• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Clients dropping like flies

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Clients dropping like flies Page: [1]
Login
Message << Older Topic   Newer Topic >>
Clients dropping like flies - 19.Feb.2003 5:47:00 PM   
todd-beaulieu

 

Posts: 9
Joined: 19.Feb.2003
From: Boston
Status: offline
My problem is that the clients keep losing their connection to the Firewall. The icon appears in the tray, and they have no internet access. Rebooting sometimes fixes it, as does simply waiting. It comes and goes all over the network. Stations that were working, aren't now, and visa-versa. Sometimes they come up and can't find the Server, but after a wait suddenly find it.

I'm an ISA rookie, so it might be something stupid that I did, relating to something like DNS or DHCP on the network. This is not my primary line of work; I'm a developer.

It's a small network of about 15 - 20 workstations. They're a mix of 95, 98x, XP and 2000. It's a real basic setup: DSL comes into a small router (which I've been having LOTs of issues in this mix...should I eliminate it?). It then goes into the 2000 box with ISA. Out the second NIC goes the internal network to the hubs and then onto the stations. There are no routers internally; all clients are on the same subnet (192...).

I have DHCP enabled on the 2000 box for the internal network. All workstations are configured to obtain their settings automatically. The Server's IPs are hard-coded and excluded from the pool. DHCP is disabled on the router.

I tried having them put the IP into the firewall client and hit UPDATE, but they said it just comes back with the server name.

I'm about to disable the client and experiment with either "auto detect" in IE or hard-code the proxy information.

Any ideas? Thanks!
Post #: 1
RE: Clients dropping like flies - 19.Feb.2003 10:14:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Todd,

Are you publishing DNS servers?

What is the value of the Non-connected UDP mappings counter when this happens?

Thanks!
Tom

(in reply to todd-beaulieu)
Post #: 2
RE: Clients dropping like flies - 19.Feb.2003 11:50:00 PM   
todd-beaulieu

 

Posts: 9
Joined: 19.Feb.2003
From: Boston
Status: offline
Remember, this isn't my strength.

I'm not sure what you mean by "publishing DNS". Honestly, I can't even rememebr what we did for DNS during the install. I had someone helping me, and he seems to love implementing anything that is an option. Myself, I am a minimalist when it comes to those types of settings. When I don't understand something, I try to avoid it. I'm not aware of building any kind of list of machine names/IPs. We did a routing Table at one point, including just the internal IPs. Is there something that I should look for, when it comes to DNS? We're using the DNS servers that the ISP gave us for the outside world, but haven't done much inside, that I'm aware of. Should we? I suspected DNS at one point, and called to have the customer enter the IP into the ISA Server cfg for the firewall client. They told me that it seemed to take it, but that it immediately reverted back to the name.

Now, I know even LESS, if you thought that possible, about the second question. I have no clue what the "value of the Non-connected UDP mappings counter" is. Is this on the client or the server? What am I looking for?

One thing that we did with this round of changes was to remove NetBios from the network profiles on the clients. My helper made me do it, swearing up and down that it was unnecessary and a security risk.

I'm also trying to get a VPN going, and having a heck of hard time with it. I'll save that for another thread.

Thanks for the help!

(in reply to todd-beaulieu)
Post #: 3
RE: Clients dropping like flies - 20.Feb.2003 5:10:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Todd,

OK, I understand the situation a bit better. What I really need to do is start a service for people who need a step by step setup guide, based on what they want and what their current setup is. Oh yea, I do! That's what it says in my sig line [Smile]

It seems like your problem is a DNS related problem, but it could also be a multifactorial problem. Its probably something a pair of expert eyes could fix pretty quickly, but troubleshooting it online could be complex.

The first step is to determine if the clients are resolving the name of the ISA Server correctly, and the easiest way to do that is to use network monitor on the clients.

HTH,
Tom

(in reply to todd-beaulieu)
Post #: 4
RE: Clients dropping like flies - 24.Feb.2003 4:56:00 PM   
todd-beaulieu

 

Posts: 9
Joined: 19.Feb.2003
From: Boston
Status: offline
Well, I believe (and hope!) that I found the cause of the clients intermittently losing connection with/not connecting to the ISA Server.

I believe it was licensing on the SBS.

I guess I don't understand how the connections concept works. How can 20 workstations cause 150 connections (peak)?

I hope I'm not expected to buy an additional 100 licenses when not a single new workstation has been installed!

(in reply to todd-beaulieu)
Post #: 5
RE: Clients dropping like flies - 24.Feb.2003 6:48:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Todd,

What kind of connecitons are these? IIRC, the SBS liscense limits the number of SMB/CIFS connections, not the number of VPN connectons (although I could be wrong about that) [Big Grin]

Thanks!
Tom

(in reply to todd-beaulieu)
Post #: 6
RE: Clients dropping like flies - 24.Feb.2003 7:26:00 PM   
todd-beaulieu

 

Posts: 9
Joined: 19.Feb.2003
From: Boston
Status: offline
These connections are internal clients. We have no VPN functioning as of yet.

I noticed the popup on the server, complaining about running out of licenses. I looked through the reports generated by ISA and noticed the number of connections was insanely high (compared to what I was expecting). I'm trying to understand how that works. These are all 9x/2k clients just doing normal web/email access via the FW client and proxy client. They're also authenticated into the domain via that same server.

Does each client make and maintain multiple connections? I can't be one for each resource in a web page, or something, right? Since it only happened during work hours, I wasn't expecting it. We tested all weekend long, but it never occurred to us that when the users were all simultaneoulsy accessing the net, this would happen.

(in reply to todd-beaulieu)
Post #: 7
RE: Clients dropping like flies - 24.Feb.2003 8:28:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Todd,

A connection attempt is made for each HTTP object. If you have access control enabled, the client will need to authenticate to access each object, becuase the ISA Server needs to determine whether that client is allowed to access each specific object.

HTH,
Tom

(in reply to todd-beaulieu)
Post #: 8
RE: Clients dropping like flies - 24.Feb.2003 8:40:00 PM   
todd-beaulieu

 

Posts: 9
Joined: 19.Feb.2003
From: Boston
Status: offline
Oh wow! I wouldn'ta guessed that up front.

I wonder why the client doesn't use a system wherein its "main" connection is used for this? In other words, a client accessing LAN resources must surely not make additional conncetions to the server each time, right?

Does this mean that I am, indeed to purchase additional licenses on that Server, just because of the firewall? Yikes!

Or, should I disable Access Control? I need to look that up again, to see what the deal is with it.

How do large companies, with thousands of employees handle this?

(in reply to todd-beaulieu)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Clients dropping like flies Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts