Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Change ISP Slow down all access
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Change ISP Slow down all access - 28.Jun.2007 4:29:38 PM
|
|
|
pdsavard
Posts: 50
Joined: 16.Sep.2003
Status: offline
|
Hi, I just change my ISP. I receive a new bloc of public IP that I add in the external NIC card properties.
After that I change all my access rules that use spécific public IP to the new one, I change all the web listener IP.
I reset the SSL certificate on the new IP (link was lost when deleting the old IP).
Change All my public DNS to point to the new IP
Restart ISA computer
After that all works, but slowly:
1- My user complain slow internet browsing.
2- connect to OWA login page take 30-40 seconde and 30 more second to finish loading all the graphic interface
3- outlook connected with Rpc over HTTP can take between 5 to 25 min to complete inital connection after this initial connection all work good.
My cable ISP said that all is normal, the downlaod and upload speed that I test are good: 1.2 meg/sec in DN and 168 kbytes/sec UP.
Do I need to do something on the ISA server in case of changing all the external IP?
Thanks
|
|
|
|
|
RE: Change ISP Slow down all access - 28.Jun.2007 8:07:45 PM
|
|
|
pdsavard
Posts: 50
Joined: 16.Sep.2003
Status: offline
|
After several test and search here my result:
In the change of the new public IP in the externam NIC, I enter by error the ISP DNS. I thing this can slow down the internet browsing. I remove it I will see tomorrow.
For OWA and RPC, i think the problem is located in the SSL or Weblister. If I open an VPN to my internal network, Outlook and OWA respond normally and fast. If I close the VPN the long initial response come back. BUT in the weblistener I change the Public IP and a re-select the good certificate! Any suggestion?
I trace the RPC over HTTP connection with the logging in ISA and I can see many error like
443 Https Failed connection attempt 10054
A small part of the trace, I mark some interesting part:
70.81.203.112 TCP 2007-06-28 23:41:51 1066 129016 468 8546 0x0 0x0 - 2007-06-28 19:41:51 70.81.203.112 205.237.40.102 443 HTTPS Closed Connection 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN External Local Host - SRV-ISA Firewall
70.81.203.112 TCP 2007-06-28 23:42:04 1069 140516 468 432 0x0 0x0 - 2007-06-28 19:42:04 70.81.203.112 205.237.40.98 1723 PPTP Closed Connection [System] Allow VPN client traffic to ISA Server 0x80074e24 FWX_E_CONNECTION_KILLED External Local Host - SRV-ISA Firewall
70.81.203.112 TCP 2007-06-28 23:42:32 1066 0 0 0 0x0 0x0 - 2007-06-28 19:42:32 70.81.203.112 205.237.40.102 443 HTTPS Denied Connection 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED External Local Host - SRV-ISA Firewall
70.81.203.112 TCP 2007-06-28 23:42:44 1114 0 0 0 0x0 0x0 - 2007-06-28 19:42:44 70.81.203.112 205.237.40.102 443 HTTPS Initiated Connection 0x0 ERROR_SUCCESS External Local Host - SRV-ISA Firewall
70.81.203.112 GRE 2007-06-28 23:43:05 0 201219 573204 523039 0x0 0x0 - 2007-06-28 19:43:05 70.81.203.112 205.237.40.98 0 PPTP Closed Connection [System] Allow VPN client traffic to ISA Server 0x80074e24 FWX_E_CONNECTION_KILLED External Local Host - SRV-ISA Firewall
70.81.203.112 - TCP - - - 2007-06-28 23:43:06 1115 0 0 0 0x0 0x0 - 2007-06-28 19:43:06 70.81.203.112 205.237.40.102 443 HTTPS Initiated Connection 0x0 ERROR_SUCCESS External Local Host - SRV-ISA Firewall
0.0.0.0 MSRPC Yes Reverse Proxy webmail.baultar.com TCP RPC_IN_DATA Internet - - - Req ID: 08389447; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes - - - 2007-06-28 23:43:09 0 4953 0 948 0x8 0xa03 2007-06-28 19:43:09 70.81.203.112 10.0.1.4 443 https Failed Connection Attempt Srv-Exchange-OWA-RPC 64 adbaultar\piercath External http://webmail.baultar.com/rpc/rpcproxy.dll?srv-exchange.ad.baultar.com:6002 SRV-ISA Web Proxy Filter
0.0.0.0 MSRPC Yes Reverse Proxy webmail.baultar.com TCP RPC_OUT_DATA Internet - - - Req ID: 0838944b; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=yes, logged off=no, client type=unknown, user activity=yes - - - 2007-06-28 23:43:09 0 1703 918 369 0x40000008 0xe03 2007-06-28 19:43:09 70.81.203.112 10.0.1.4 443 https Failed Connection Attempt Srv-Exchange-OWA-RPC 10054 adbaultar\piercath External http://webmail.baultar.com/rpc/rpcproxy.dll?srv-exchange.ad.baultar.com:6002 SRV-ISA Web Proxy Filter
|
|
|
|
|
RE: Change ISP Slow down all access - 29.Jun.2007 10:49:06 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
The ISA log files won't help you with troubleshooting RPC/HTTP. You'll need to review your entire configuration and see if any errors come up in the Event Viewer. Also check my blog for some RPC/HTTP troubleshooting steps.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: Change ISP Slow down all access - 29.Jun.2007 10:55:31 AM
|
|
|
pdsavard
Posts: 50
Joined: 16.Sep.2003
Status: offline
|
Thanks Tom for your reply,
all problems is finally gone, but I don't understand well what append. I follow this 2 microsoft KB:
- 927695 that put EnableRSS to 0
- 905179 that put EnablePMTUDiscovery to 1
I restart ISA server and after little more minute not more slow connection. Webbrosing is fine, and OWA and RPC connect fast.
But why before changing my ISP public IP all work good without RSS and the PMTUDiscovery. I don't know.
|
|
|
|
|
RE: Change ISP Slow down all access - 29.Jun.2007 11:21:03 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
I don't know why either, but I should have thought about asking about the RSS bug! I'll know to ask about that everytime in the future :)
PMTU discovery is important for performance and should always be enabled. I should have thought of that too :)
Thanks for the follow up!
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
|
RE: Change ISP Slow down all access - 5.Sep.2007 3:34:30 PM
|
|
|
dmuscat
Posts: 15
Joined: 23.Jul.2004
From: Detroit Mi.
Status: offline
|
One Item I found to be a speed boost is PMTU Blackhole setting. See the following link: http://support.microsoft.com/kb/900926/en-us When I set this, My speeds accross the wan and internet via the ISA server improved better then just setting PMTU
|
|
|
|
|
RE: Change ISP Slow down all access - 6.Sep.2007 7:03:55 AM
|
|
|
tshinder
Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi D,
Thanks for the tip. I'll give it a try.
Tom
_____________________________
Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
