You cannot log on to a local intranet site that you publish by using ISA Server 2006 when there are multiple user accounts that have the same account name in different domains
Now here’s an interesting problem. What happens when you have multiple domains in the same forest that the ISA firewall belongs to and the same user name exists in multiple domains? The user might not be able to log on!
The following scenario can lead to this problem:
- You use Microsoft Internet Security and Acceleration (ISA) Server 2006 to publish a local intranet site.
- You enable forms-based authentication (FBA) and the Allow users to change their passwords feature for the Web Listener.
- The ISA Server is a member of a domain. For example, the domain is Domain1.
- There are multiple domains in the forest, and there are user accounts that exist with the same account name in different domains. For example, the user accounts are Domain1\user1 and Domain2\user1.
- One of the user accounts is disabled. For example, Domain1\user1 is disabled.
- You try to use the other user account to log on to the local intranet site. For example, you use Domain2\user1 to log on to the local intranet site.
What to do? Check out http://support.microsoft.com/kb/952675 for a solution to this problem.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Simon Gadsby Says:
September 7th, 2010 at 2:03 am
GREAT WORK DEB! This resolved the issue for us with Forefront TMG 2010, thank you. Clearly the ‘EnableMultipleFlatUserName’ setting is still not default for some reason.