Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Automatically detect ISA server for FWC 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Automatically detect ISA server for FWC 2004 - 1.Sep.2005 9:21:00 PM
|
|
|
sodium
Posts: 9
Joined: 14.Aug.2005
Status: offline
|
Hi Dr Shinder
I am using SBS 2003 SP1 Premium (with ISA 2004)and deploying firewall client 2004 to client computers in the network.
I followed steps described in your book to publish automatic discovery information on port 80(since I chose to use DNS WPAD) in ISA management console.
I traced the detection process and found that wspad.dat entry is not available on http://wpad.xxxx.local:80/wspad.dat.
However, I was able to detect the ISA Server manual by entering my ISA firewall hostname.
Please help. Many Thanks in advance.
C:\fwctool testautodetect
FwcTool version 4.0.3439
Firewall Client for ISA Server 2004 support tool
Copyright (c) Microsoft Corporation. All rights reserved.
Action: Test the auto detection mechanism
Type: Default
Detection details:
Timeout is set to 60 seconds
Locating WSPAD URL in DHCP Server
Locating option 252 in DHCP
Reading network adapters information
DHCP option for WPAD not found
WSPAD URL was not found in DHCP Server
Locating WSPAD URL in DNS Server
Locating domain name in registry
Opening registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
Querying registry value:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
Domain name found:
xxxx.local
Resolving address:
wpad.xxxx.local.
Domain name found:
wpad.xxxx.local.
WSPAD URL found in DNS Server:
http://wpad.xxxx.local/wspad.dat
Initializing Web server connection
Resolving IP addresses for wpad.xxxx.local
Resolved 1 address(es):
192.168.16.168
Connecting to address #1: 192.168.16.168:80
Waiting for address #1 to connect
Address #1 successfully connected
Requesting wspad.dat file
Received HTTP error 404
Requested file could not be found on this server
No more address
Failed to detect ISA Server
Result: The command failed and was not completed.
[ September 01, 2005, 09:32 PM: Message edited by: sodium ]
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 2.Sep.2005 6:46:00 AM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sodium,
Go to www.isatools.org and check out Jim Harrison's script on this issue. It should fix your problem.
HTH,
Tom
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 1:00:00 AM
|
|
|
sodium
Posts: 9
Joined: 14.Aug.2005
Status: offline
|
Hi Dr Tshinder
Is it TestAutoConfig.vbs from www.isatools.org you are refering to ?
Regards
Alex
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 2:25:00 AM
|
|
|
MRIS
Posts: 58
Joined: 4.Aug.2005
Status: offline
|
alternatively you can just use the DHCP method of enabling auto-detection of the firewall.
in scope options:
option name: 252 WPAD
option value: http://server:8080/wpad.dat
by the way, the only thing that's listening on port 8080 is the ISA2004 proxy service.
[ September 05, 2005, 02:26 AM: Message edited by: MRIS ]
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 8:53:00 AM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi MRIS,
Good point. You can change the autodiscovery listener port to be anything you want that's not being used by something else and DHCP will work with it just fine.
Thanks!
Tom
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 10:33:00 AM
|
|
|
sodium
Posts: 9
Joined: 14.Aug.2005
Status: offline
|
Thanks all
I have yet to try the DHCP method, however, I would like to ask another question on the wpad.dat/wspad.dat.
All these files auto-created by ISA ?
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 8.Sep.2005 9:57:00 PM
|
|
|
ababinchak
Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline
|
Guys, because IIS is co-located with ISA the DHCP way of distributing WPAD and Tom's other article do not work on SBS. Jim Harrison's download includes instructions on how to get WPAD to work on SBS.
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 9.Sep.2005 9:04:00 AM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Amy,
Thanks! When the thread started, I didn't even think about the IIS installing interfering with autodiscovery.
Thanks!
Tom
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 9.Sep.2005 7:05:00 PM
|
|
|
jed@midwaypoint.com
Posts: 13
Joined: 7.Sep.2005
Status: offline
|
AmyB, you mentioned that Jim Harrison's download includes instructions on how to get WPAD to work on SBS. I looked on isatools.org and all i could find was http://www.isatools.org/testautoconfig.vbs but this doesn't seem to do anything.
To which downloading were you talking about so i can give it a rad and trty and get this auto discover working on SBS?
Thanks
Jed
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 10.Sep.2005 3:50:00 AM
|
|
|
sodium
Posts: 9
Joined: 14.Aug.2005
Status: offline
|
I have resolved the problem by using DHCP.
I guess SBS is using port 80 for the Windows Small Business Server 2003 Welcome Page.
Using auto-discovery(port 80) on ISA 2004 console will not work.
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 10.Sep.2005 6:06:00 PM
|
|
|
jed@midwaypoint.com
Posts: 13
Joined: 7.Sep.2005
Status: offline
|
I don't want to use DHCP because i don't want users on my domain to have local admin rights.
From all the forum i've read it is something to do with SBS and apparently there is a fix out there for it so i can use the DNS option, does anyone know how to get this working?
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 1:19:00 PM
|
|
|
ababinchak
Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline
|
The link for the SBS wpad download is on my blog at isainsbs.blogspot.com. The wpad is currently hosted on Jim Harrison's website though not in the official listings. I spoke to Jim this week and he had some great news. The SBS wpad files will be available on the ISA downloads page at Microsoft's website in the near future. They're just neatening it up now.
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 5:50:00 PM
|
|
|
jed@midwaypoint.com
Posts: 13
Joined: 7.Sep.2005
Status: offline
|
Amy i read your post Wednesday, July 20, 2005
Getting the Firewall Client to Automatically Detect ISA.
There is a link to sbs_wpad.zip (http://isatools.org/sbs_wpad.zip)
But it does not work.
How do i get this file.
Thanks
Jed
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 7:20:00 PM
|
|
|
MRIS
Posts: 58
Joined: 4.Aug.2005
Status: offline
|
quote:
Originally posted by JedAtMidway:
I don't want to use DHCP because i don't want users on my domain to have local admin rights.
? what you say here is untrue. There is no need for users to have admin rights so that their PC's firewall client can automatically be configured via DHCP.
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 11:41:00 PM
|
|
|
jed@midwaypoint.com
Posts: 13
Joined: 7.Sep.2005
Status: offline
|
MRIS thanks for you reply, in short yes your right.
The reason i thought that users had to be a member of the local administrator group for DHCP autp discovery to work was that i have been reading Tom Shinder's Configuring ISA Server 2004 and in Chapter 5 ISA 2004 Client Types and Automating Client Provisioning is specifly says for DHCP Support that user must be logged on as local administrator. But is this Microsoft artical
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/automaticdiscovery.mspx
is says that this is only the case for Windows 2000 or Firewall Client 2000. So if you are running Windows XP this statement is NOT TRUE.
So for people running SBS 2003 SP1 using DNS to publish automatic discovery information is not an option because of IIS/Exchange using port 80 so you need to use the DHCP to publish automatic discovery information on a different port eg port 6666 as discribed in the above Microsft artical.
Note I did NOT have to apply the registy string SkipAuthenticationForRoutingInformation as describe in this artical to get automatically detect ISA server working.
http://support.microsoft.com/default.aspx?scid=kb;en-us;885683
Hope all this info at least helps someone.
Thanks
Jed
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 13.Sep.2005 6:14:00 AM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jed,
Actually, its only true if you're running SP2 on the WinXP clients. That information wasn't available when the book was published.
Thanks!
Tom
|
|
|
|
|
RE: Automatically detect ISA server for FWC 2004 - 13.Sep.2005 1:02:00 PM
|
|
|
ababinchak
Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline
|
http://isatools.org/sbs_wpad_2.zip
The URL changed. Jim made a few refinements. It'll be moving to the Microsoft ISA downloads site soon. So check there for the final version in the next couple of months.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
