Welcome to ISAserver.org

Unable to contact Active directory after ISA installation

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> Installation and Planning >> Unable to contact Active directory after ISA installation

Page: [1]

Message

<< Older Topic Newer Topic >>

Unable to contact Active directory after ISA installation - 7.Nov.2007 7:43:33 AM

paulkelly

Posts: 7
Joined: 9.Nov.2004
From: UK
Status: offline

Hi,
I have just installed ISA 2006 onto Windows 2003R2 DC and am now unable to contact the active directory for replication or anything else for that matter!

Before the ISA installation all domain connectivity was functioning perfectly, after the ISA installation i get hte following event viewer errors :

Active Directory was unable to establish a connection with the global catalog.

Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200c89

The attempt to establish a replication link for the following writable directory partition failed.

Directory partition:
DC=DomainDnsZones,DC=cheshire,DC=local
Source domain controller:
CN=NTDS Settings,CN=SQLSERVER,CN=Servers,CN=Cheshire,CN=Sites,CN=Configuration,DC=cheshire,DC=local
Source domain controller address:
98ab82e7-019a-4ccf-a617-08cd0248d74d._msdcs.cheshire.local
Intersite transport (if any):

Also, in the ISA firewall logs i get this error :

RPC(all interfaces) : action = failed : rule = [System] Allow RPC from ISA server to trusted servers

In the system policy Active Directory is allowed to the internal network. In the network condif, internal network has the correct subnet and correct domain name.

I must be missing something really stupid, but at the moment i've no idea what!

Any help would be greatly appreciated.

Cheers
Paul

Post #: 1

Featured Links*

RE: Unable to contact Active directory after ISA instal... - 7.Nov.2007 9:30:31 AM

Jason Jones

Posts: 2247
Joined: 30.Jul.2002
From: United Kingdom
Status: offline

ISA on a DC is not a supported configuration...

ISA Server 2004 and ISA Server 2006 Should Not Be Installed on a Domain Controller
Problem: Installation of ISA Server 2004 on a domain controller is not supported unless the installation is performed as part of the Small Business Server 2003 Premium Edition Service Pack 1 installation, or the management wizards. Installing ISA Server 2006 on a domain controller or Small Business Server is not supported.

http://www.microsoft.com/technet/isa/2004/plan/unsupportedconfigs.mspx

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to paulkelly)

Post #: 2

RE: Unable to contact Active directory after ISA instal... - 8.Nov.2007 11:03:10 AM

paulkelly

Posts: 7
Joined: 9.Nov.2004
From: UK
Status: offline

Thanks Jason, i've corrected the DC issue, it's now just a member server. However, i still get the RPC failures. I'm also now having problems getting users to authenticate - i'm guessing both sre related.

The config of the ISA2006 box has been restored from a backup of a (currently) working ISA2004 box, just with the IP's changed.

Any further thoughts? or any further information i can provide that may help?

Cheers
Paul

(in reply to paulkelly)

Post #: 3

RE: Unable to contact Active directory after ISA instal... - 10.Nov.2007 2:00:44 AM

Heinz

Posts: 13
Joined: 1.Nov.2007
Status: offline

not exacly sure if this is your solution, but ... when you install ISA on a server, the server MUST be joined to the domain. If it is not properly joined at the time of installing ISA you will have lots of problems later with AD eg. RPC etc protocols not functioning properly.

(in reply to paulkelly)

Post #: 4

RE: Unable to contact Active directory after ISA instal... - 15.Nov.2007 11:29:35 AM