I have a problem that I have been trying to correct and now at wits end.
I recently set up a new Windows 2003 Server. It has two NICS (one for local/ one for internet) Its a Domain Controller. I set up the DNS and DHCP servers and all the workstations connect and get the requested DHCP info. Now... I installed ISA Server 2004 on the same box and configured it. I can resolve DNS queries and all the static IP systems get on the internet fine. But the ones that require DHCP do not get the requested DHCP info. No IP no nothing and I get the error that it can not reach the DHCP server.
I tried a firewall access policy using the DHCP protocols with (from/listener)INTERNAL and (to) INTERNAL with no change. I tried to disable and enable the DHCP under the System Polcy with no effect.
How can I my workstations access to the DHCP server?
Posts: 114
Joined: 17.Nov.2004
From: Canada - Toronto
Status: offline
Hey Dale,
First of all ISA on DC is not a recommended solution neither a safe one. Anyway if you still want to use ISA on DC create an Access rule for DHCP protocols from LocalHost to Internal
RE: Can't get DHCP to work locally! - 12.Mar.2005 6:30:00 AM
Guest
Hi Dale:
For the last week I've had exactly the same problem as you described. Everyone says to just add the DHCP reply & request Accss Rules, but this does not work for me either.
Have you been successful in getting your client computers to register with DHCP (on ISA)???
RE: Can't get DHCP to work locally! - 13.Mar.2005 2:04:00 PM
Guest
Thank you for your reply, gazc.
I am running Win200 SP4 as the DC, with DNS and DHCP installed. Regrettably, we cannot afford another server at this point in time, to be the DC.
I tried the Access Rules you mentioned in your post, without success. I have decided to uninstall ISA 2004 and try a fresh start, but I have lingering concerns about my settings for the internal network. I have entered 192.168.10.0-255 as our internal network (server is 192.168.10.1), but can't help but wonder about the broadcast messages sent out by the DHCP clients. Can you please advise if my local network settings are adequate?
Posts: 71
Joined: 31.Jan.2005
From: UK
Status: offline
In theory that should work fine considering the ISA and the clients are on the same network.
Must be a reason other than security that MS does not support ISA2k4 installation on a DC.
Your only other option is (even though system policy cover internal networking rules by default) is to open the flood gates. Create a network set for Internal & Localhost then create a rule to allow all outbound traffic from Localhost & Internal to Localhost & Internal.
This should allow all traffic to flow between the 2, if this works, start restricting the protocols, 1 by 1...kinda hard but you will learn alot in the process.
RE: Can't get DHCP to work locally! - 14.Mar.2005 5:39:00 PM
Guest
Your suggestions were great, but I still did not have any luck. I decided to uninstall ISA et al and start from scratch.
Luckily, I found a pdf from Microsoft that I decided to follow - SA2004SE_QuickStart_Guide.pdf. It has step by step instructions for setting up ISA 2004 on a 2000 or 2003 server, with DHCP and DNS. I tried my best to stick to it, and incredibly all of the above is working.
I now realise that DNS required significantly more configurating than I anticipated. Also, little comments like "WARNING: Never enter a default gateway address on the internal interface" likely made a huge difference. Needless to say I definitely recommend it to anyone trying to run DHCP & DNS with ISA.
But all is not well. I'm having trouble logging on to my domain, and searching for the server from a client computer yields no result. So again I'm wondering about the unsupported role of running ISA on a DC that I'm trying to implement.
Microsoft never has stated that the ISA firewall isn't supported on a DC -- that's an ISAserver.org policy. It should be possible to do so, but because of the security issues involved with such a configuration, we can't with good conscience recommend such a solution.
Posts: 3
Joined: 21.Mar.2005
From: St. Vincent and the Grenadines
Status: offline
Hello Tom:
Ok, I don't know where I got that from. I am slowly but surely rebuilding the system from scratch. I noticed that my WINS server stopped functioning even before installing ISA (probably after connecting to Windows Update - I think I became infected with some mal-adware). I'm now at the point of running ISA unconfigured, and everything seems okay so far.
can you please explain in detail that which problems you are facing over win2k3 DC alongwith isa2k4, i am sure that i will be able to give you the most suitable solution... but regarding the issue of speed and quality, i agree with all others that not recommended to use isa2004 with win2003 domain controller. why dont you try using VPN over INTERNAL for the security purposes of your clients? plus this will reduce the exra broadcast traffic over internal network as the clients will connect the vpn only when they will feel the need of running internet and most of the times the bandwidth in shape of backend hidden viruses, trojans, updaters from client comp to isa at the time when their compuyters are on but they are not interested in suing the net, will be saved. think about this scenerio brother
Posts: 3
Joined: 21.Mar.2005
From: St. Vincent and the Grenadines
Status: offline
Hello Zain:
Your suggestion re vpn for the internal clients is very intriguing. I admit I have no idea how this might be setup, however. Can I suggest you start another thread and post your ideas on this there? That would be great.
As far as my setup is concerned, everything has been running smoothly for the past two days. (Yeah!) I initially had many problems logging on to the dc, which isa was also running on, but in hindsight I believe my setup was corrupted even before installing isa. Specifically, my wins server was not functioning properly and it seems the server had been infected with spy/malware.
Just for the record, I am running win2k as a dc with DHCP, DNS, WINS, ISA2004, and NAV Enterprise. I have an ADSL USB modem connected to the internet. I think it is important to note that this is a *very* small network with less than ten clients.
Many thanks to everyone here who took the time to respond and give assistance.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> Can't get DHCP to work locally! 
Can't get DHCP to work locally! - 
![[Wink]](/image/smiles/wink.gif)
![[Smile]](/image/smiles/smile.gif)
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread