• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

New ISA Enteprise install problems

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> New ISA Enteprise install problems Page: [1]
Login
Message << Older Topic   Newer Topic >>
New ISA Enteprise install problems - 3.May2005 5:08:00 AM   
xdakotakid

 

Posts: 12
Joined: 29.Jul.2004
Status: offline
I installed two new isa ent 2004 boxes according to the Microsoft ISA 2004 Enterprise configuration guide. I have 3 nic's, one for dmz, one for array communications and one for internal. The configuration database is on a DC. I have the DMZ pointing to two external dns server and the internal nic pointing to two internal dns servers.

I have an enterprise rule will all outbound from internal running after the array firewall policies and the normal Web Access Rule generated by ISA is in the firewall policy.

I haven't changed any of the system policies.

Using the MMC The configuration tab under monitoring shows both servers with errors of not connecting to the config storage on the dc and a "last updated" with an 11/29/1999 date? trying it from the server gives the same date and a can't establish a connection with its partner server error.

Web proxy doesn't work and the client end dumps out with an error code 11001:host not found.

Its probably something simple but...
Post #: 1
RE: New ISA Enteprise install problems - 3.May2005 10:08:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi X,

Remove the external DNS servers from the DMZ NICs. You should *never* had external DNS servers configured on any NIC on an ISA firewall or firewall array member.

HTH,
Tom

(in reply to xdakotakid)
Post #: 2
RE: New ISA Enteprise install problems - 3.May2005 5:36:00 PM   
xdakotakid

 

Posts: 12
Joined: 29.Jul.2004
Status: offline
So remove the DNS entries on the DMZ nic's and install the DNS server with stub zones on the isa box to do the forwarding?

Thanks!

(in reply to xdakotakid)
Post #: 3
RE: New ISA Enteprise install problems - 3.May2005 6:46:00 PM   
xdakotakid

 

Posts: 12
Joined: 29.Jul.2004
Status: offline
I've removed the external dns references and setup the dns forwarding per your book with the appropriate rules.

The dns requests are being blocked by the server. I see the client ip (internal dns server) destination ip (isa) prt 53 denied connection [Enterprise] Default Rule 0xc004000d internal to local host.

the first firewall rule is allow dns from internal to local host all users. I've also tried opening all internal to local host and there is no difference.

(in reply to xdakotakid)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> New ISA Enteprise install problems Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts