Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of 2003 SP1 Final Release w/ISA2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 1:17:00 AM
|
|
|
SteveMoffat
Posts: 172
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
|
Well, Thats 2 dc's and my exchange server sp'd...no issues whatsoever.
ISA I'm leaving for a couple of hours just to see if anything shows up
S
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 1:51:00 AM
|
|
|
gazc
Posts: 71
Joined: 31.Jan.2005
From: UK
Status: offline
|
Barring WW, is everyone testing this by installing on the ISA servers as well as the DC's etc.
The errors dont come untill you install SP1 on the ISA server.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 3:49:00 AM
|
|
|
SteveMoffat
Posts: 172
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
|
Well, I bit the bullet after having installed it on my vmware lab last night with no issues.
Updated my production servers, 2 W2K3 DC's, 1 Exch 2K3 and ISA 2k4.
No issues, no errors, no problem. On any of the servers.
S
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 9:35:00 AM
|
|
|
tinto
Posts: 225
Joined: 9.Sep.2004
From: Italy
Status: offline
|
quote:
Originally posted by gazc:
Barring WW, is everyone testing this by installing on the ISA servers as well as the DC's etc.
The errors dont come untill you install SP1 on the ISA server.
microsoft says "we have tested 2003 SP1 with many applications of third parties".
did they forget to test with microsoft ISA2004(all recommend patches installed)?
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 4:39:00 PM
|
|
|
LLigetfa
Posts: 2184
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
|
Since my ISA 2K4 server is still in pilot, I threw caution to the wind and installed SP1 via an RDP remote session (did not even use the /console option) and it went in without significant incident. Well... my connectivity verifiers all screamed at boot but after that, they were fine.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 7:53:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
So is anyone else receiving the following event log errors at boot? Again, this is not only 2003 SP1 but ISA2004's SP1, and 2003 SP1 running on the domain DC's:
System Log:
EventID 7 The kerberos subsystem encountered a PAC verification failure
EventID 5719 This computer was not able to set up a secure session with a domain controller in domain XXXXX due to the following:
The remote procedure call was cancelled
EventID 5783 The session setup to the Windows NT or Windows 2000 Domain Controller \\XXXXXXX for the domain XXXXXX is not responsive. The current RPC call from Netlogon on \\XXXXX to \\XXXXXXXXX has been cancelled
App log:
EventID 14176 cache failed to initialize
EventID 1097 Windows cannot find the machine account, No authority could be contacted for authentication
EventID 1030 Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.Apr.2005 11:28:00 PM
|
|
|
kikovass
Posts: 4
Joined: 1.Apr.2005
Status: offline
|
I installed 2k3 SP1 this morning from at Terminal Services connection. ISA seems to be doing fine but there does seem to be 1 issue.
I am receiving a TermServices 1036 error and my TS connection to ISA 2k4 is not being completed. ISA live monitoring shows the conneciton allowed but connection is not being made and the 1036 error is showing up.
Windows firewall is not on and I'm not sure what is going on. I'm going to start working the problem but does anyone else have any ideas?
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.Apr.2005 6:56:00 PM
|
|
|
dmutsaers
Posts: 45
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
|
I just installed Windows 2003 SP1 on my ISA 2004 SP1 machine. Now all IPSec tunnels are very unstable. (ISA 2004 - Draytek Vigor 2500) They all lose their connection within 5-10 minutes.
It disconnects all VPN tunnels at the same time.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.Apr.2005 7:15:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
I have to say I'm a bit disappointed with what I'm seeing with 2003 SP1 when combined with ISA 2004 SP1. MS is usually pretty decent about regression testing SP's with different products, but as we saw with ISA2004's SP1, they flat out broke the functionality of one of their own widely used tools - the fwctool.exe and <still> haven't posted a fix. (I'm really hoping they're aware of it and working on it)
Other than the above issues listed by those of us running ISA's SP1 as well as 2003 SP1, in my testing it appears that even though basic outbound functionality works, it seems noticeably less responsive than prior to applying SP1. I don't have an explanation for this <yet> but I'm curious if anyone else is experiencing any performance decrease other than VPN connections dropping, etc.
I'll keep testing and posting any results/workarounds I can identify. Again be sure you're running ISA's SP1 as well as 2003's SP1!
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.Apr.2005 7:41:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
LLigetfa,
Very true about my first comment applying to ISA's SP1, I guess it just seems almost out of character for any SP to break a widely used MS tool - at least in the last 5-7 years.....contrary to what all the MS haters have to say they <usually> are pretty good about regression testing.
I'm not one to suggest that going backwards (or not moving forward) is a viable option, so you're absolutely right we'll get the wrinkles ironed out, just going to take some time!
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.Apr.2005 7:45:00 PM
|
|
|
dmutsaers
Posts: 45
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
|
quote:
Originally posted by dmutsaers:
I just installed Windows 2003 SP1 on my ISA 2004 SP1 machine. Now all IPSec tunnels are very unstable. (ISA 2004 - Draytek Vigor 2500) They all lose their connection within 5-10 minutes.
It disconnects all VPN tunnels at the same time.
Just uninstalled Windows 2003 SP1 and my IPSec tunnels behave normally again. It looks like the IPSec tunnel keeps regenerating keys every 5 min, even if the ipsec settings are set to 28800 secs. Every 5 min. a drop in the connection is too much.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.Apr.2005 7:37:00 AM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
Well, even after turning off strict RPC compliance in the system policy, and ensuring localhost rules exist the above netlogon and kerberos errors appear at boot. Mind you, I rebooted multiple times just before applying 2003 SP1 to compare event logs and these errors only appear after applying 2003 SP1 to ISA2004 SP1.
I may try to take some before and after registry snapshots to identify if there is a service dependancy change that would cause these errors.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.Apr.2005 7:57:00 AM
|
|
|
dmutsaers
Posts: 45
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
|
quote:
Originally posted by WyldWolf:
... these errors only appear after applying 2003 SP1 to ISA2004 SP1
Well, these errors didn't appear when I installed Windows 2003 SP1 on my ISA2004 SP1 machine. I wish I could give you more assistance on the issue you're having.
Maybe take a look at the following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;883268
[ April 03, 2005, 08:00 AM: Message edited by: dmutsaers ]
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.Apr.2005 6:44:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
Seen the knowledgebase articles, they don't apply to this setup. I've reproduced this a couple times, so I'll wait for some additional feedback as to what Tom's testing shows.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.Apr.2005 7:23:00 PM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
Also can confirm if I uninstall 2003 SP1 and continually reboot, the Kerberos and RPC errors are gone so it's definitly an issue with 2003 SP1.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 4.Apr.2005 2:12:00 AM
|
|
|
WyldWolf
Posts: 246
Joined: 3.Mar.2005
From: Wisconsin
Status: offline
|
Tom,
That link takes us to the SP1 ISA download - which is already applied. I'm guessing it was a hotfix which has been superceded by the SP?
I've even done a repair and re-applied ISA's SP1 to be sure. But like I said, if I uninstall the 2003 SP1, the problems are gone. Reinstall 2003 SP1, problem is back. It definitly seems to revolve around changes made by Windows Server 2003 SP1.
[ April 04, 2005, 02:20 AM: Message edited by: WyldWolf ]
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 4.Apr.2005 1:06:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi WW,
OK, I'm having a senile moment here. What is the problem that ISA2004 SP1 doesn't fix?
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Big Grin]](/image/smiles/biggrin.gif)
.
![[Frown]](/image/smiles/frown.gif)
