Welcome to ISAserver.org

Why my ISA server installation in a 3-homed perimeter network failed?

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Installation >> Why my ISA server installation in a 3-homed perimeter network failed?

Page: [1]

Message

<< Older Topic Newer Topic >>

Why my ISA server installation in a 3-homed perimeter n... - 7.Jun.2001 7:00:00 PM

Bing

Posts: 2
Joined: 7.Jun.2001
Status: offline

I am trying to setup an ISA server in our three-homed perimeter network, but the installation failed. I am posting what I did here and hopefully somebody can help me to get it work.

We plan to install ISA server on a window 2000 advanced server machine with 3 nics. I am using faked IP addresses here for illustration purpose. We have two subnets. The corporate subnet has network ID 96.210.0.128 and subnet mask 255.255.255.192. The perimeter subnet has network ID 96.210.0.129 and subnet mask 255.255.255.192. Nic 1 of ISA server has IP address 96.210.0.130 and connects to the internet router at IP 96.210.0.129. Nic 2 of ISA server has IP address 96.210.0.131 and connects to corporate subnet. Nic 3 has IP address 96.210.0.193 and connects to perimeter subnet.

I finished the basic Windows 2000 advanced server installation with SP1 on the ISA server machine, and joined it to the domain. The domain had only one domain controller with IP 96.210.0.133 in the corporation subnet. And there was no server in the perimeter subnet. For Nic 1 and Nic 2, I configured the preferred DSN server as the domain controller. For Nic 3, I left the preferred DSN empty. And for all the three nics, I left the default gateway empty. At this moment, since the ISA server and DC were on the same subnet, I could ping DC from ISA server.

I ran the enterprise initialization, and I finished successfully. I then ran the ISA server installation in integrated mode and created an array. I couldn't remember how I configured the LAT. The installation went on OK until it hung on at the step of "Starting/restarting ISA Server service...". I had to kill the process. I rebooted the ISA Server, but then I couldn't start Microsoft Firewall service, and I even couldn't ping the DC by that time although they were on the same subnet.

Does anyone know what I did wrong here? I would really appreciate your help.

By the way, although the instillation failed, I could still record for the array and the ISA server in the active directory under branch fPC. Can I run Enterprise Initialization again to remove those records?

Post #: 1

Featured Links*

RE: Why my ISA server installation in a 3-homed perimet... - 7.Jun.2001 8:42:00 PM

Ultraman

Posts: 182
Joined: 20.Apr.2001
Status: offline

Bing,

If you plan on taking ISA out of the AD, be VERY careful! I can't stress it enough as I just did this two weeks ago and we got lucky!

If you plan on removing array info, make sure you delete all servers in the array first and delete all erroneous policies for the enterprise. THEN and only then rerun the Enterprise Initialization and it'll ask you if you want to remove the old info in the AD.

Be careful and make backups!

------------------
Eric Jansen
HMG Technologies, Inc.
MCP, ICE, ICA

(in reply to Bing)

Post #: 2