Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Unable to add the Isa Server to
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Unable to add the Isa Server to - 14.Feb.2004 7:14:00 PM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hallo Thom,
I am buzzy with the change from ISA 2000 to ISA 2004 and find this to be exciting.
However I have the problem that when I click "Enable VPN Client Acces" I receive the message as follows:
"ISA Server is unable to add this computer to the list of valid remote access servers in the Active Directory. You only can use this cmputer as a remote access server, the domain administrator must complete this task."
In fact the domain administrator added the ISA Server to the group of Remote access servers in Active Directory. It seems there is a problem between the ISA Server and the PDC as there is also a problem with NtpClient to acquire the right time from the time source which is also the PDC.
Have you any suggestion regarding this phenomane?
Furthermore I want to ask you if the RRAS service still play a role in this or must this service stay "disabled"?
Looking forward to your commands,
With friendly greetings,
Pieter Stolker
|
|
|
|
|
RE: Unable to add the Isa Server to - 16.Feb.2004 3:36:00 AM
|
|
|
zhangmeibo
Posts: 87
Joined: 11.Feb.2004
From: China
Status: offline
|
hi ,
Does the account of you operate ISA server has domain administrator privileges?
|
|
|
|
|
RE: Unable to add the Isa Server to - 16.Feb.2004 11:39:00 AM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hello Meibo,
Thanks for your answer. It's really strange to experience that someone from China reeds my question and try to help me to solve the problem. Be sure I appreciate your efforts most and I am thankfull. Let's try to tackle the problem.
Regarding your question I can give you the anser that the account on the ISA Server is fully qualified both as enterprise and domain administrator.
Furthermore I noticed the next problem which maybe is connected to my first problem.
At the ISA server at the commandprompt "Browstat status" gives a nice and true answer that the PDC is server01. 1 minute after a connection has established through VPN the same command tells me that ISA Server is the PDC and none of the workstations on the network is reachable. ??
It seems that the browser does not get an answer from the real PDC during VPN connections and ISA Server therefore thinks that he is the Masterbrowser for its own domain.
So far so good, but how to tackle this??
Looking forward to your commands.
With friendly greetings
Pieter Stolker
|
|
|
|
|
RE: Unable to add the Isa Server to - 17.Feb.2004 12:21:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pieter,
Disable the RPC filter, or create an allow rule that allows all traffic from the ISA firewall and the DC.
HTH,
Tom
|
|
|
|
|
RE: Unable to add the Isa Server to - 17.Feb.2004 11:47:00 AM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hello Tom,
Thank you very much for your answer. I made the allow rule as you suggested and the result is that the timeserver is O.K. and also the message regarding the Active Directory stays away. Which protocol and which port does the w32time service use??
Only the other problem regarding the browser has enlarged in this way that as soon as I made a connection through VPN, the ISA server see itself as a standalone network of which the ISA server is the browser master. As a result the dial-in workstation cannot reach any of the resources at the network.
Scandata is mainly a developer of applications with Visual Basic and SQL server. Our clients are governement and Universities. There is a big demand for the possibility that our applications can be used from a home situation. So therefore our interest in VPN. At this time most companies use Citrix and ICA. We have not much knowledge about this. Personaly I think that Microsoft with ISA will be a great player if we can handle the program.
April 20-21-22 there is an exhibition in Amsterdam RAI. At this exhibition ( www.tine.nl ) Scandata has a stand to promote our applications through a VPN with our office. For this reason we should feel comfortable to have ISA 2004 at that time in our fingers.
If your book about ISA 2004 is released at that time, we are interested to introduce it on our stand and sell it if you do not have obligations of course with importers and if you are interested.
Meanwhile thank you very much for your assistence.
At this time we have Web Proxy, Web Publishing and VPN dialin a little bit under control. What rests is SMTP and our ExchangeServer 2003.
It will surely not easy.
With friendly greetings,
Pieter Stolker
Scandata
|
|
|
|
|
RE: Unable to add the Isa Server to - 17.Feb.2004 12:36:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pieter,
Good to hear that you got the machine to join the domain. I believe that the beta still have some serious issues with intradomain communcations that will need to be fixed before the product is released.
Thanks for the offer of displaying out book! Unfortunately, it won't be finished until May or June of this year.
I not sure I understand the problem you are having with the VPN clients, and what you goal is. Do you want to be able to control what specific protcols the VPN clients can use when connecting to the Internal network? If so, you can do that easily.
Let me know.
Thanks!
Tom
|
|
|
|
|
RE: Unable to add the Isa Server to - 17.Feb.2004 1:08:00 PM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hi Tom,
Thank you for your reply.
I try to explain what happens. At the command prompt on the ISA server (10.0.0.2) I type the command "Browstat status". This gives an view about who is the PDC and who are the Backup Domain Controllers. At that time my PDC (10.0.0.1) is the PDC.
As soon as somebody makes a connection through VPN, at the VPN client I cannot reach any device on my network. Only the workstation while it must be a network view with all the Servers, workstations and printers.
Typing "Browstat status" at the ISA server gives me the information that my ISA Server is the Master Browser and there are no other devices.??????
I think I did something wrong or forgot something.
But what.
Pieter
|
|
|
|
|
RE: Unable to add the Isa Server to - 19.Feb.2004 12:14:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Scandata:
Hi Tom,
Thank you for your reply.
I try to explain what happens. At the command prompt on the ISA server (10.0.0.2) I type the command "Browstat status". This gives an view about who is the PDC and who are the Backup Domain Controllers. At that time my PDC (10.0.0.1) is the PDC.
As soon as somebody makes a connection through VPN, at the VPN client I cannot reach any device on my network. Only the workstation while it must be a network view with all the Servers, workstations and printers.
Typing "Browstat status" at the ISA server gives me the information that my ISA Server is the Master Browser and there are no other devices.??????
I think I did something wrong or forgot something.
But what.
Pieter
Hi Pieter,
I think you're running into a normal problem with VPN clients. You need to assign the VPN clients a WINS server to allow them to access the browse list for the domain.
HTH,
Tom
|
|
|
|
RE: Unable to add the Isa Server to - 24.Feb.2004 11:42:00 AM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hallo Thom,
I let it rest a while because I became a little bit confused by it.
In order to find out what causes the fault I stopped ISA server and tested the VPN connection on the normal way using RRAS. Perfect! No problems at all.
This indicates me (?) that the problem must be caused by settings in ISA server.
As soon as the VPN is connected ISA server is isolated from the rest of the network. To re-establish I have to restart or wait a considerable time. I already made all kind of Allow rules regarding Netbios, DHCP, etc etc, but none of them give the result I need.
I'm certain that I overlook something, but what.
I hope you can give me a hint.
With friendly greetings,
Pieter
|
|
|
|
RE: Unable to add the Isa Server to - 24.Feb.2004 11:49:00 AM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hallo Meibo,
Thank you for your suggestions. Regretfully I still stumble with the same problem as you can read in my posting to Tom.
Regarding your interest in our Dutch football players I think I can agree with you. Only from the time that they were payd astronomic salaries (really unbelievable this wages) the game lost his intuitive caracter. The players are to much boarded and the games are too technically.
Maybe in future when things are a little bit normal the game we call football will gain again on populairty.
With friendly greetings,
Pieter
|
|
|
|
|
RE: Unable to add the Isa Server to - 24.Feb.2004 11:52:00 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Scandata:
Hallo Thom,
I let it rest a while because I became a little bit confused by it.
In order to find out what causes the fault I stopped ISA server and tested the VPN connection on the normal way using RRAS. Perfect! No problems at all.
This indicates me (?) that the problem must be caused by settings in ISA server.
As soon as the VPN is connected ISA server is isolated from the rest of the network. To re-establish I have to restart or wait a considerable time. I already made all kind of Allow rules regarding Netbios, DHCP, etc etc, but none of them give the result I need.
I'm certain that I overlook something, but what.
I hope you can give me a hint.
With friendly greetings,
Pieter
Hi Pieter,
If you backup your configuration and send it to me, I'll take a look at it and see if I can figure it out.
Thanks!
Tom
|
|
|
|
|
RE: Unable to add the Isa Server to - 10.Mar.2004 5:52:00 PM
|
|
|
Scandata
Posts: 12
Joined: 14.Feb.2004
From: Rotterdam, the Netherlands
Status: offline
|
Hallo Tom,
I feel obliged to inform you that I resoved the problem. The reason why I could not enter the internal network was because I did not entered the VPN Client Group to allow the Internal Group. Very simple (as most of the time). I even spent a new machine for this, but finally I am very happy that I found out WHY it did not worked.
See you,
Pieter
|
|
|
|
|
RE: Unable to add the Isa Server to - 11.Mar.2004 1:59:00 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Pieter,
Thanks! I'm always happy to hear when there is a resolution to a problem. Good to hear you got it working and thanks for the follow up!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
