Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Internet Access still stopping ...

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Internet Access still stopping ... Page: [1] 2 3 4 5   next >   >>
Login
Message << Older Topic   Newer Topic >>
Internet Access still stopping ... - 15.Mar.2002 4:40:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		Tom, Our internet access still keeps stopping. I then have to disable the external adapter then reinable it then bounce the firewall service for net access to start again. Do you have any other ideas ? admin@globalcardio.com
Post #: 1
RE: Internet Access still stopping ... - 15.Mar.2002 5:13:00 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Marc,

That is definitley not normal! What kind of interfaces are you using?

What type of adapters are you using?

What errors do you see in the Event Logs?

Have you disabled QoS on the adapters? (disable, don't remove!)

Are you publishing any services?

Are you using the SMTP filter?

Are you using the DNS or POP3 filters?

Thanks!

Tom

(in reply to msgelinas)
Post #: 2
RE: Internet Access still stopping ... - 15.Mar.2002 8:36:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline
quote:
Originally posted by tshinder:
Hi Marc,

That is definitley not normal! What kind of interfaces are you using?

What type of adapters are you using?

What errors do you see in the Event Logs?

Have you disabled QoS on the adapters? (disable, don't remove!)

Are you publishing any services?

Are you using the SMTP filter?

Are you using the DNS or POP3 filters?

Thanks!

Tom
Tom, my config is as follows,

One ISA box

Two nics, one internal (D-Link DFE-500TX PCI Fast Ethernet Adapter (Rev B/C)) (Private IP), one external (Realtek RTL8139(A) PCI Fast Ethernet Adapter)(Public IP)

Internal is first in binding order, using internal DNS server that has forwarders set to ISPs DNS, Netbios Enabled, NO Gateway, NO Qos

External is second in binding order, using no DNS, Netbios Disabled, ISP IP for Gateway, NO Qos

Incoming Listener configured with External IP and integrated authentication

Outgoing Listener configured with Internal IP only and no authentication method is selected

Packet Filtering, Intrusion Detection & IP forwarding are Enabled

One Exchange 2000 box on the Lan

Publishing OWA with Web publishing rule that redirects to the Ex2k box.

Server Publishing Rules for SMTP & POP3

One Protocol Rule for each Protocol I am allowing
Including POP3, SMTP, HTTP, HTTPS, DNS and RDP (Terminal Services)

One Packet Filter for each Protocol I allow to filter for inbound or outbound.
Including POP3, SMTP, HTTP, HTTPS, DNS, TS & ICMP Outbound.

LAT is configured with 192.168.0.0 to 192.168.255.255

Local domain table is configured with *.Domain.com

All clients have the Firewall client installed.

-Marc

[ March 15, 2002, 08:39 PM: Message edited by: msgelinas ]

(in reply to msgelinas)
Post #: 3
RE: Internet Access still stopping ... - 15.Mar.2002 10:38:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		Hi Tom, Ok I replaced both Network adapters with $100 CAN 3COM cards and rebuilt the entire ISA Firewall over lunch. All is up and running fine so far ...

-Marc

(in reply to msgelinas)
Post #: 4
RE: Internet Access still stopping ... - 17.Mar.2002 3:40:00 AM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		The darn internet traffic still keep stopping. Once again I stop the external adapter then start it again and bounce the Firewall service and all is fine for a while.

(in reply to msgelinas)
Post #: 5
RE: Internet Access still stopping ... - 17.Mar.2002 7:31:00 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Marc,

Sounds like you have things set up right. Only other thing I can think of is that maybe you have power management enabled on the interfaces?

HTH,
Tom

(in reply to msgelinas)
Post #: 6
RE: Internet Access still stopping ... - 17.Mar.2002 9:15:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		Nope I have checked that one. Was bitten by that before. I know this is so weird. My other two boxs have no one surfing from the inside and they are fine. The one location that has people surfing on the inside just stops. I am starting to think that maybe it is DNS although I am confident that it is set up right.

-Marc

(in reply to msgelinas)
Post #: 7
RE: Internet Access still stopping ... - 17.Mar.2002 9:24:00 PM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Marc,

I probably don't need to ask, but you're using SP1, right?

However about trying DNS without using the Forwarder? Just let the DNS server resolve queries itself. If you do this, make sure that the DNS Server has access to both the DNS query and DNS zone trasnfer protocols. Also, if you're publishing the DNS server, make sure you publish both DNS query and DNS zone transfer protocols.

The Event Logs say nothing? How about the packet filter logs? Any strange or suspicious?

Are you using the H.323 Gatekeeper?

Thanks!

Tom

(in reply to msgelinas)
Post #: 8
RE: Internet Access still stopping ... - 18.Mar.2002 4:44:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline
quote:
Originally posted by tshinder:
Hi Marc,

I probably don't need to ask, but you're using SP1, right?

However about trying DNS without using the Forwarder? Just let the DNS server resolve queries itself. If you do this, make sure that the DNS Server has access to both the DNS query and DNS zone trasnfer protocols. Also, if you're publishing the DNS server, make sure you publish both DNS query and DNS zone transfer protocols.

The Event Logs say nothing? How about the packet filter logs? Any strange or suspicious?

Are you using the H.323 Gatekeeper?

Thanks!

Tom
Tom, SP1 is a big affirmative ! I am using the forwarders and not publishing DNS at all and do not want to. The only publishing I am doing is for mail. There has been nothing strange or suspicious ... And no to the gatekeeper I did not think it was needed. [Big Grin]

Cheers

(in reply to msgelinas)
Post #: 9
RE: Internet Access still stopping ... - 18.Mar.2002 10:12:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		Tom, I am now seeing some event log messages that have the following in them;

The ISA Server services cannot create a packet filter 209.202.130.166. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.

However not consistantly ...

(in reply to msgelinas)
Post #: 10
RE: Internet Access still stopping ... - 18.Mar.2002 10:29:00 PM   
marcus2v

 

Posts: 78
Joined: 28.Oct.2001
From: Reading, UK
Status: offline 		Marc,

209.xxx.xxx.xxx is a public IP address which should definately not be in the LAT?! I would check your LAT and make sure it only has internal IP addresses in.

Marcus

(in reply to msgelinas)
Post #: 11
RE: Internet Access still stopping ... - 18.Mar.2002 11:18:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		I configured my LAT with the private range of 192.168.0.0 to 192.168.255.255 ? So how can that entry get into the LAT ?

(in reply to msgelinas)
Post #: 12
RE: Internet Access still stopping ... - 20.Mar.2002 6:37:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Marc,

Is that the IP address of your external interface?

Thanks!

Tom

(in reply to msgelinas)
Post #: 13
RE: Internet Access still stopping ... - 21.Mar.2002 8:55:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline
quote:
Originally posted by tshinder:
Hi Marc,

Is that the IP address of your external interface?

Thanks!

Tom
If you mean the 209.XXX.XXX.XXX or the private range of 192.168.0.0 to 192.168.255.255 no. My external IP is 216.XXX.XXX.XXX assigned by my ISP (Well actually I have 5 static to choose from) [Big Grin]

[ March 21, 2002, 10:30 PM: Message edited by: msgelinas ]

(in reply to msgelinas)
Post #: 14
RE: Internet Access still stopping ... - 22.Mar.2002 9:18:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Marc,

Then who is 209.202.130.166?

Thanks!

Tom

(in reply to msgelinas)
Post #: 15
RE: Internet Access still stopping ... - 22.Mar.2002 4:17:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline 		It was just an IP that was in the event log after I had bounced the services to get ISA going again. I have this sneaking suspicion now that the issue I am having with Internet access just stopping is a DNS problem. I cant seem to put my finger on it. I am the only one in the officeat the momment and the Internet was working fine until I started to surf to msnbc.com. I hit a few links then access just stopped. I disable and re-enable the external nic and then restart the firewall service and back the internet is. Thing of note is when Internet access stops I do an nslookup and no DNS is able to be resolved until after I restart the Firewall service.

(in reply to msgelinas)
Post #: 16
RE: Internet Access still stopping ... - 22.Mar.2002 7:27:00 PM   
Peter Amato

 

Posts: 5
Joined: 18.Aug.2001
From: Miami, Fl, USA
Status: offline 		I had a similar issue, except mine was inbound connections that dropped. I was using the original SP1 with no problems in an array configuration. I had about 9 IP addresses bound on my external interfaces and server publishing rules for the websites. I would generally run about 500 to 1000 simultaneous users per web site. It doesnĘt seem to stress the servers cpu or memory much. Within a couple of hours of applying the final release of SP1 (what I refer to as SP1a [Wink] ), that is when everything went south. Suddenly 1 IP would stop listening, then another. I figured out if I disabled and enabled the rule for the IP, it would come back or I could restart services or I disable and enable the nic. All would work! Sometimes it would work for less than a + hour, sometimes several hours, but eventually it was going to fail again. I re-installed Win2kAS and ISA on both of my boxes, reconfigured everything as before, except I only applied the original SP1. Every thing works great again and I have not touched the servers for almost 2 weeks. No message screening for me I guess until SP2. Go figure.

(in reply to msgelinas)
Post #: 17
RE: Internet Access still stopping ... - 22.Mar.2002 7:33:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline
quote:
Originally posted by Peter Amato:
I had a similar issue, except mine was inbound connections that dropped. I was using the original SP1 with no problems in an array configuration. I had about 9 IP addresses bound on my external interfaces and server publishing rules for the websites. I would generally run about 500 to 1000 simultaneous users per web site. It doesnĘt seem to stress the servers cpu or memory much. Within a couple of hours of applying the final release of SP1 (what I refer to as SP1a [Wink] ), that is when everything went south. Suddenly 1 IP would stop listening, then another. I figured out if I disabled and enabled the rule for the IP, it would come back or I could restart services or I disable and enable the nic. All would work! Sometimes it would work for less than a + hour, sometimes several hours, but eventually it was going to fail again. I re-installed Win2kAS and ISA on both of my boxes, reconfigured everything as before, except I only applied the original SP1. Every thing works great again and I have not touched the servers for almost 2 weeks. No message screening for me I guess until SP2. Go figure.
Man I have reloaded the box twice already. I have tried both SPs and still it fails. I have three ISA boxs in three different locations. Two work great but have no users surfing from the inside. The one ISA box that has my corp lan on the inside craps out. Sometimes in five minutes sometimes hours apart. Some others must be seeing the same problem ? I am going nutty tryin to figure this out. [Confused]

[ March 22, 2002, 07:36 PM: Message edited by: msgelinas ]

(in reply to msgelinas)
Post #: 18
RE: Internet Access still stopping ... - 24.Mar.2002 1:42:00 AM   
AxleMunshine

 

Posts: 63
Joined: 13.Jul.2001
Status: offline 		Anyone tried the "Wspsrv.exe" fix?
I have the same damn problem where some published servers fail. [Mad]
It can be web sites on the ISA Server itself, it can be sites behind the firewall, it can be other services inside the firewall, anything can fail! [Mad]

There is an article at:
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q307784&

It talks about such problems. I have an intuition that it wasn't solve in SP1. It even got worse for me. I still have the problem and more often that before SP1. [Mad]

I did not try the above patch however.

Anyone tried it?

Any problems with it?

If someone had success solving such problems with this fix, I'll go ahead. Otherwise, if we can't solve such problems, which seems to affect a lot of people, I can only say that ISA is a piece of crap... If I do not find a solution in the next 2 weeks, I'll buy another firewall that is proven.

BTW, I am using SBS2000.

(in reply to msgelinas)
Post #: 19
RE: Internet Access still stopping ... - 24.Mar.2002 2:19:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Axle,

Actually, that problem has been fixed in SP1, so something else must be going on.

HTH,

Tom

quote:
Originally posted by AxleMunshine:
Anyone tried the "Wspsrv.exe" fix?
I have the same damn problem where some published servers fail. [Mad]
It can be web sites on the ISA Server itself, it can be sites behind the firewall, it can be other services inside the firewall, anything can fail! [Mad]

There is an article at:
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q307784&

It talks about such problems. I have an intuition that it wasn't solve in SP1. It even got worse for me. I still have the problem and more often that before SP1. [Mad]

I did not try the above patch however.

Anyone tried it?

Any problems with it?

If someone had success solving such problems with this fix, I'll go ahead. Otherwise, if we can't solve such problems, which seems to affect a lot of people, I can only say that ISA is a piece of crap... If I do not find a solution in the next 2 weeks, I'll buy another firewall that is proven.

BTW, I am using SBS2000.

(in reply to msgelinas)
Post #: 20

Page:   [1] 2 3 4 5   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Internet Access still stopping ... Page: [1] 2 3 4 5   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts