New ISA Enteprise install problems (Full Version)

All Forums >> [ISA Server 2004 General ] >> Installation



Message


xdakotakid -> New ISA Enteprise install problems (3.May2005 5:08:00 AM)

I installed two new isa ent 2004 boxes according to the Microsoft ISA 2004 Enterprise configuration guide. I have 3 nic's, one for dmz, one for array communications and one for internal. The configuration database is on a DC. I have the DMZ pointing to two external dns server and the internal nic pointing to two internal dns servers.

I have an enterprise rule will all outbound from internal running after the array firewall policies and the normal Web Access Rule generated by ISA is in the firewall policy.

I haven't changed any of the system policies.

Using the MMC The configuration tab under monitoring shows both servers with errors of not connecting to the config storage on the dc and a "last updated" with an 11/29/1999 date? trying it from the server gives the same date and a can't establish a connection with its partner server error.

Web proxy doesn't work and the client end dumps out with an error code 11001:host not found.

Its probably something simple but...




tshinder -> RE: New ISA Enteprise install problems (3.May2005 10:08:00 AM)

Hi X,

Remove the external DNS servers from the DMZ NICs. You should *never* had external DNS servers configured on any NIC on an ISA firewall or firewall array member.

HTH,
Tom




xdakotakid -> RE: New ISA Enteprise install problems (3.May2005 5:36:00 PM)

So remove the DNS entries on the DMZ nic's and install the DNS server with stub zones on the isa box to do the forwarding?

Thanks!




xdakotakid -> RE: New ISA Enteprise install problems (3.May2005 6:46:00 PM)

I've removed the external dns references and setup the dns forwarding per your book with the appropriate rules.

The dns requests are being blocked by the server. I see the client ip (internal dns server) destination ip (isa) prt 53 denied connection [Enterprise] Default Rule 0xc004000d internal to local host.

the first firewall rule is allow dns from internal to local host all users. I've also tried opening all internal to local host and there is no difference.




Page: [1]