SBS 2003 SP1 with ISA 2004 SP2. I created a rule to block "forbidden sites" using the Domain Name Sets as the destination to block. The rule works great but it breaks DHCP. Restarting the DHCP service does not help. It shows as started, however, no IPs are assigned. Any thoughts?
Did you create a specific Domain Name set for the forbidden sites and only apply the blocking rule to the name set? If you applied the deny rule to all that is listed in your Domain Name set; then that could be the reason why. Rule order is another. Where did you place the rule (order) in your Firewall policy? Any explicit deny blocking rules need to be placed below any server specific allow rules and above any non-specific Internet allow access rules.
Seen this here as well, replicated on several servers, found it can be even more bizarre than your scenario, and eventually figured out a simple fix. The more bizarre bit is that an *allow* rule fires off the same behaviour! The fix is to move your URL blocking rule down a bit. Anywhere below the ďSBS Protected Networks Access Rule" will work as logic would dictate. TOM S, if you read this, can you check that someone in Redmond is onto this? Itís replicateable, and has gotta be a bug. I suspect itís causing stress all over.. If you want screen shots or access to a server with this problem, zap me an email. Mal Osborne