Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Why new/changed rules no longer take any affect in the ISA server ?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Why new/changed rules no longer take any affect in the ISA server ? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Why new/changed rules no longer take any affect in the ... - 24.Oct.2005 10:34:00 PM   
slu

 

Posts: 3
Joined: 24.Oct.2005
Status: offline 		I have two ISA servers and one separate configuration storage server, everything working fine for several months, but I just found out last weekend, any new created rules or changed rules (access rule or publishing rule) are no long taken affect after I apply the changes. The old rules continue working.

The only abnormal thing I notice is the Configuration Status on the Monitoring/Configuration tab, which shows errors stating ôserver cannot establish connection with the configuration storage serverö. However, such errors donÆt prevent the changed rules replicate through the server array and the storage server. I am not sure if that is related or not.

The servers are ISA 2004 Enterprise SP1 on window 2003 server with SP1.

Does anybody know why? Thank you for your help.
Post #: 1
RE: Why new/changed rules no longer take any affect in ... - 26.Oct.2005 3:31:00 AM   
jonsauter

 

Posts: 66
Joined: 8.Jul.2005
From: Dallas, TX
Status: offline 		I know this is really basic but have you tried rebooting your CSS?

(in reply to slu)
Post #: 2
RE: Why new/changed rules no longer take any affect in ... - 26.Oct.2005 4:13:00 PM   
slu

 

Posts: 3
Joined: 24.Oct.2005
Status: offline 		Reboot is always my first option if something weird happens... it doesn't work in this case though.

I ended up to create a domain service account, and change the Storage service and isa server control service account from Local Account to this new domain account. The problem seems fixed now on the array server end, but still shows not connected in the CSS end, but anyway, new rule changes are taken affect now, so I can breath for a while.

I think the problem is somewhat related to the isa servers can not communicate each other though the default local account. it may be related to recent win2003 sp1 upgrade.

I also use ldp.exe to trouble shoot it, if I select SSL to connect to the css port 1721, it fails, but it succeeds without ssl. I think I am fine since I use window authentication, not ssl auth, which used in not trusted domain scenario.

(in reply to slu)
Post #: 3
RE: Why new/changed rules no longer take any affect in ... - 26.Oct.2005 4:47:00 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		Did you mean port 2171?

2171 - LDAP secured with Kerb in a domain joined setup
2172 - LDAP secured with SSL (certificate) in a workgroup mode setup
2173 - CSS replication

(in reply to slu)
Post #: 4
RE: Why new/changed rules no longer take any affect in ... - 27.Oct.2005 12:24:00 PM   
slu

 

Posts: 3
Joined: 24.Oct.2005
Status: offline 		You are right, Clint. It is port 2171. I don't know why it came out as 1721 in my typing. [Smile]

(in reply to slu)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> General >> Why new/changed rules no longer take any affect in the ISA server ? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts