From: Maybrook, NY USA
This is a real stumper!
I have two ISA servers, OLD is ISA 2004, NEW is ISA 2006. NEW will replace old. New is pretty much ready to go live, I am doing some final testing, and have run into a problem with Firewall Client configuration.
There are three subnets. Subnet A & B are both in DOMAIN1, same domain as both ISA servers. Subnet C is in DOMAIN2. All subnets use the same ISA server to get to the internet.
Subnets A & B in DOMAIN1 automatically detect the new ISA server. I am using a WPAD entry in DNS (not in DHCP) to point to NEW. In Subnet C, however, when I click Detect Now in the Firewall Client, it still points to OLD.
Now, if I go to Configuration, Networks, Internal, Auto Discovery tab, and I uncheck the box "Publish automatic discovery information for this network" on OLD, and then I retry the Detect Now, I get "Failed to detect ISA Server."
To summarize so far - Subnets A & B in DOMAIN1 are finding NEW, but Subnet C in DOMAIN2 won't find NEW.
In Subnet C, I can "ping wpad", and it gets replies from NEW, so I know the WPAD is setup. Also, in the Firewall Client, I can enter NEW in the "Manually specified ISA Server", and click Test, and it finds it.
So my issue is, why can't clients on Subnet C automatically find NEW?
I've gone though the config on OLD and NEW, compared them to each other, and I can't find anything to explain this behavior.
Here's the FWC config on NEW.
Guys, this is driving me insane!I removed the wpad at SubnetC from both DHCP and DNS on the local server down there, which means FWC autodiscovery should fail, right? But it still keeps detecting OLD !! How can this be if there are no wpad entires??
< Message edited by dfosbenner -- 2.Apr.2008 3:23:55 PM >