Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Join ISA 2004 to an existing Domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Join ISA 2004 to an existing Domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
Join ISA 2004 to an existing Domain - 7.Jun.2005 2:39:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		I am running ISA 2004 on a 2003 box which is in a workgroup. I am trying to join it to my existing domain but keep getting this message "A domain controller for the domain XXXXXX could not be contacted. Ensure that the domain is typed correctly." Any help would greatly appreciated.....
Post #: 1
RE: Join ISA 2004 to an existing Domain - 7.Jun.2005 4:24:00 PM   
Bio

 

Posts: 54
Joined: 28.Nov.2002
Status: offline 		I've seen this issue before. probably you do not have configured the correct system policy rule (firewall rules - Show system policies)

Check the 1st and 6th system policy rule. These rules are needed for Active Directoy issues

bio...

(in reply to netgear68)
Post #: 2
RE: Join ISA 2004 to an existing Domain - 7.Jun.2005 5:16:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		Thnaks BIO, I have check both policies and both are enabled. Still get the same message

(in reply to netgear68)
Post #: 3
RE: Join ISA 2004 to an existing Domain - 8.Jun.2005 8:54:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Netgear,

Check chapter 4 in the book about DNS config on the ISA fireawll. That's the most common reason for domain issues.

HTH,
Tom

(in reply to netgear68)
Post #: 4
RE: Join ISA 2004 to an existing Domain - 10.Jun.2005 1:09:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		Tom,

I have check and rechecked all my DNS setting and everything seems to be working correctly, but i am still getting the same message [Confused] I don't really want to buld my ISA 2004 server scratch.......

(in reply to netgear68)
Post #: 5
RE: Join ISA 2004 to an existing Domain - 10.Jun.2005 2:36:00 PM   
Bio

 

Posts: 54
Joined: 28.Nov.2002
Status: offline 		Maybe to stupid to mention but :

When you try to add your isaserver to the domain, did you use the NETBIOS domainname ? Use the DNS domain name. Also had this little issue once .Reason is that Netbios over TCP/IP is disabled on the isa nics.

bio..

(in reply to netgear68)
Post #: 6
RE: Join ISA 2004 to an existing Domain - 13.Jun.2005 2:11:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		Bio,

I have tried both names still nothing. I get comms between the internal DNS server and the ISA server..... This very frustrating!

(in reply to netgear68)
Post #: 7
RE: Join ISA 2004 to an existing Domain - 13.Jun.2005 2:47:00 PM   
Rickymag

 

Posts: 509
Joined: 26.Nov.2003
From: SA
Status: offline 		Hello netgear68,

Check the binding order of your NICs you may find that the internal card is not bound first.

remember to reboot the machine once you change then binding order.

speak again soon HTH

RM

(in reply to netgear68)
Post #: 8
RE: Join ISA 2004 to an existing Domain - 14.Jun.2005 1:44:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		First binding is the internal card and the second is the external(one connected the intenet).....

Its got to be something simple that I am over looking.....

(in reply to netgear68)
Post #: 9
RE: Join ISA 2004 to an existing Domain - 21.Jun.2005 9:07:00 AM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		So does anyone have any more idea's?

(in reply to netgear68)
Post #: 10
RE: Join ISA 2004 to an existing Domain - 21.Jun.2005 9:50:00 AM   
tshinder

 

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Netgear,

What is the exact configuration for each of the NICs installed on the ISA firewall?

Thanks!
Tom

(in reply to netgear68)
Post #: 11
RE: Join ISA 2004 to an existing Domain - 21.Jun.2005 2:36:00 PM   
Guest
 Hi!

If i remember well we had the same problem about a month ago. Maybe zou will very disappointed, but you should install the w2003 again. You should join the isa2004 to the domain before you install w2003 SP1. After it can't. At least we couldn't do it.

Andrew

(in reply to netgear68)
  Post #: 12
RE: Join ISA 2004 to an existing Domain - 23.Jun.2005 2:27:00 PM   
caldaer

 

Posts: 18
Joined: 20.Jul.2004
From: Washington State
Status: offline 		something i do lately when trouble-shooting connections through ISA 2004 is to look at the live monitoring of the log files by going to "Monitoring" in ISA console and then to logging.

See what is getting denied and what IPs and ports are in use. If it goes by too fast, maybe add a filter that only includes your domain controllers or the ISA Local Host. Then create rules to allow the traffic that shouldn't be getting denied. Go back to your logging and verify that your new rules are showing up and working!

HTH

-Ben

(in reply to netgear68)
Post #: 13
RE: Join ISA 2004 to an existing Domain - 1.Jul.2005 12:49:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		Tom,

Here is the configuration for the Nic cards:

External Nic:

Card is set to obtain IP and DNS automatically.

Internal Nic:

Static IP: 192.168.0.1
Subnet: 255.255.255.0
Default Gateway: 0.0.0.0

Use the following DNS server: 192.168.0.200 (intenal network DNS/DC)

(in reply to netgear68)
Post #: 14
RE: Join ISA 2004 to an existing Domain - 5.Jul.2005 3:03:00 PM   
LAguilar

 

Posts: 6
Joined: 9.Feb.2005
Status: offline 		NetGear,
Did you figure this out??? I'm having the exact same problem.

Thanks!

(in reply to netgear68)
Post #: 15
RE: Join ISA 2004 to an existing Domain - 5.Jul.2005 3:50:00 PM   
jiambor

 

Posts: 13
Joined: 28.Jun.2005
From: Maryland, US
Status: offline 		Have you guys tried to run NetDiag from the 2003 support tools and see what the results are? To me this screams of DNS issues.

Is the DNS System Policy enables To Internal?
and you said the Active Directory System Policy is also enabled? To Internal as well? What is the Internal ip subnet set to? Is that correct? Can you do a nslookup from the ISA server?

I just set up ISA 2004 SP1 on a 2003 SP1 server. I was first testing it in a workgroup and then added it to the AD with out problems. This has to be a rule or config setting problem.

(in reply to netgear68)
Post #: 16
RE: Join ISA 2004 to an existing Domain - 11.Jul.2005 2:59:00 AM   
ghassan

 

Posts: 2
Joined: 31.May2005
From: jordan
Status: offline 		due to this issue i try to join the 2003 server to other domain before install isa server2004 after that you install isa server then edit the system policy

(in reply to netgear68)
Post #: 17
RE: Join ISA 2004 to an existing Domain - 12.Jul.2005 11:35:00 AM   
jasonstreet

 

Posts: 11
Joined: 8.Jul.2005
From: london
Status: offline 		do you get any RPC errors?
if you do get any RPC errors/warnings then you need to install ISA SP1

worked for me

Jase

(in reply to netgear68)
Post #: 18
RE: Join ISA 2004 to an existing Domain - 15.Jul.2005 12:38:00 PM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		Nope don't get any RPC errors and i do have SP1 installed....

(in reply to netgear68)
Post #: 19
RE: Join ISA 2004 to an existing Domain - 22.Jul.2005 10:34:00 AM   
netgear68

 

Posts: 9
Joined: 7.Jun.2005
From: Michigan
Status: offline 		Well the problem has been solved, i knew it was something stupid. Like putting .net on the end of the domain name.....

Thanks for all the help! CASE CLOSED! ;-) [Smile]

(in reply to netgear68)
Post #: 20

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Join ISA 2004 to an existing Domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts