practical examples. But my problem has been that either the books have
| been too simple or they are a sort of expert reference guide that's 4"
| thick and impossible to digest. So if you know of any good books I'm
| all ears. I'll go to the bookstore later today and see what I can find.
|
|
| > I would like to kindly clarify that the Firewall Client can be
installed on
| > the non-domain user (but it's not the recommended way). As I know, the
| > firewall client (FWC) can pick up the client side network requests;
| > encapsulate the request with the current logon users' credentials and
then
| > send the request to the ISA server. If the workstation is not a member
of
| > the domain, the FWC will send the request with anonymous privilege. You
can
| > create the rule which applies to 'All Users' to allow the outbound
requests
| > for the non-domain computers.
|
| This sounds interesting. I saw the bit about using the FwcCreds but i
| tried that on another machine and it didn't work. But I wasn't very
| enamored by the idea of having to set credentials for every single
| application. It seemed to me that I should go to the ISA server and in
| effect tell it that on machine 192.168.1.23 to allow outbound traffic
| on port 3389 or something like that.
|
| Like I say I'll try your suggestion but I'm crippled by the fact
| that I don't know the Ass from the head of this beast. <g> Thank you
| very much for helping me out on this one.
|
|

.

Relevant Pages

  • RE: Client assigned and installed - but do not show up as installed
    ... You have requested support for a localized product. ... These newsgroups are ... geared to answer on the English version of the product. ... Client assigned and installed - but do not show up as installed ...
    (microsoft.public.sms.admin)
  • Re: Two sites, leased line, two servers, ISA
    ... What's New and Improved in ISA Server 2004 ... Microsoft CSS Online Newsgroup Support ... newsgroups so that they can be resolved in an efficient and timely manner. ...
    (microsoft.public.windows.server.sbs)
  • Re: Computer Migration and SecureNAT
    ... > - SNAT client. ... Disable or no FW client installed. ... disabled in out-of-the-box ISA server, ... > SOCKS support to the client machine, ...
    (microsoft.public.windows.server.sbs)
  • Re: Win7 - Kein E-Mail Client
    ... Ressource für Support. ... Nene, das ging schon darum, wer den Client benutzen würde. ...
    (microsoft.public.de.german.allgemein)
  • Re: Firewall client not working but its session is visible in ISA-
    ... It's not supported for ISA 2000, ... It's true I do not use the full capacity of the ISA server, ... if I re-enable the client I can "see" the internet again. ... client is enabled on the client, so the ISA server must see and support ...
    (microsoft.public.isa.clients)