• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Certain site not opening

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Certain site not opening Page: [1]
Login
Message << Older Topic   Newer Topic >>
Certain site not opening - 26.Sep.2010 2:18:17 PM   
yba02

 

Posts: 128
Joined: 7.Sep.2006
Status: offline
Hello,
I have an ISA 2006 server, on which I have created an access rule to all all users access to internet (local host + internal TO external).  However, there are three site that do not open, among which is Microsoft site.  One of the sites generate this error:

Error Code 11001: Host not found
Background: This error indicates that the gateway could not find the IP address of the website you are trying to access. This is usually due to a DNS-related error.
Date: 9/26/2010 1:31:41 PM [GMT]
Server: ISASRV
Source: DNS error

However, nslookup can find the IP of the site and the site opens if I connect a system bypassing ISA.  I have also repeatedly flushed the DNS, disabled the cache and deleted old files in IE.

Any suggestions?

Regards
Yba
Post #: 1
RE: Certain site not opening - 27.Sep.2010 5:03:20 PM   
yba02

 

Posts: 128
Joined: 7.Sep.2006
Status: offline
Further details:
I have ran the realtime logging service of ISA server for like 30 seconds.  The log captured some 1500 entries. The most sound details of which are:
1 - ISA server (external IP) sent requests to port 445 to a multitude of external IP's (1200 request.)
2 - Almost all currently started systems kept targeting the IP 192.168.100.255 for ports 137 and 138 (200 requests.)
3 - Lots of system sent mostly UDP, and a few TCP, requests to external systems on high ports (100 requests.)

What do these readings indicates?

Regards
Yba

(in reply to yba02)
Post #: 2
RE: Certain site not opening - 29.Sep.2010 9:29:34 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
None of the log entries are rellevant.

If it is a DNS error then you have to look at how you handle DNS.  ISA/TMG should use only the internal AD/DNS and that AD/DNS should be able to free make outbound DNS queries.  There should not be any Host Files entries on the ISA/TMG beyond the default Local hosts 127.0.0.1 entry.  Only the Internal Nic should have a DNS entry,...all others left blank.

Also consider anything you may have setup that would cause the Domain "microsoft.com" to be lookup up by a different means than everything else (conditional forwarders, hosts files, etc).

_____________________________

Phillip Windell

(in reply to yba02)
Post #: 3
RE: Certain site not opening - 5.Oct.2010 3:17:30 PM   
yba02

 

Posts: 128
Joined: 7.Sep.2006
Status: offline
Hello,
I had to further investigate the problem.  It is not just Microsoft.com that does not open.  All security software sites do not open; symantec, mcafee, kaspersky, panda, etc, all of them return thr same error, error 11001.
I am aware that the IP on external NIC of ISA server is blacklisted, so I changed it to a non-blacklisted IP, to no avail. Hosts file only has that default single entry.  I even tried to add one of those problematic sites to the Hosts file, again, to no avail.
For me, it has nothing to do with name resolving, simply because name resolving actually happens somewhere else; when my DNS server talks to the NS that has a problematic site record.  This happens before the server hosting the URL in question is even contacted. So, name resolving, as I see it, is clear!
I am starting to think that it might be a malecious code somewhere on ISA server blocking those sites.  If that is the case, then it has to be strong enough because it is not only happening in ISA but in all systems that reply on it.
Where else to dig.

Regards
Yba

(in reply to pwindell)
Post #: 4
RE: Certain site not opening - 5.Oct.2010 4:34:19 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I had to further investigate the problem.  It is not just Microsoft.com that does not open.  All security software sites do not open; symantec, mcafee, kaspersky, panda, etc, all of them return thr same error, error 11001.

That is going to be an infection.  It is just obvious to me.  That's why it is specifically security related sites that don't work.  It is by design,..on purpose,...meaning the design and purpose of what you are infectged with.  The trick is to find where the infection is,...the client,...ISA,...the DNS Server,...one of them is infected.

They try to keep you from getting to any of those sites in order to hinder you from removing them.

_____________________________

Phillip Windell

(in reply to yba02)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Certain site not opening Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts