Hello, I have an ISA 2006 server, on which I have created an access rule to all all users access to internet (local host + internal TO external). However, there are three site that do not open, among which is Microsoft site. One of the sites generate this error:
Error Code 11001: Host not found Background: This error indicates that the gateway could not find the IP address of the website you are trying to access. This is usually due to a DNS-related error. Date: 9/26/2010 1:31:41 PM [GMT] Server: ISASRV Source: DNS error
However, nslookup can find the IP of the site and the site opens if I connect a system bypassing ISA. I have also repeatedly flushed the DNS, disabled the cache and deleted old files in IE.
Further details: I have ran the realtime logging service of ISA server for like 30 seconds. The log captured some 1500 entries. The most sound details of which are: 1 - ISA server (external IP) sent requests to port 445 to a multitude of external IP's (1200 request.) 2 - Almost all currently started systems kept targeting the IP 192.168.100.255 for ports 137 and 138 (200 requests.) 3 - Lots of system sent mostly UDP, and a few TCP, requests to external systems on high ports (100 requests.)
From: Taylorville, IL
None of the log entries are rellevant.
If it is a DNS error then you have to look at how you handle DNS. ISA/TMG should use only the internal AD/DNS and that AD/DNS should be able to free make outbound DNS queries. There should not be any Host Files entries on the ISA/TMG beyond the default Local hosts 127.0.0.1 entry. Only the Internal Nic should have a DNS entry,...all others left blank.
Also consider anything you may have setup that would cause the Domain "microsoft.com" to be lookup up by a different means than everything else (conditional forwarders, hosts files, etc).
Hello, I had to further investigate the problem. It is not just Microsoft.com that does not open. All security software sites do not open; symantec, mcafee, kaspersky, panda, etc, all of them return thr same error, error 11001. I am aware that the IP on external NIC of ISA server is blacklisted, so I changed it to a non-blacklisted IP, to no avail. Hosts file only has that default single entry. I even tried to add one of those problematic sites to the Hosts file, again, to no avail. For me, it has nothing to do with name resolving, simply because name resolving actually happens somewhere else; when my DNS server talks to the NS that has a problematic site record. This happens before the server hosting the URL in question is even contacted. So, name resolving, as I see it, is clear! I am starting to think that it might be a malecious code somewhere on ISA server blocking those sites. If that is the case, then it has to be strong enough because it is not only happening in ISA but in all systems that reply on it. Where else to dig.
From: Taylorville, IL
I had to further investigate the problem. It is not just Microsoft.com that does not open. All security software sites do not open; symantec, mcafee, kaspersky, panda, etc, all of them return thr same error, error 11001.
That is going to be an infection. It is just obvious to me. That's why it is specifically security related sites that don't work. It is by design,..on purpose,...meaning the design and purpose of what you are infectged with. The trick is to find where the infection is,...the client,...ISA,...the DNS Server,...one of them is infected.
They try to keep you from getting to any of those sites in order to hinder you from removing them.