Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of 2003 SP1 Final Release w/ISA2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 28.Apr.2005 2:40:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Joe,
Haven't heard anything else yet. I've tried to repo it with a number of different configs but haven't tried the Sec Config Wiz yet. I'll do that soon for an article to put up on the site.
HTH,
Tom
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 30.Apr.2005 10:40:00 AM
|
|
|
md3v
Posts: 308
Joined: 22.Jan.2002
Status: offline
|
All,
Our server had Windows 2003 SE and ISA 2004 SP1 installed, we installed Windows 2003 SP1 today and the following error is now displayed in our event log/s:
==============================
Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5783
Date: 4/30/2005
Time: 3:21:38 PM
User: N/A
Computer: <gw>
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\<dc> for the domain PETRAPARTNERS is not responsive. The current RPC call from Netlogon on \\<gw> to \\<dc> has been cancelled.
==============================
Does anyone know of a fix for this?
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 30.Apr.2005 6:18:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi M,
What's the configuration on the ISA firewall's interfaces?
Did you run the Security Configuration Wizard?
Thanks!
Tom
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.May2005 7:30:00 PM
|
|
|
md3v
Posts: 308
Joined: 22.Jan.2002
Status: offline
|
Tom/All,
No, we did not run or install the security configuration wizard.
No configuration was changed post install of Windows 2003 SP1.
Server is a member server, two NIC's - one WAN, one LAN.
m.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 1.May2005 7:37:00 PM
|
|
|
md3v
Posts: 308
Joined: 22.Jan.2002
Status: offline
|
All,
Looks like Windows 2003 SP1 breaks a few more ISA/IAS (RRAS) related items:
==
Event Type: Information
Event Source: IAS
Event Category: None
Event ID: 5050
Date: 5/2/2005
Time: 12:38:44 AM
User: N/A
Computer: <gw>
Description:
The description for Event ID ( 5050 ) in Source ( IAS ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <domain>, <domain>.
==
I would like to roll back both ISA SP1 and Windows 2003 SP1 but am afraid of the ramifications.
Does anyone have any input on the above?
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.May2005 10:51:00 AM
|
|
|
hopiconjo
Posts: 5
Joined: 28.Jan.2005
From: Amsterdam
Status: offline
|
Hi M,
I did a rollback of SP1 without any errors. To besure make a backup of your config
Greggy
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.May2005 10:52:00 AM
|
|
|
md3v
Posts: 308
Joined: 22.Jan.2002
Status: offline
|
Hi,
I contacted MS PSS who provided:
Windows2000-KB898060-x86-Custom-ENU.EXE
Which doesn't help/work as its only for Windows 2000 and we're running Windows 2003 SP1. We are waiting for them to re-send the correct patch.
In the mean time, the two issues we are having (outlind above) do not seem to be affecting the overall function of the server.
VPN/RRAS is still working correctly and we can browse our corp. network from the ISA box (when enabled) although browsing is extremely slow.
I'll update you as more information becomes available.
m.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.May2005 12:00:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi M,
Thanks! Everyone will be interested in any findings you come up with.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 2.May2005 3:56:00 PM
|
|
|
Guest
|
This post doesn't really add a lot to this thread but like Tom I have installed Windows SP1 many times without any problems. I have upgraded to 2003 SP1 on 10 production ISA 2004 servers with SP1 and not one problem at all. I will be doing more installs in the near future and hope not to have these issues arise for me. I too look forward to a resolution to these issues.
Joe
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.May2005 9:45:00 AM
|
|
|
md3v
Posts: 308
Joined: 22.Jan.2002
Status: offline
|
All,
After installing WindowsServer2003-KB898060-x86-enu.exe, it broke several more things, thanks Microsoft!
When our gateway/ISA 2003 box books we get five different errors now:
======================
(1) Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 5/3/2005
Time: 2:33:17 PM
User: NT AUTHORITY\SYSTEM
Computer: <GW>
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
(2) Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: 5/3/2005
Time: 2:33:17 PM
User: NT AUTHORITY\SYSTEM
Computer: <GW>
Description:
Windows cannot find the machine account, No authority could be contacted for authentication. .
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
(3) Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 7
Date: 5/3/2005
Time: 2:33:17 PM
User: N/A
Computer: GW1
Description:
The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client <GW> in realm <DOMAIN> had a PAC which failed to verify or was modified. Contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0 ^..+
(4) Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 5/3/2005
Time: 2:33:17 PM
User: N/A
Computer: <GW>
Description:
This computer was not able to set up a secure session with a domain controller in domain <DOMAIN> due to the following:
The remote procedure call was cancelled.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 50 00 02 c0 P..+
(5) Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5783
Date: 5/3/2005
Time: 2:33:16 PM
User: N/A
Computer: <GW>
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller <GW> for the domain <DOMAIN> is not responsive. The current RPC call from Netlogon on <GW> to <DOMAIN> has been cancelled.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
======================
Microsoft's PSS was unable to help even after clearly explaining to them that the problem occured post Windows 2003 SP1 being installed.
Our build senario:
Windows Server 2003 > ISA 2003 > ISA 2003 SP1 > Windows 2003 SP1.
Our GW machine is now damaged the firewall client is no longer functioning and access to remote shares is slow to impossible.
Does anyone have a solution for this or should I rebuild the box?
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.May2005 9:54:00 AM
|
|
|
hopiconjo
Posts: 5
Joined: 28.Jan.2005
From: Amsterdam
Status: offline
|
Hi M,
What I did: remove ISA out of domain. Rollback SP1 2003. Join the domain en restore latest configuration files before installing SP1.
Greggy
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.May2005 10:04:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by <Joe>:
This post doesn't really add a lot to this thread but like Tom I have installed Windows SP1 many times without any problems. I have upgraded to 2003 SP1 on 10 production ISA 2004 servers with SP1 and not one problem at all. I will be doing more installs in the near future and hope not to have these issues arise for me. I too look forward to a resolution to these issues.
Joe
Hi Joe,
Thanks! Its does add something, because it shows that at least I'm not crazy in that I've never had any problems either. Sure wish we could figure out what the problem is. I wonder if it might be related to domain Group Policy security settings for domain joined ISA firewalls?
Thanks!
Tom
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.May2005 10:05:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Greggy:
Hi M,
What I did: remove ISA out of domain. Rollback SP1 2003. Join the domain en restore latest configuration files before installing SP1.
Greggy
Hi Greggy,
Thanks!
Tom
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.May2005 11:17:00 AM
|
|
|
Guest
|
I have same problems&events ...
but i had this issue before SP1 for Win2k3
Win2k3 -> Isa2k4 -> IsaSP1
rule for allow internal-localhost solve trouble. but after i applied WinSP1 to firewall list of err reincarnate.
If problem persist in EL i see netlogon errs and after only 14-15 min users experiencing auth troubles (with some err-events in EL). For now i move Isa2k4 to workgroup and errors are gone.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 3.May2005 11:25:00 AM
|
|
|
md3v
Posts: 308
Joined: 22.Jan.2002
Status: offline
|
I have tried all of the above, remove/rejoin etc with no success.
It looks like I will have to rebuild as its now affecting Intra-Domain communications:
==
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 47
Date: 5/3/2005
Time: 4:08:38 PM
User: N/A
Computer: <GW>
Description:
Time Provider NtpClient: No valid response has been received from manually configured peer <DC> after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
==
and....
==
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 27
Date: 5/3/2005
Time: 4:23:38 PM
User: N/A
Computer: GW1
Description:
Time Provider NtpClient: The response received from domain controller fs1.petrapartners.net is missing the signature. The response may have been tampered with and will be ignored.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
==
I'm quite preturbed that a MS patch has made the issue worse.
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 5.May2005 5:29:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey folks,
Can *someone* please give a detailed description of the IP address configuration settings they're using on the ISA firewall? Even better, if someone will send a backup of their configuration, I'll restore it on a test machine and see if I can fix the problem.
HTH,
Tom
|
|
|
|
|
RE: Discussion of 2003 SP1 Final Release w/ISA2004 - 6.May2005 2:37:00 AM
|
|
|
Alebur
Posts: 2
Joined: 6.May2005
Status: offline
|
Hi everyone,
After SP1 for Server 2k3 and SP1 for ISA2004 rejoin ISA to domain, or right click on My computer- Properties - Computer Name - Change-remove domain suffix (e.g. bla.bla. local and restart PC. All errors like Userenv, Netlogon etc. will disappear.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Frown]](/image/smiles/frown.gif)
That's good for me, but I would really like to understand the configs that break.![[Smile]](/image/smiles/smile.gif)
I'm at the moment going through the book Implementing MS ISA2004 as a part of MCSE achievement. Anyway, I've build a small lab or 3 BOX 2 running Win2k3, one as DC, other as member server for ISA2k4 and third running WinXP as client. I was suprised with number of errors that appear on the boot on the ISA2k4 box like ...