• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Isa 2004 Web Acess Slow

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Isa 2004 Web Acess Slow Page: [1]
Login
Message << Older Topic   Newer Topic >>
Isa 2004 Web Acess Slow - 5.Apr.2006 10:07:56 PM   
psicorat

 

Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
Dear Friends, I have Isa 2004 Ent. installed in my Domain Controlles, I have DNS and DHCP installed in this server.

I use Isa to allow my clients to conect the internet.

I have two lan.

1º - Is my internal lan( IP 192.168.0.1 - 255.255.255.0 - gateway 0.0.0.0 Dns - 192.168.0.1)

2º - Is my external lan

When Users access the internet after I install ISA 2004 SP2 the web access is slowest. When i open a page the browser need about 2 or 3 seconds to start opening the page, When the browser start loading the page is faster, but I think that to resolve the name of the server and start making the donwload of the page I have some problems.

What i can do to check if there is a problem with my configuration ?

I use the best analyser tool for isa and they said to me that cannot conect to the Primary DNS SERVER ( the local and the external) but if I use nslookup i can resolve the name of the servers.

What I can make to correct the problem ?

Best Regards

Cristiano Parisotto
Post #: 1
RE: Isa 2004 Web Acess Slow - 6.Apr.2006 3:03:21 AM   
Sunny.C

 

Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
"I have Isa 2004 Ent. installed in my Domain Controlles" Did you install isa on a DC????
Have you allowed your internal dns access out to external???

(in reply to psicorat)
Post #: 2
RE: Isa 2004 Web Acess Slow - 6.Apr.2006 1:11:44 PM   
psicorat

 

Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
Dear Sunny,

thanks for the answer I don't creat a rule to allow my server Dns to connect to a external DNS, But Isa have a rule that allow DNS from Local Host to Network Objets, i think that this rule make this.

I have enable MTUDiscovery.

What I can make ?

Best Regards

Cristiano Parisotto

(in reply to Sunny.C)
Post #: 3
RE: Isa 2004 Web Acess Slow - 6.Apr.2006 1:15:03 PM   
psicorat

 

Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
Dear Friends,

When I was using the SP1 for the Isa I don't have this problem, but When I install the SP2 the problem start.

Best Regards

Cristiano Parisotto

(in reply to psicorat)
Post #: 4
RE: Isa 2004 Web Acess Slow - 6.Apr.2006 1:45:18 PM   
psicorat

 

Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
I check My DNS, and in the event viewer I have the following message:

The DNS server encountered a packet addressed to itself on IP address 192.168.0.1. The packet is for the DNS name "guru.grisoft.com.". The packet will be discarded. This condition usually indicates a configuration error.

Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.
5) Root hints.

Example of self-delegation:
-> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.
-> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com,
(bar.example.microsoft.com NS dns1.example.microsoft.com)
-> BUT the bar.example.microsoft.com zone is NOT on this server.

Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result.  If found, the subzone DNS server admin should remove the offending NS record.

You can use the DNS server debug logging facility to track down the cause of this problem.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I think that is because this that my connection is very slow, because my DNS in the DC aren't connecting to another to resolve the name and this causes the delays.

How I can resolve the problem ?

Best Regards

Cristiano Parisotto

(in reply to psicorat)
Post #: 5
RE: Isa 2004 Web Acess Slow - 7.Apr.2006 1:09:03 AM   
Sunny.C

 

Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
I think you dns is having trouble resolving external addresses. Configure a rule Internal DNS to external and see if that helps you. Make sure to have a strong forwarder in your dns, perhaps your isp's dns.

(in reply to psicorat)
Post #: 6
RE: Isa 2004 Web Acess Slow - 7.Apr.2006 1:33:16 PM   
psicorat

 

Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
I check My DNS, and in the event viewer I have the following message:

The DNS server encountered a packet addressed to itself on IP address 192.168.0.1. The packet is for the DNS name "guru.grisoft.com.". The packet will be discarded. This condition usually indicates a configuration error.

Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.
5) Root hints.

I look the forwarders list and my local ip was on the list, so is because this that is very slow, because that it try to resolve the DNS first in my internal Server and not in the server of my ISP, is because this that I have the delay

Best Regards

Cristiano Parisotto

(in reply to Sunny.C)
Post #: 7
RE: Isa 2004 Web Acess Slow - 8.Apr.2006 10:12:11 AM   
Sunny.C

 

Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
Yes, that is why you must configure server properly first before isa is installed
Glad the problem was solved.

(in reply to psicorat)
Post #: 8
RE: Isa 2004 Web Acess Slow - 29.May2010 7:07:24 PM   
John Fleming

 

Posts: 2
Joined: 20.Apr.2010
Status: offline
Possible Cause: It appears that ISA Server 2004 Update KB960995 changes the "connection limit per client" from 160 to 40. When a client opens a webpage that has many ads, it can exceed the connection limit and the client is cut-off until some of the connections close. This can be verified using ISA Server Performance Monitor and watching the Active TCP Connection line. When it goes beyond 40 the client will experieince "slow" (actually limited connection) Internet access.

Solution: Check the "Connection limit per client" setting (steps below).

Steps:
1. Open ISA Server Management.

2. Left Pane: Microsoft Internet Security and Acceleration Server 2004 >
[Name of Server] >
Configuration
General

Center Pane: Under “Additional Security Policy”, Define Connection Limits

3. Change “Connection limit per client (TCP and non-TCP)” to a higher value.
200 seems adequate from monitoring in ISA Server Performance Monitor.
From testing this limit seems to apply separately to TCP and to non-TCP instead of a combined limit for both.
Default used to be 160, but when I did testing I could exceed 160 connections by opening web pages one after another on a client computer, so 200 seems like a good limit.

or

uncheck “limit the number of connections”
(not preferred since a large number could be opened by a client computer with a virus)

4. OK
Right Pane top: ‘Apply’

(in reply to psicorat)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> Isa 2004 Web Acess Slow Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts