Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
Dear Friends, I have Isa 2004 Ent. installed in my Domain Controlles, I have DNS and DHCP installed in this server.
I use Isa to allow my clients to conect the internet.
I have two lan.
1º - Is my internal lan( IP 192.168.0.1 - 255.255.255.0 - gateway 0.0.0.0 Dns - 192.168.0.1)
2º - Is my external lan
When Users access the internet after I install ISA 2004 SP2 the web access is slowest. When i open a page the browser need about 2 or 3 seconds to start opening the page, When the browser start loading the page is faster, but I think that to resolve the name of the server and start making the donwload of the page I have some problems.
What i can do to check if there is a problem with my configuration ?
I use the best analyser tool for isa and they said to me that cannot conect to the Primary DNS SERVER ( the local and the external) but if I use nslookup i can resolve the name of the servers.
Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
Dear Sunny,
thanks for the answer I don't creat a rule to allow my server Dns to connect to a external DNS, But Isa have a rule that allow DNS from Local Host to Network Objets, i think that this rule make this.
Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
I check My DNS, and in the event viewer I have the following message:
The DNS server encountered a packet addressed to itself on IP address 192.168.0.1. The packet is for the DNS name "guru.grisoft.com.". The packet will be discarded. This condition usually indicates a configuration error.
Check the following areas for possible self-send configuration errors: 1) Forwarders list. (DNS servers should not forward to themselves). 2) Master lists of secondary zones. 3) Notify lists of primary zones. 4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server. 5) Root hints.
Example of self-delegation: -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com. -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com, (bar.example.microsoft.com NS dns1.example.microsoft.com) -> BUT the bar.example.microsoft.com zone is NOT on this server.
Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record.
You can use the DNS server debug logging facility to track down the cause of this problem. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I think that is because this that my connection is very slow, because my DNS in the DC aren't connecting to another to resolve the name and this causes the delays.
Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
I think you dns is having trouble resolving external addresses. Configure a rule Internal DNS to external and see if that helps you. Make sure to have a strong forwarder in your dns, perhaps your isp's dns.
Posts: 41
Joined: 11.Jul.2005
From: Brazil
Status: offline
I check My DNS, and in the event viewer I have the following message:
The DNS server encountered a packet addressed to itself on IP address 192.168.0.1. The packet is for the DNS name "guru.grisoft.com.". The packet will be discarded. This condition usually indicates a configuration error.
Check the following areas for possible self-send configuration errors: 1) Forwarders list. (DNS servers should not forward to themselves). 2) Master lists of secondary zones. 3) Notify lists of primary zones. 4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server. 5) Root hints.
I look the forwarders list and my local ip was on the list, so is because this that is very slow, because that it try to resolve the DNS first in my internal Server and not in the server of my ISP, is because this that I have the delay
Possible Cause: It appears that ISA Server 2004 Update KB960995 changes the "connection limit per client" from 160 to 40. When a client opens a webpage that has many ads, it can exceed the connection limit and the client is cut-off until some of the connections close. This can be verified using ISA Server Performance Monitor and watching the Active TCP Connection line. When it goes beyond 40 the client will experieince "slow" (actually limited connection) Internet access.
Solution: Check the "Connection limit per client" setting (steps below).
Steps: 1. Open ISA Server Management.
2. Left Pane: Microsoft Internet Security and Acceleration Server 2004 > [Name of Server] > Configuration General
Center Pane: Under “Additional Security Policy”, Define Connection Limits
3. Change “Connection limit per client (TCP and non-TCP)” to a higher value. 200 seems adequate from monitoring in ISA Server Performance Monitor. From testing this limit seems to apply separately to TCP and to non-TCP instead of a combined limit for both. Default used to be 160, but when I did testing I could exceed 160 connections by opening web pages one after another on a client computer, so 200 seems like a good limit.
or
uncheck “limit the number of connections” (not preferred since a large number could be opened by a client computer with a virus)
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> General >> Isa 2004 Web Acess Slow 
Isa 2004 Web Acess Slow - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread