Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA & DHCP
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA & DHCP - 28.Jan.2006 10:16:46 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
Hey folks, first time here checking this out and figured this would be the best place to get some help. Here's my issue - I'm beta testing a new network - planning on using 2 ISA Servers for NLB. I setup the first with NLB. One NIC Is setup for dynamic ip (WAN SIDE) and one setup static (LAN Side). I got Win2k3 Setup as PDC with DNS/DHCP. No issues. PDC was able to access internet, clients could at least pull an IP from that server correctly as expected. I load up ISA 2004, then couldn't get to the internet on the ISA box itself, as expected, I needed a rule, set that up, no issues connecting. However, now my LAN client can no longer pull an IP. Figuring it was a ISA config issue I setup a DHCP rule for allowing requests & replies via MS web site. Still no luck. I tried setting up a static IP via the client, it can't ping or communicate via ANY Means now to the ISA box. Is there something I haven't setup yet that I need to? I figured I'd have an issue getting rules setup right, but pulling an IP I figured would be easy. I've used Win2k and ISA 2000 and got it up and running in no time, the 2004 version however seems a much better, but for some reason am having this issue. If anyone has any ideas I'd love to hear them. I know have any servers/services being used on the ISA box compromises security to an extent, but I'm not worried about that at this point. Just beta testing and getting things working is my first priority. The only thing I can think of is that you can't use DHCP on the same box? Also - Right now its the config server and ISA on same machine. Server Info: Windows Server 2003 Standard/ISA 2004 Enterprise on an HP NetServer LH3000. Thanks for any help!
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 1:16:49 PM
|
|
|
samhar
Posts: 9
Joined: 22.Sep.2004
From: we
Status: offline
|
Hi
ISA Server 2004 On a DC and DNS AND DHCP is a disaster.
ISA Firewall stops everything from working but DHCP Specially will not work untill u set up the Firewall rule.
If u are using a Bastin Host template where ur isa server only has to leg External and LOCAL then Microsoft article would work fine make sure that u apply the rules after getting the rule added.
by allowing the DHCP protocol request and Replies u should be able to ping but not authinthicate as ISA is on DC and it is the ONLY DC.
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/isaondhcpserver.mspx
If u still can't get the DHCP running then u may be having another problem follwo the article step by step.
Thanks
Sam
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 1:36:07 PM
|
|
|
samhar
Posts: 9
Joined: 22.Sep.2004
From: we
Status: offline
|
Hi
Forgot
It happend after installing ISA 2004 DHCP MMC shows the server in unauthorize just double check after the rule is added
Thanks
Sam
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 6:37:21 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
Still didn't work. My ISA Server goes to the Inet, but my other clients wont connect even to the server. I even tried a static IP on a client, and it still wont even see the ISA Server at all.At first my ISA was 10.40.26.1 and my internal range was 10.40.26.0 > 10.40.26.255 , so i updated it for both enterprise networks and array networks to go from .10 to .255 so the ISA wasnt included. Still no luck. Theres not even any packets sent or received at all on the LAN NIC. Like it doesn't work, yet i just did prior to ISA. Are there service packs I need? The only one i found said for standard edition when i have enterprise. Any ideas?
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 7:19:35 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Let me see if I got this straight. You have a small network (<255 nodes) and you want to install ISA EE on a DC. Are you aware that EE comes with its own ADAM? How can ADAM coexist with a DC?
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 9:11:53 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
I don't even know what ADAM is...=( I'm a little confused.
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 10:02:14 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
So ADAM is basically its own Active directory. So I pretty much have a conflict going on here. Makes sense.
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 10:22:06 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
So my next question is, if i setup the client statically - with the gateway to be the ISA - should it work? Or is the whole ISA Server not going to work since regular active directory is installed with DNS/DHCP? Or do I have to start from scratch on the ISA Setup with a fresh O/S install and ISA install with no PDC setup?
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 11:32:06 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
ADAM and the LDAP Service of AD listen on different ports, so there's no conflict.
ADAM, for ISA 2004 EE listens on TCP 2172 while LDAP for AD listens on TCP 389 and the storage is maintained separately.
You really, really, should have ISA and the DC on separate boxes. MSFT's Small Business Server does it but there are a ton of rules you have to setup to reflect what the SBS team did to ISA - it's just best to separate them. You wouldn't do this in the real world and it's best to have your lab reflect how this will be configured once you go production.
|
|
|
|
|
RE: ISA & DHCP - 29.Jan.2006 11:40:32 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
I totally understand. I'm def going to use 2 seperate boxes for my ISA setup, and then use my 2 File servers as my DCs. This is probably a dumb question, but would a standard file server work with ISA? Actually, I'll forget that question and just use 2 seperate ISA boxes, then the 2 DCs and File servers or else Im asking for trouble. Thanks for all the help!
|
|
|
|
|
RE: ISA & DHCP - 30.Jan.2006 5:12:42 AM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Hmmm...
Showed up by not one, but two experts. If I were a paid consultant I would be cutting a refund check.
You know what they say about free advice... you get what you pay for.
_____________________________
The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.
|
|
|
|
|
RE: ISA & DHCP - 30.Jan.2006 5:51:01 AM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
How about 'showed up' by one dedicated, self-motivated expert, and one wall-bouncing big-mouth who only knows what he knows cuz he lucked out on a job interview?
There, that sounds about right, but I'd go softer on the 'showed up' part.
Just to be clear, Tom's the dedicated one. <ducks head>
< Message edited by ClintD -- 30.Jan.2006 5:52:09 AM >
|
|
|
|
|
RE: ISA & DHCP - 30.Jan.2006 8:42:16 AM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
Well, I reloaded OS, Joined my current domain, and then loaded ISA. Had my client set statically to communicate with the ISA Server. Didn't work. Was able to connect to the firewall share, load that, and even the firewall client says it can't find the isa server. Any Ideas why it still wont work?
|
|
|
|
|
RE: ISA & DHCP - 30.Jan.2006 2:36:06 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
What rules do you have enabled? Are there any Alerts under the Monitoring\Alerts tab? What error do you receive when you point IE to ISA as a proxy?
|
|
|
|
|
RE: ISA & DHCP - 30.Jan.2006 4:58:13 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
Ok, my rules are set for basic http/https access from internal to external. However, I didn find a few errors. Here they are...(All under firewall service)
Error 1:
Description: The IP address specified for communication between this ISA Server computer (10.40.26.1) and other array members is not bound to a network adapter installed on this computer. The IP address specified for intra-array communication must be bound to a network adapter installed on the computer.
Error 2:
Description: ISA Server detected routes through adapter WAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an array-level network element should match the address ranges routable through its network adapters as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network or configure Network Load Balancing. You may safely ignore this message if it does not reoccur.)
The following ranges are in the network's IP address range but are missing from the routing table: 10.0.0.0-10.40.25.255,10.40.27.0-10.255.255.255;.
|
|
|
|
|
RE: ISA & DHCP - 30.Jan.2006 4:59:39 PM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
Sorry for the extra post, but I just wanted to ass the LAN Nic is bound to that IP. I'm a little confused on that error message. It's set statically.
|
|
|
|
|
RE: ISA & DHCP - 31.Jan.2006 12:41:09 AM
|
|
|
cdegroat
Posts: 11
Joined: 28.Jan.2006
Status: offline
|
Ok wow, took me all day to realize that my latest post made no sense. I was basically trying to say the LAN nic is bound to the IP. Its statically set. I dont get what that means.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
