Welcome to ISAserver.org

Web Publishing + Server Publishing websites at same time

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Web Publishing >> Web Publishing + Server Publishing websites at same time

Page: [1]

Message

<< Older Topic Newer Topic >>

Web Publishing + Server Publishing websites at same time - 26.Dec.2003 6:31:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

I have configured ISA to provide access to websites using both web publishing as well as server publishing. I have server publishing working off of a single IP Address and forwarding to one machine, the rest of the IP addresses are available for web publishing. When I first configure this and set it up, everything runs perfectly with no problems. All sites are reachable, whether you are accessing the web-published ones or the server published ones. Then, after a period of time (usually a few days), the web publishing stops working and the server publishing continues to work. ISA hasn't logged any errors other than an IP Spoof a day earlier. Restarting the Firewall Service brings everything back online.

I read through the following article to aid in my configuration:
http://www.microsoft.com/isaserver/techinfo/tips/serverpubrules.asp

So I have the server listeners configured individually per IP address and I have not listed the IP address which I have used to server publish the websites. I have my server publishing rule setup with the protocol the above website specifies to setup (HTTP Server).

Web Publishing has 5 different publishing rules in it, and I am confident they are configured correctly. I had never had problems with any of them prior to removing one of the web publishing rules (the last one on the list) and creating a server publishing rule to accomplish the same thing. I have left the HTTP Redirector Filter enabled.

It is absolutely neccessary that I use both of them at the same time. I cannot migrate everything over to web publishing as I need the source IP Addresses for some requests. And I cannot move everything over to server publishing as I have to utilize destination sets.

I have tried to read through the ISA logs to find where these requests are being blocked, but there are no records of any requests on port 80 being blocked.

Anyone have any ideas as to what may be causing my problem? Is there perhaps a hot-fix? I have SP1 and FP1 installed. Looking forward to a response.

Happy Holidays!

Post #: 1

Featured Links*

RE: Web Publishing + Server Publishing websites at same... - 27.Dec.2003 11:46:00 AM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

If you use a Server Publishing Rule, there's no reason to use a Web Publishing Rule. You can remove the Web Publishing Rules for the same sites, and just create Web Publishing Rules for unique sites.

HTH,
Tom

(in reply to cybersmith)

Post #: 2

RE: Web Publishing + Server Publishing websites at same... - 28.Dec.2003 7:11:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Well I just typed up this entire reply but mistyped my password... so it erased what I typed. [Mad]

So I guess I'll type it again...

Tom, thank you for your reply. It's always nice to know I've got the ISA guru himself responding to my plea for help.

After reading what you recommended, I believe I have already done that. I currently use a single server publishing rule to route all requests to a single IP Address to my primary web server. I have already removed the web publishing rule which accomplished this.

I have web publishing rules setup which must utilize destination sets. For example, one of my destination sets simply includes "webmail.*" and routes all requests which start with webmail to our mail server. It also then routes the incoming request on port 80 to a different port to avoid having to include the port number after the URL. This is extremely important. I have other similar web publishing rules in place as well as very simple rules which route a single website to a different server.

So as you can see, it is very important that I utilize both web publishing and server publishing. I realize that I may be able to migrate some of the publishing from web to server, but not all of what I am doing can be accomplished with just server publishing.

When I first configure this and set it up, everything runs perfectly with no problems. All sites are reachable, whether you are accessing the web-published ones or the server published ones. Then, after a period of time (usually a few days), the web publishing stops working and the server publishing continues to work.

Does anyone have any suggestions or ideas as to why I am encountering this problem?

Has anyone implemented both web and server publishing? If so, could you perhaps include the steps you took so I know if I missed something?

Thanks in advance for your replies and your time. Happy Holidays!

[ December 28, 2003, 07:14 PM: Message edited by: Mr. Fix It ]

(in reply to cybersmith)

Post #: 3

RE: Web Publishing + Server Publishing websites at same... - 28.Dec.2003 9:16:00 PM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

OK, I have a better idea of what the problem might be.

The first step is to create Destination Set entries that are specific. Don't use a wildcard like webmail*. Instead, use webmail.domain.com and that should work a lot better. Create Web Publishing Rules for each destination. I never have problems when doing it that way.

HTH,
Tom

(in reply to cybersmith)

Post #: 4

RE: Web Publishing + Server Publishing websites at same... - 29.Dec.2003 12:29:00 AM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Tom, again, thank you for your reply.

Do you know why using wildcards like webmail.* would cause problems suddenly? Because this solution was implemented at least 3 months before I migrated anything to server publishing and I had no problems with it at all until this change.

(in reply to cybersmith)

Post #: 5

RE: Web Publishing + Server Publishing websites at same... - 29.Dec.2003 3:37:00 PM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

Not sure. I've never used wildcards in the Destination Sets for Web publishing, so its outside of my experience [Frown]

What kind of error codes do you see in the Web Proxy log? That might help us get to the bottom of the problem.

Thanks!
Tom

(in reply to cybersmith)

Post #: 6

RE: Web Publishing + Server Publishing websites at same... - 29.Dec.2003 3:59:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Tom, thanks for sticking with me on this one.

After examining the logs, I don't see any errors that could explain this. I do strangely see that about 99% of the BLOCKED requests were going to UDP port 53.

If you think I'm missing something, I will gladly email you some of the logs for your review. I have no doubt your eye is much more keen when it comes to identifying errors in the logs. I could also attach an ISAInfo report if it would help.

(in reply to cybersmith)

Post #: 7

RE: Web Publishing + Server Publishing websites at same... - 2.Jan.2004 12:00:00 AM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Any other Ideas? Tom, would you be able to take a look if I emailed you the info?

(in reply to cybersmith)

Post #: 8

RE: Web Publishing + Server Publishing websites at same... - 4.Jan.2004 8:11:00 PM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

The logging information that would be helpful is found in the Web Proxy logs. The UDP blocking is probably being found in the packet filter log.

You can send me some sample log into at tshinder@tacteam.net from the Web Proxy log at a time where you're seeing the errors.

HTH,
Tom

(in reply to cybersmith)

Post #: 9

RE: Web Publishing + Server Publishing websites at same... - 16.Jan.2004 6:54:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Tom,
I sent the logs to your email last week sometime. I just want to confirm you received them. If you get a chance, please let me know if you have any ideas as to what could be causing my problem. It's still unresolved. Thanks in advance!

(in reply to cybersmith)

Post #: 10

RE: Web Publishing + Server Publishing websites at same... - 18.Jan.2004 11:46:00 AM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

I did not get them. How large were they? They have exceeded the file size limit on my SMTP gateways.

Thanks!
Tom

(in reply to cybersmith)

Post #: 11

RE: Web Publishing + Server Publishing websites at same... - 21.Jan.2004 4:47:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Tom,

To work around the problem of sending a 1.7 meg file to your email, I have saved the compressed logs to an FTP location. I am emailing you the location which they can be obtained and the associated username and password. Please respond to the email when you receive it so I know it has gone through this time. Thanks for all your help and time.

[Big Grin]

(in reply to cybersmith)

Post #: 12

RE: Web Publishing + Server Publishing websites at same... - 22.Jan.2004 4:27:00 AM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

Got the message. I'll give it look in the AM.

Thanks!
Tom

(in reply to cybersmith)

Post #: 13

RE: Web Publishing + Server Publishing websites at same... - 22.Jan.2004 4:46:00 AM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

Can you run the isainfo script and post those to your site? Looks like some serious configuration issues going on with the rules.

Are you publishing a DNS server? If so, you MUST get the latest rollup hotfix. You have far to many DNS entries in your packet filter logs.

HTH,
Tom

(in reply to cybersmith)

Post #: 14

RE: Web Publishing + Server Publishing websites at same... - 23.Jan.2004 11:19:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Tom,

Thanks for taking a look at those logs. I have added the ISAInfo report for the ISA server, per your request, to the same FTP as the logs. Please feel free to take a look at your earliest convenience.

It's never good to hear that there are some configuration problems with an ISA server. I'm hoping it's not as bad as you made it sound in your reply. *crosses fingers*

Yes we are publishing DNS servers and I have tried to download all of the available hot fixes which were released after FP1. Is there a specific location/source which you recommend I download updates from? Thanks for all your help!

(in reply to cybersmith)

Post #: 15

RE: Web Publishing + Server Publishing websites at same... - 24.Jan.2004 1:08:00 AM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

Can you send me your FTP site again, as I whacked your first message that had the address in it.

Thanks!
Tom

(in reply to cybersmith)

Post #: 16

RE: Web Publishing + Server Publishing websites at same... - 26.Jan.2004 4:31:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Not a problem, Tom. I just resent the email.

(in reply to cybersmith)

Post #: 17

RE: Web Publishing + Server Publishing websites at same... - 6.Feb.2004 7:20:00 PM

cybersmith

Posts: 69
Joined: 21.Jul.2003
From: Michigan
Status: offline

Still awaiting your response, Tom. Whenever you get a chance. Thanks!

(in reply to cybersmith)

Post #: 18

RE: Web Publishing + Server Publishing websites at same... - 7.Feb.2004 2:25:00 AM

tshinder

Posts: 47668
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi MFI,

I took a look at the config, and nothing really stood out. I'm at a loss with the information I have right now as to what the problem might be. I would look into a netmon trace as the next step.

HTH,
Tom

(in reply to cybersmith)

Post #: 19