• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ (re)installation issues

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> DMZ (re)installation issues Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ (re)installation issues - 31.May2009 9:18:42 PM   
chrisgibbs

 

Posts: 16
Joined: 1.Apr.2009
Status: offline
Hi All,

We have been migrating our DMZ from a NAT'd environment to a public IP subnet range for high availability purposes.

I had the great job of migrating the ISA servers to the new IP's. Let me just say that it a a couple of all-nighters that i would rather forget.

I still however have a problem where i cannot get one of the DMZ ISA servers back online.

Let me outline our setup:

DMZ: 2 x ISA servers in array (w/ NLB), these are 2 NIC per server with a Internal MID-DMZ with 172.X.X.X addressing and the External DMZ with 202.X.X.X addressing.

Internal 2 x CSS servers for the DMZ array. (10.X.X.X addressing)

I have sucessfully uninstalled and reinstalled ISA on the 1st DMZ server and it is handling all the ruleset published by the CSS, however the 2nd ISA server installs fine but then has an error with firewall services not starting at the end of the installation. I then install SP1 for ISA 2006 and the firewall services starts sucessfully but does not handle any of the published content. The 2nd DMZ server seems to receive changes from the CSS fine (I added a new vIP to the External Network) and did a ipconfig on the server to confirm. When I turn logging on, it is the default enterprise rule that is denying all requests.

I have uninstalled and blown away all remaining NLB settings (Microsoft script), then trying a fresh install muliple times (3 I think) but each time results in the same error.

Does anyone have any suggestions or can some light on my problem before I try reinstalling the Win2003 OS and really starting from scratch?

Thanks for your assistance.

Cheers

Chris.
Post #: 1
RE: DMZ (re)installation issues - 8.Jun.2009 9:39:41 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Chris,

Not sure exactly what the problem is here. Are you saying that the array members are not able to contact the CSS?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to chrisgibbs)
Post #: 2
RE: DMZ (re)installation issues - 8.Jun.2009 8:18:26 PM   
chrisgibbs

 

Posts: 16
Joined: 1.Apr.2009
Status: offline
Hi Tom,

Sorry initial post was a little confusing after reading back through it. So i will try again.

We have two DMZ Array member servers, both with two NICs. The DMZ array talks to a CSS servers on the inside network. DMZ is a workgroup, CSS servers are AD Domain.

One of the DMZ servers is configured and working properly (01 for the sake of this post).

The other DMZ server (02) is not working. After running the installation, the installation fails towards the end (when trying to start firewall services). I then install SP1 for ISA 2006 and Firewall services is able to start. The problem is that the server appears to be working correctly but the publishing rules do not accept new connections on this server and deny incoming connections with the default deny rule.

Hopefully all makes sence now :)

Cheers

Chris

(in reply to tshinder)
Post #: 3
RE: DMZ (re)installation issues - 9.Jun.2009 10:28:28 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Chris,

When is the second machine joining the array?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to chrisgibbs)
Post #: 4
RE: DMZ (re)installation issues - 9.Jun.2009 7:22:32 PM   
chrisgibbs

 

Posts: 16
Joined: 1.Apr.2009
Status: offline
Hi Tom,

I'm planing on reinstalling the DMZ server back into the array on the 20th of this month to coinside with another DMZ planned outage, just to be safe.

So i still have a little time to research and fingers crossed the 1 box in the array stays available.

To compound the issue our host certificates expired on our CSS servers yesterday, which took me a little while to figure out.

Cheers

Chris

(in reply to tshinder)
Post #: 5
RE: DMZ (re)installation issues - 11.Jun.2009 10:01:48 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Yikes! Good that you figured that out.

Let us know if you run into any problems.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to chrisgibbs)
Post #: 6
RE: DMZ (re)installation issues - 30.Jun.2009 2:15:41 AM   
chrisgibbs

 

Posts: 16
Joined: 1.Apr.2009
Status: offline
The server OS rebuild went fine.

Installation of ISA2006 looked fine as well, right up till the end of the installation where the same error was generated. Almost gave up here :)

This time I did a little more research and installed the feature pack and then the SP1.

I still had problems where published content was not available via the 2nd array member that I had just rebuilt. I tested all the rules and found that it was inconsistent, all HTTP was working and some HTTPS was working. Having found something to compare, I started looking at the HTTPS listeners to see the differences. There was only one.......

When a single certificate was applied to the listener the web publishing rule would work with HTTPS. When the certificate was applied to an IP in the Listener, the connection would fail. Re-applying all certificates to the IP's finally fixed my problem......

Now onto the next problem, Intermediate Verisign certificate has expired and i need to update it and restart the box.

It's all dramas when ISA is concerned :)

Thanks for the help

Cheers

Chris

(in reply to tshinder)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> DMZ (re)installation issues Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts