I hope to place that in the correct forum. I am confronted with a really strange problem, which seems to be well-known, but never solved. Perhaps you have an idea:
I'm running a Configuration Storage Server, which is a domain member, and an array with 2 ISA 2006 array member servers, which are in a workgroup only.
The installation and configuration, also of the needed server certificates, went fine, and ISA itself is running without problems. But: On the CSS server, I always get the message "Unable to retrieve data from: <array-member-name>". Also, the servers both are marked as unavailable in the "Servers" window.
If I connect the console directly from one of the ISA array member servers, everything is fine, they show "in-sync" with the CSS server.
Also the configuration (from both sides, on the CSS and the members) is working. The only thing that seems not to be OK is the connection from the CSS to the array members. This happens also after just setting up the servers exactly as described in Microsoft's setup guide.
Is anyone facing the same problem, and has eventually found a solution for that? thanks in advance, alex
i dont know if u use the isa2006 as firewall too, if u do so please create a new firewall rule that supercedes all others and let it <allow> <all traffic> <from> <array member servers> (the 2 isa2006 server + the css server) to <external> <for> <all users> then i think u will have proper communication between them. try and let me know.
That was one of my first thoughts, that it might be a firewall rule preventing it... I have added all kinds of allowances between all members, without any result...
What I can see if I look at the firewall monitoring, there ARE sometimes dropped packages that could be an indicator, but I'm not sure.
RPC (all interfaces) Initiated Connection [System] Allow remote management from selected computers using MMC 0x0 ERROR_SUCCESS
RPC (all interfaces) Closed Connection [System] Allow remote management from selected computers using MMC 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN
MS Firewall Control Closed Connection [System] Allow remote management from selected computers using MMC 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN
MS Firewall Control Denied Connection 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED Internal
So there are a lot of ERROR_SUCCESS, some few ABORTIVE_SHUTDOWN and some occasional TCP_NOT_SYN_PACKED_DROPPED....
it *seems* to be a firewall rule problem, but as I said, since now it is a really straight-forward documentation-attached default installation with all recommendations from MS..... and besides I have set all kinds of allowances between all involved servers..... I have no further clue.
Unfortunately also this does not help in anyway.... still the same problem: I can do everything from either the isa servers directly or on the CSS server, but the CSS server gives still the same error: Unable to retrieve data from....
From: United Kingdom
Hmmm...not sure then. To be honest, I never use workgroup mode as I think it is a rubbish option and you get these types of issues
I assume you have followed all the recommended option in terms of duplicating accounts on CSS and array members etc? Are you meeting all of the best practises for the combination of CSS in the domain and array members not in the domain?
This is a name resolution issue. In ISA management, under Configuration/Servers, right-click on the server and choose 'properties', then click on the 'Communication' tab. In the 'remote communication' box, 'use the full computer name:' is selected by default. This is typically the FQDN of your ISA firewall. Make certain that you can resolve this name from your CSS or workstation. You could also avoid the whole issue and select the option to use the IP address as well.