I have set up isa server on my network. As of right now, I have isa with two nics, configured as your tutorial suggests, internal on top, no netbios, etc. I have a dhcp server as a firewall client. I have one dns server behind the firewall with two domains in it, the base domain and the web site domain name. It also serves one web site, wildwes.net using iis.
I have configured my server using a couple of your tutorials, "Learn how your isa server helps block blaster traffic" and "ISA Server security checklist" (1 & 2)
I have one other client behind the firewall right now. I have no domain controller, behind the isa is a peer to peer network. (I'd rather stay away from ad if possible)
My problem is the one client seems to lose it's connection about every half hour or so. The servers seem to stay available. The only solution seems to be to reboot the isa server.
I need to know where to look to get started troubleshooting this issue. The client says it could not resolve the isa server. I ran a virus scan and it had a virus "bkdr_coreflood.b" (see why I need isa?) Which I removed, but it still seems to be having issues even getting connected in the first place, and then staying connected.
I can't put anything else behind the firewall untill I get this issue solved.
If I get this issue solved, the only other problem I have is that no one from outside the network can ftp into the web sites. I need administrators (authenticated, no anonymous) to be able to ftp some of their files to the server. I can't find any tutorials on this subject.
how do I get a response to this post? I've been struggling with this issue for three days now, hoping for a response from anyone here. Where do I start troubleshooting this issue? The clients keep losing their internet connection, and the only thing that works is to reboot the isa server! I can't do this a dozen times a day! So far I've found this to be really difficult to configure and even harder to understand. I've been over and over every setting, and done everything I can possibly read here on this site. Does anyone have a clue where to start looking to figure out why only when I reboot the isa server do I get my connections back? This is my first time posting on a discussion board in my 8 years of building web sites, because I believe no one answers the posts when you really need them.
I think I found a helpful article. It doesn't keep me on forever, but it has kept me on for longer periods. Something is definitely wrong, and I don't know what, but this helped.... http://support.microsoft.com/?kbid=316356 It suggests a registry hack to increase the number of concurrent connections that are allowed per client. Upping it to 100 has kept me online for several hours in a row. Now to find out what it is that seems to need that many concurrent connections, lol. (icq or outlook) I still think something is wrong in my setup somewhere. I wish there was a troubleshooting type section where I could go thru certain steps or tests to determine where this problem is. The isa server also stops allowing traffic from outside when it stops for the one client. You can still see the web site that's on the client iis server, but nslookup times out. I'd really like to just get this last issue itorned out before I go nuts.
Ok, it also looks like some kind of dns issue. I set forwarders on my dns server and made sure every little setting was exactly the way it says in the tutorials, and I've been online for 24 hours in a row now. My only gltich is a little pause sometimes when I change from one window to another... Like, I work with front page and I have the web site open in IE so I can see the changes. I make the change in front page, and it takes a long time to save the changes. Then, I click to refresh the web site in ie, and that seems to take a while. After that initial pause, while still in that focus, it no longer pauses, I can click and things respond in the expected time, but if I go back to front page, it pauses again. Once itĘs made the initial pause, I seem to have the connection again and it allows the normal quick responses. Just a little weird, but livable, lol.
Now, anybody know how to connect clients to pogo.com?
Ok, well, two weeks of this is getting a little tiring guys. I applied sp1 and the fix referenced in the article above.
I made sure the dns server on the internal network was right.
I've checked every setting, I've gone over every article, Ive read the entire book "Isa server and Beyond".
Now, can anyone suggest why this keeps happening?
On my firewall client I log onto icq, I go check my mail, and I may edit a few web sites with front page. I'm not trying to do anything wierd, I'm just trying to have a firewall.
At some randon length of time, anywhere from 5 minutes to 10 hours, the isa server just stops letting traffic thru. I can "Update Now" and it finds the isa server, but my icq won't connect, and my mail (outside my dsl router) can't be checked. I can't surf web sites. But I can check the mail server behind my dsl router. The only solution is to reboot the isa server! Then, everything works fine for it's random amount of time, and then quits again!
I have a small network set up to test this before I put my web sites behind it, and I'm screaming. I can't get this damn thing to stay connected for any decent length of time! ISA is NOT supposed to behave like this! I shouldn't have to reboot the isa server several times a day to stay connected.
I can't believe it's this hard to keep it connected?? What could I possibly be doing wrong? Nothing seems to help!
Can someone with a real answer please respond to this article? It appears that I am not the only one with this issue, but it sure does get flat out ignored. I can't even stay connected long enough to post this article!
Now mind you, when I go out from behind the isa server with a static ip, I don't have any problems connecting or staying connected, and it only solves when I reboot isa, restarting the firewall services doesn't help at all. Not to mention that when I CAN connect to web sites using isa, it responds very slowly, I feel like my dsl connection is dial up! I hate isa server! IT's a piece of junk, and there's no troubleshooting info about this anywhere!
RE: client disconnects intermittent could not resolve i... - 10.Nov.2003 12:17:00 AM
quote:Now mind you, when I go out from behind the isa server with a static ip, I don't have any problems connecting or staying connected, and it only solves when I reboot isa, restarting the firewall services doesn't help at all. Not to mention that when I CAN connect to web sites using isa, it responds very slowly, I feel like my dsl connection is dial up! I hate isa server! IT's a piece of junk, and there's no troubleshooting info about this anywhere!
Please can you explain a little further your network setup. Do you have your DSL connection coming into a router and then the ISA server is connected the router and then the rest of the network is connected behind the ISA server? So the router is maintaining the internet connection? When the ISA server stops passing traffic are you able to bypass the ISA server and carry on accessing the internet?
Yeah, I have the dsl connection coming into a dsl router. Then, I have a switch that has three hosts plugged into it - 1, a dns/iis/mail server, and 2, a workstation 3, the isa external connection. Both of these other hosts remain connected no matter what the isa server is doing. They are not set to look for the dhcp server or the isa server at all. They have statically assigned ips from my isp. There is a hub connected to the switch for this test network, until it works right. This hub has the isa server connected to it (internal), along with a dhcp server, a dns/iis server (with one web site for testing) and one workstation. all 3 of these are set to use the isa server as it's gateway. These clients all have dhcp ips reserved for them by mac address, so they'll remain constant, as outlined above.
RE: client disconnects intermittent could not resolve i... - 10.Nov.2003 5:48:00 PM
It makes it easier to ask questions using chat clients saves posting and then waiting for an answer/question ... if you want I can chat to you on icq and try and try and help a bit. You can e-mail me your icq number (bt[at]bhcs.co.uk)