A
Akhlaq Khan
following is the configuration in my office LAN:
1. A Win2k Server domain controller.
2. A Win2k Proxy + Firewall Server (ISA).
the proxy server is directly connected to the internet (DSL) and the DNS
entries point to the DNS servers of my ISP. Also the gateway defined in my
proxy server TCP/IP properties is pointing to the DSL modem.
Previously, the proxy server was running fine as a stand-alone server. after
introducing the domain controller in the network for centralized
authentication i wanted to configure the proxy server as part of the domain.
in order to make it part of the domain i had to change the DNS entries of
proxy server to point to the local DNS server (domain). so i did that and
made the proxy server part of the domain and added the domain users to the
local groups of the proxy server having rights to browse the internet. then
i changed the DNS settings back to the original ones (pointing to my ISP DNS
servers) but also added the local DNS server entry as a third DNS server (i
kept its order lowest) so that the proxy server won't have any problem in
authenticating domain users or applying any group policies that i would need
to do in future.
The only problem that i have so far expereinced with this configuration is
that some of the users are unable to browse some websites while others seem
to be working fine. also, sometimes the smtp server of my ISP is not found.
if i bypass the proxy server (connecting directly to the DSL modem)
everything works fine. Also, when i remove the local DNS entry from the
proxy server TCP/IP settings (leaving only the two original entries of my
ISP DNS servers) everything again works fine.
My questions are:
1. Did i adopt correct method for configuring my ISA server ? if not, what
would be a more appropriate method for making an ISA proxy server a part
of the domain ?
2. How do i make sure that my domain users still have access to all the
internet resources as they had previously, and at the same time i
can apply any group policies that i need to in future ?
thanks ...
akhlaq.
1. A Win2k Server domain controller.
2. A Win2k Proxy + Firewall Server (ISA).
the proxy server is directly connected to the internet (DSL) and the DNS
entries point to the DNS servers of my ISP. Also the gateway defined in my
proxy server TCP/IP properties is pointing to the DSL modem.
Previously, the proxy server was running fine as a stand-alone server. after
introducing the domain controller in the network for centralized
authentication i wanted to configure the proxy server as part of the domain.
in order to make it part of the domain i had to change the DNS entries of
proxy server to point to the local DNS server (domain). so i did that and
made the proxy server part of the domain and added the domain users to the
local groups of the proxy server having rights to browse the internet. then
i changed the DNS settings back to the original ones (pointing to my ISP DNS
servers) but also added the local DNS server entry as a third DNS server (i
kept its order lowest) so that the proxy server won't have any problem in
authenticating domain users or applying any group policies that i would need
to do in future.
The only problem that i have so far expereinced with this configuration is
that some of the users are unable to browse some websites while others seem
to be working fine. also, sometimes the smtp server of my ISP is not found.
if i bypass the proxy server (connecting directly to the DSL modem)
everything works fine. Also, when i remove the local DNS entry from the
proxy server TCP/IP settings (leaving only the two original entries of my
ISP DNS servers) everything again works fine.
My questions are:
1. Did i adopt correct method for configuring my ISA server ? if not, what
would be a more appropriate method for making an ISA proxy server a part
of the domain ?
2. How do i make sure that my domain users still have access to all the
internet resources as they had previously, and at the same time i
can apply any group policies that i need to in future ?
thanks ...
akhlaq.
