• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Microsoft & Trend sites are not working

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Microsoft & Trend sites are not working Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Microsoft & Trend sites are not working - 20.Apr.2009 1:33:12 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
Hi all,
I 'm unable to open these two sites microsoft.com & Trendmicro.com.
I have ISA integrated with IWSS, contacted Trend support there told that the problem ISA. can anyone please help in this.
Its very urgent.......
Thanks in advance.

- Gopichand
Post #: 1
RE: Microsoft & Trend sites are not working - 22.Apr.2009 9:08:12 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
"unable to open" is too vague. What is the actual error you get when opening the website?

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to gopichand)
Post #: 2
RE: Microsoft & Trend sites are not working - 23.Apr.2009 12:43:01 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
Im getting below error for www.microsoft.com

Technical Information (for support personnel) Error Code 11001: Host not found Background: This error indicates that the gateway could not find the IP address of the website you are trying to access. This is usually due to a DNS-related error. Date: 4/23/2009 4:39:40 AM [GMT] Server: engg-iwss Source: DNS error -Gopichand

(in reply to inderjeet)
Post #: 3
RE: Microsoft & Trend sites are not working - 23.Apr.2009 8:33:18 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
It indicates DNS issue. If your clients are configured as secureNAT (Gateway as ISA's Internal IP) then they resolve the names through your local DNS server which then forwards it to the ISP's DNS server.

If they are web proxy clients (IE set to direct traffic to ISA) then ISA will resolve the names for the clients.

Now, depending how you clients are setup check on the respective server to see if you can resolve the name from them. Check if you are able to open these websites from other clients. Could be potential virus which is blocking Microsoft.com for any patch updates and blocking Trend for virus definations.

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to gopichand)
Post #: 4
RE: Microsoft & Trend sites are not working - 23.Apr.2009 8:57:55 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
Getting same error in all the client system. If i check the proxy setting to Automatically in IE then i can  access all sites without error but if i give IP & port no of ISA in IE its giving error.

Last month i changed the port no of ISA server, from that day onward im getting this problem.

I have backup of ISA array (.XML). Is it work if i restore array? Let me know if you required any log i will send it.

-Gopichand

(in reply to inderjeet)
Post #: 5
RE: Microsoft & Trend sites are not working - 23.Apr.2009 10:25:02 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Check the NIC ordering in the ISA. Make sure you have External first and then Internal

Also, from your client machine with IE setting as "Automatically detect settings" type /wpad.dat">http://<isaservername>/wpad.dat and see the port number mentioned in the "HttpPort" and see if the correct ISA name appear under this [0] = new node ("isa.fqdn.com", 0,1.000000);

Then check the same thing for by manually externing the ISA server name and the Port in IE proxy settings. Check what you get there.

Make sure you are entering the correct port when manually mentioning the proxy settings.

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to gopichand)
Post #: 6
RE: Microsoft & Trend sites are not working - 23.Apr.2009 11:27:19 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: inderjeet

Check the NIC ordering in the ISA. Make sure you have External first and then Internal



Did you mean that?

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to inderjeet)
Post #: 7
RE: Microsoft & Trend sites are not working - 23.Apr.2009 11:42:54 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
We are just hunting down the possibilities

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to Jason Jones)
Post #: 8
RE: Microsoft & Trend sites are not working - 23.Apr.2009 11:52:40 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
No, what I mean was that I've always done the following bind order:

Internal Network
Intra-Array Network
<Management Networks>
<Perimeter Networks>

External Network
[Remote Access connections]

Yet you suggested putting External at the top...just wondered if this was a typo

Cheers

JJ

< Message edited by Jason Jones -- 23.Apr.2009 11:54:22 AM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to inderjeet)
Post #: 9
RE: Microsoft & Trend sites are not working - 23.Apr.2009 11:55:48 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Yes, you are right with the ordering. The odering i told to do is just for testing (i forgot to mention) and is temporary. We are removing the probability of names getting resolved through Internal DNS.



_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to Jason Jones)
Post #: 10
RE: Microsoft & Trend sites are not working - 23.Apr.2009 12:01:50 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: inderjeet

Yes, you are right with the ordering. The odering i told to do is just for testing (i forgot to mention) and is temporary. We are removing the probability of names getting resolved through Internal DNS.



Ah ok, sorry my bad

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to inderjeet)
Post #: 11
RE: Microsoft & Trend sites are not working - 23.Apr.2009 12:25:31 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
No no, it's fine Jason. Your inputs are welcome. I almost always follow your inputs on different posts. I have recently started my hands on ISA troubleshooting, primarily we help deploying new setups.....




_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to Jason Jones)
Post #: 12
RE: Microsoft & Trend sites are not working - 24.Apr.2009 12:52:42 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
-Where can i check the NIC ordering and  How?
-On client machine with IE setting as "Automatically detect settings"  type http://engg-iwss/wpad.dat in the browser its giving error page cannt display

-Checked the same thing for by manually externing the ISA server name and the Port in IE proxy settings. its also giving same error

-Gopichand

(in reply to inderjeet)
Post #: 13
RE: Microsoft & Trend sites are not working - 24.Apr.2009 9:23:07 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
NIC ordering can be seen and set under Network Connections > Advanced > Advanced Settings > Adapters and Bindings

Can you ping your internal machines from your ISA Server? Check if you can resolve the ISA machine name correctly from your DNS server using nslookup command from a client machine.

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to gopichand)
Post #: 14
RE: Microsoft & Trend sites are not working - 27.Apr.2009 5:07:32 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
Able to ping client machine from ISA server. I did not joined  ISA server to Domain it on Workgroup so it cannt resolved for name. 

(in reply to inderjeet)
Post #: 15
RE: Microsoft & Trend sites are not working - 27.Apr.2009 2:02:49 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
We need to look at logs to be sure what's happening. Can please gather logs using the below tool. Mail it to me at isaissues@yahoo.com

Take the logs in following format

1. Install the Network Monitor 3.2 on client machine  to be used in the test
2. Install Network Monitor 3.2 and ISABPA tool on ISA
3. Start Network monitor on client machine and ISABPA on ISA. You dont have to start network monitor on ISA.
4. Test the scenario when it asks you to press spacebar on ISABPA
5. Test it and press space bar again to close it
6. Then send me the isapackage.cab and save the network monitor logs on client machine as .CAP file. Send that file as well.


ISA BPA can be downloaded and installed from the following location:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d22ec2b9-4cd3-4bb6-91ec-0829e5f84063&DisplayLang=en After installing this please run the ISA Data Packager from the Start, Programs, ISA Server, ISA Tools menu
Select the ‘Collect data from one of the following repro scenarios’ radio button and select the ‘Basic Repro and Static Configuration’ option, select ‘Next’ and then ‘Start Data Collection’.

When the ISA Data Packager has initialized the various data captures you will be asked to press the Spacebar to start capturing data. This is going to capture a number of data outputs from a repro of the issue (Network traces, ISA tracing output, ISA logs) so before running this and pressing the spacebar please get set-up to repro the issue.

When you are ready to repro the issue press the spacebar, repro the issue and then press the spacebar again to stop the captures. If you can try to keep this the time you are capturing quite short that will help our analysis of the data.

The BPA will also gather config data from the ISA server that will help us understand your set-up and will output all the data captures to a file on the desktop called isapackage.cab.



_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to gopichand)
Post #: 16
RE: Microsoft & Trend sites are not working - 28.Apr.2009 1:37:44 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
Logs Captured & sent to your mail id.

-Gopichand 

(in reply to inderjeet)
Post #: 17
RE: Microsoft & Trend sites are not working - 28.Apr.2009 1:49:23 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
Because of large attachement mail was bounced. The size of attachement is 15MB.
What should i do?
-Gopichand 

(in reply to inderjeet)
Post #: 18
RE: Microsoft & Trend sites are not working - 29.Apr.2009 12:50:27 AM   
gopichand

 

Posts: 8
Joined: 20.Apr.2009
Status: offline
log files uploaded to http://rapidshare.com/files/226979649/Logs.zip.html
waiting for reply with solution.

(in reply to inderjeet)
Post #: 19
RE: Microsoft & Trend sites are not working - 29.Apr.2009 10:26:29 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Hi Gopi,

There are alot of issues with your ISA configuration. Moreover, i believe there was a delay in starting the Netmon on the client machine and the ISABPA on the ISA vs test which you did on client. Client requested http;//trendmicro.com at 10:29AM but i see no logs hitting ISA at that time in logs. The ISA logs start from 10:34AM. Anyways,

1. You have two NICs in ISA but i can see that you have configured a DMZ Ip range of 192.168.x.x network and you have allowed everything from Internal/localhost to DMZ. I am not sure how ISA is going to do that. You need an additional NIC connected to the DMZ network

2. <fpc4:Description dt:dt="string">A network adapter is configured with several IP addresses which belong to several networks. This is not a valid configuration.</fpc4:Description> tells that you have added IPs on your NIC with different networks. AFAIK, it's not supported

3. Looking at the following trace it shows that the client 172.21.3.200 is making a GET request to ISA, that was in Frame number 664, In the very next frame i see that ISA replied back with a response saying BAD Gateway. I am not sure why ISA did that because i dont have traces on ISA for that time due to late start of logs.

Ipv4: Src = 172.21.3.200, Dest = 172.21.0.6
Http: Request, GET http://trendmicro.com/
Command: GET
URI: http://trendmicro.com/

Ipv4: Src = 172.21.0.6, Dest = 172.21.3.200
Http: Response, HTTP/1.1, Status Code = 502, URL: http://trendmicro.com/
ProtocolVersion: HTTP/1.1
StatusCode: 502, Bad gateway

4. I couldn't understand the relevance of Your VPN access rule which is allowing so many protocols and that too from Internal/Localhost to Anywhere.

5. I also found below alerts for 5-6 machines. This alert is generated when a machine tries to send too many TCP connections in 1 minute. By default it is 600. That means all those machines have tried to send either 600 or more than 600 TCP connections through or on ISA.ISA blocks the traffic from those machines for a specific amount of time. This could be potentialy because of viruses. You need to check your machines against viruses and trojans.

" The number of TCP connections per minute from the source IP address 172.21.3.200 exceeded the configured limit. ISA Server will not allow the creation of new TCP connections from this source IP address during a system-defined time period. By default; this time period is 1 min "

Overall i can say at this time is that, it could be very well be a network issue or a configuration issue. get in touch with Microsoft to get your ISA configured properly.

If you are a Gold partner then check the link in my signature below to see how you may get support from our team in Microsoft.


****** Check Next Entry As well ****

< Message edited by inderjeet -- 29.Apr.2009 6:50:58 PM >


_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to gopichand)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Microsoft & Trend sites are not working Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts