Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Web Chaining Rule Problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Web Chaining Rule Problem - 17.Jun.2008 5:54:06 AM
|
|
|
Mad Man
Posts: 2
Joined: 17.Jun.2008
Status: offline
|
Anyone able to offer advise on a problem I have here? I dont know ISA 2004 at all, I worked on 2000 & its assumed I would know how 2004 as well but they are a little bit different...
We have 2 ISA servers configured identically, users connect via a Network Load Balanced host name so could hit either. One of them has a problem the other is ok.
All internet traffic is configured to get routed to upstream server A, all intranet traffic to server B. Intranet traffic is identified by a Web Chaing Rule, any URLs in a URL Set are routed to up upstream server B.
There's one URL specified in the URL set which is not being routed correctly. Its going out as internet traffic to upstream server A, I have tried removing & readding the URL set, rebooting, clearing cache etc but it just will not route to the correct upstream server.
I'm at a loss as to whats wrong, both our ISA servers are configured identically & nothings been changed on them yet one just will not handle this URL correctly.
Anyone seen this happen before?
Thanks
< Message edited by Mad Man -- 17.Jun.2008 10:23:08 AM >
|
|
|
|
RE: Web Chaining Rule Problem - 17.Jun.2008 5:37:47 PM
|
|
|
Rievax
Posts: 40
Joined: 13.Oct.2004
Status: offline
|
Hey Mad Man,
"We have 2 ISA servers configured identically, users connect via a Network Load Balanced host name"
How do you load balance? Is this ISA Enterprise Edition?
"upstream server A, all intranet traffic to server B"
What are your upstream servers? Other ISA servers? Or your two ISA servers are your upstream servers?
How do you configure your clients? Do you use Proxy configuration going to the ISA? Are you 100% sure your session going to ISA #1 will stay on server #1?
Do you have the very last Service Pack and patches? They fixed a lot with the last SP.
Let us know.
Xavier.
|
|
|
|
|
RE: Web Chaining Rule Problem - 18.Jun.2008 3:26:47 AM
|
|
|
Mad Man
Posts: 2
Joined: 17.Jun.2008
Status: offline
|
How do you load balance? Is this ISA Enterprise Edition? - We use Network Load balancing configured on the network cards. It is Enterprise edition.
What are your upstream servers? Other ISA servers? Or your two ISA servers are your upstream servers? - I think the upstream server is an ISA server, I don't have access to it as its another companies system.
How do you configure your clients? Do you use Proxy configuration going to the ISA? Are you 100% sure your session going to ISA #1 will stay on server #1? - They are configured through group policy to use the load balanced name so can hit either ISA server. Testing by using the actual server name rather than the load balanced name has identified server 1 as being the server thats not routing intranet traffic correctly.
Do you have the very last Service Pack and patches? They fixed a lot with the last SP - No, we can look at putting them on though.
|
|
|
|
|
RE: Web Chaining Rule Problem - 18.Jun.2008 9:29:13 AM
|
|
|
Rievax
Posts: 40
Joined: 13.Oct.2004
Status: offline
|
OK then... You should first try to update the two nodes to the last service pack.
Second, for your own knowledge, since you are new to ISA2004 Enterprise, you should know that:
- The two nodes are retrieving their configuration from the same Configuration Storage: they are synchronizing from the same Database (Arrays--> right click on [your array name] --> Properties --> Configuration Storage). The configuration storage server is supposed to be the one you update in order for the nodes to be in sync; but you could also edit any node and the result will be saved to the Configuration Storage.
- NLB must not be configured into Windows, but in the ISA configuration console. Each node has a "Host ID" and a heartbeat private network (Arrays--> [your array name] --> Configuration --> Servers --> right click on any server)
- You define your NLB IP Address in Arrays--> [your array name] --> Configuration --> Networks --> Right Click on Internal network and the NLB Tab.
If one the those three points does not reflect your situation, be carefull because you have a non-standard ISA 2004 Enterprise configuration... and it could be the source of your present and future issues.
Can you just confirm that the INTERNET upstream server is configured in the "Last Default Rule" Web Chaining tab? If not, where is defined your Internet upstream server? Your secureNAT and Firewall clients will use either the default gateway of your ISA servers or the upstream server configured in Arrays--> [your array name] --> Configuration --> General --> Configure Firewall Chaining.
Hope it helps you...
Xavier.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
