• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DHCP Request Denied

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> DHCP Request Denied Page: [1]
Login
Message << Older Topic   Newer Topic >>
DHCP Request Denied - 25.Mar.2006 10:14:29 AM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi All,

I'd really appreciate an understanding on this one.

Isa 2004 on W2k3 (All SPs applied) with two DHCP rules as follows:

1) DHCP Request Allow -> DHCP Request Protocol -> From Anywhere -> To Localhost -> For All Users
2) DHCP Reply     Allow -> DHCP Reply Protocol -> From Localhost -> To Internal - > For All Users

Out of the blues (YEAH, no config change whatsoever!) machines working with DHCP have the "limited or no connectivity" exclamation mark! DHCP service running ok on the server but when I go to Live Logging I get the entries below.

10.10.10.71    ISASERVER -  UDP -      -    68 0 0 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED  0x0 Firewall 3/25/2006 11:55:50 AM 255.255.255.255 67 DHCP (request) Denied Connection  10.10.10.71  Internal Local Host - - 0x0
10.10.10.71    ISASERVER -  UDP -      -    68 0 0 0 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED  0x0 Firewall 3/25/2006 11:55:50 AM 255.255.255.255 67 DHCP (request) Denied Connection  10.10.10.71  Internal Local Host - - 0x0
10.10.10.2    ISASERVER -  UDP -      -    67 0 0 0 0x0   0x0 Firewall 3/25/2006 11:55:50 AM 10.10.10.71 68 DHCP (reply) Initiated Connection Internal 10.10.10.2  Local Host Internal - - 0x0


The bad part is that in this case the machine actually got a reply, but in other cases the machines did not get any replies whatsoever. Who's mulfunctioning here, me, dhcp or isa?
Post #: 1
RE: DHCP Request Denied - 25.Mar.2006 6:31:59 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Hanta,

Interesting. Get some packet traces of when this happens and send them along.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to hantahipi)
Post #: 2
RE: DHCP Request Denied - 25.Mar.2006 7:35:10 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
so check if its something wrong from ISA , create an Allow rule:

Allow
Allow Outbound Protocols
From : Localhost & Internal
To : Localhost & Internal
All Users

make sure to put this rule oin the top of others.

if DHCP worked , then its something in ur isa configuration

i think u have the DHCP server on the same box that ISA is installed on right ? then make sure to disable the System Policy rules that allows DHCP request and reply ( as they consider ISA is issuing the request and getting the reply)

then check this :
Configuring the ISA Server Computer as a DHCP Server





_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to hantahipi)
Post #: 3
RE: DHCP Request Denied - 27.Mar.2006 8:42:30 AM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi Tom,

I used ethereal to get the info below, I am a novice with ethereal which is a good excuse if whats down here is not what you asked for  (that will be especially so with the display filtering, so i pulled out only portions that i thought relate to this issue) The +++++++ indicates portions as were copied

No.     Time        Source                Destination           Protocol Info
   419 16.475146   0.0.0.0               255.255.255.255       DHCP     DHCP Discover - Transaction ID 0xf87c8c6e
Frame 419 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 0.0.0.0 (0.0.0.0), Dst Addr: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   420 16.475318   10.10.10.2            255.255.255.255       DHCP     DHCP Offer    - Transaction ID 0xf87c8c6e
Frame 420 (361 bytes on wire, 361 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   421 16.476023   0.0.0.0               255.255.255.255       DHCP     DHCP Request  - Transaction ID 0xf87c8c6e
Frame 421 (360 bytes on wire, 360 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 0.0.0.0 (0.0.0.0), Dst Addr: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   422 16.476482   10.10.10.2            255.255.255.255       DHCP     DHCP ACK      - Transaction ID 0xf87c8c6e
Frame 422 (361 bytes on wire, 361 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   423 16.481559   10.10.10.71           Broadcast             ARP      Who has 10.10.10.71?  Gratuitous ARP
Frame 423 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: ff:ff:ff:ff:ff:ff
Address Resolution Protocol (request/gratuitous ARP)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
No.     Time        Source                Destination           Protocol Info
   666 18.708877   10.10.10.71           224.0.0.22            IGMP     V3 Membership Report
Frame 666 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 01:00:5e:00:00:16
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 224.0.0.22 (224.0.0.22)
Internet Group Management Protocol
No.     Time        Source                Destination           Protocol Info
   667 18.711177   10.10.10.71           255.255.255.255       DHCP     DHCP Inform   - Transaction ID 0x841a72ef
Frame 667 (590 bytes on wire, 590 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   668 18.711359   10.10.10.2            Broadcast             ARP      Who has 10.10.10.71?  Tell 10.10.10.2
Frame 668 (42 bytes on wire, 42 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: ff:ff:ff:ff:ff:ff
Address Resolution Protocol (request)
No.     Time        Source                Destination           Protocol Info
   669 18.711511   10.10.10.71           10.10.10.2            ARP      10.10.10.71 is at 00:11:0a:3d:00:cf
Frame 669 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Address Resolution Protocol (reply)
No.     Time        Source                Destination           Protocol Info
   670 18.711516   10.10.10.2            10.10.10.71           DHCP     DHCP ACK      - Transaction ID 0x841a72ef
Frame 670 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Frame 675 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   676 18.868792   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 676 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   677 18.872122   10.10.10.71           10.10.10.2            NBNS     Registration NB DOMAIN<00>
Frame 677 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   678 18.872287   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 678 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   679 18.873584   10.10.10.71           10.10.10.2            NBNS     Registration NB DOMAIN<1e>
Frame 679 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   680 18.873698   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 680 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   681 18.906180   10.10.10.71           10.10.10.2            NBNS     Registration NB CT<20>
Frame 681 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   682 18.906344   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 682 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   683 18.911208   10.10.10.71           10.10.10.2            DHCP     DHCP Request  - Transaction ID 0x521f8c47
Frame 683 (348 bytes on wire, 348 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   684 18.911652   10.10.10.2            10.10.10.71           DHCP     DHCP ACK      - Transaction ID 0x521f8c47
Frame 684 (361 bytes on wire, 361 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
No.     Time        Source                Destination           Protocol Info
   685 18.917473   10.10.10.71           10.10.10.2            NBNS     Refresh NB CT<20>
Frame 685 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   686 18.917719   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 686 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   687 18.918297   10.10.10.71           10.10.10.2            NBNS     Refresh NB CT<00>
Frame 687 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   688 18.918416   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 688 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   689 18.918650   10.10.10.71           10.10.10.2            NBNS     Refresh NB DOMAIN<1e>
Frame 689 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   690 18.918765   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 690 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   691 18.918997   10.10.10.71           10.10.10.2            NBNS     Refresh NB DOMAIN<00>
Frame 691 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   692 18.919107   10.10.10.2            10.10.10.71           NBNS     Registration response NB 10.10.10.71
Frame 692 (104 bytes on wire, 104 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: netbios-ns (137)
NetBIOS Name Service
No.     Time        Source                Destination           Protocol Info
   693 18.923156   10.10.10.71           10.10.10.2            DNS      Standard query SOA ct.domain.local
Frame 693 (81 bytes on wire, 81 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: 3385 (3385), Dst Port: domain (53)
Domain Name System (query)
No.     Time        Source                Destination           Protocol Info
   694 18.923318   10.10.10.2            10.10.10.71           DNS      Standard query response, No such name
Frame 694 (153 bytes on wire, 153 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: domain (53), Dst Port: 3385 (3385)
Domain Name System (response)
No.     Time        Source                Destination           Protocol Info
   695 18.931184   10.10.10.71           10.10.10.255          BROWSER  Request Announcement CT
Frame 695 (215 bytes on wire, 215 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.255 (10.10.10.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol
No.     Time        Source                Destination           Protocol Info
   696 18.931304   10.10.10.71           10.10.10.2            DNS      Dynamic update SOA domain.local
Frame 696 (127 bytes on wire, 127 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: 00:12:79:92:1f:b0
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.2 (10.10.10.2)
User Datagram Protocol, Src Port: 3387 (3387), Dst Port: domain (53)
Domain Name System (query)
No.     Time        Source                Destination           Protocol Info
   697 18.931457   10.10.10.2            10.10.10.255          BROWSER  Local Master Announcement ISASERVER, Workstation, Server, SQL Server, Domain Controller, Time Source, Dialin Server, NT Workstation, Master Browser, Unknown server type:23
Frame 697 (243 bytes on wire, 243 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.255 (10.10.10.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol
No.     Time        Source                Destination           Protocol Info
   698 18.931533   10.10.10.2            10.10.10.71           DNS      Dynamic update response, RRset does not exist CNAME A 10.10.10.71
Frame 698 (127 bytes on wire, 127 bytes captured)
Ethernet II, Src: 00:12:79:92:1f:b0, Dst: 00:11:0a:3d:00:cf
Internet Protocol, Src Addr: 10.10.10.2 (10.10.10.2), Dst Addr: 10.10.10.71 (10.10.10.71)
User Datagram Protocol, Src Port: domain (53), Dst Port: 3387 (3387)
Domain Name System (response)
No.     Time        Source                Destination           Protocol Info
   699 18.934738   10.10.10.71           10.10.10.255          BROWSER  Host Announcement CT, Workstation, Server, NT Workstation, Potential Browser
Frame 699 (243 bytes on wire, 243 bytes captured)
Ethernet II, Src: 00:11:0a:3d:00:cf, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol, Src Addr: 10.10.10.71 (10.10.10.71), Dst Addr: 10.10.10.255 (10.10.10.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol


Thanks

(in reply to tshinder)
Post #: 4
RE: DHCP Request Denied - 27.Mar.2006 8:46:33 AM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi Elmajdal,

I already have that rule and yes on top of all other allow rules, DHCP server is in the same box as isa.

DHCP has been working for months, so am not as much concerned about misconfiguration, the isa logs also say the problem is not dhcp service I disabled system policy on DHCP and it still logs the same.

Thanks

(in reply to elmajdal)
Post #: 5
RE: DHCP Request Denied - 31.Mar.2006 4:10:08 PM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi Tom, Hi all,

I'd appreciate some response. By the way, I have noted that all my dhcp requests are logged as denied connections although after much wadding in the dark, requests are being served.

Thanks

(in reply to hantahipi)
Post #: 6
RE: DHCP Request Denied - 1.Apr.2006 8:13:17 AM   
Zac

 

Posts: 44
Joined: 6.Oct.2005
From: Kuwait
Status: offline
Hi,


When I tested ISA 2004, I did install DHCP on the same box. Everything went on well for a few weeks but then I started to get a lot of troubles in DHCP. Though Microsoft says we can install DHCP on the same box as ISA, I don't think that it is good idea. It is always safe and healthy to have a separate DHCP server in your net work.

Zac.

(in reply to hantahipi)
Post #: 7
RE: DHCP Request Denied - 4.Apr.2006 3:44:45 PM   
Tom Decaluwe

 

Posts: 135
Joined: 23.Jul.2003
Status: offline
Hi hantahipi,

I had a quick look at your post and found this little line in your initial post "FWX_E_FWE_SPOOFING_PACKET_DROPPED" When you look a the realtime ISA monitor are you seeing denied packegs from the DHCP server or Client to a destination without a rule indicating why it was being dropped?

If you are it's because you have as this log indicates spoofing pracket problems. The ISA rules you have setup are perfect for dhcp and i think it might be on the network layer.

Is the DHCP service running on the ISA box or on a server on the other end of the ISA network?
Did you put in place a new switch / HUB? I have seen a similar problem on a network where they had a cisco layer3 switch inplace and had both interfaces of the ISA box on the same catalyst but misconfigured the interVLAN routing causing packets to travel from untrusted interface A to trusted interface B without passing through the ISA itself => spoof alerts packets where dropped and you lose DHCP.

let us know what the physical connections are for the box and have a look in the real time monitor for blanc line denied packets.

cheerz,

Tom


_____________________________

Tom Decaluwť
MCSE 2000/2003 - CCNA
http://www.it-talks.be

(in reply to Zac)
Post #: 8
RE: DHCP Request Denied - 6.Apr.2006 11:40:08 AM   
hantahipi

 

Posts: 84
Joined: 26.Jan.2006
From: Kenya
Status: offline
Hi Tom,

Thanks for your input

I have not changed hardware, specific to switches and hubs and for these specific machines not even network cards. The only denied connections i get without invoking DHCP activity are from external IPs and thats what isa is for, also other denied connections relate to specific access rules ie i have schedules for certain machines access to the internet.

DHCP service is running on the isa box, yes

Thanks

(in reply to Tom Decaluwe)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> DHCP Request Denied Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts