• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DHCP Problem In ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> DHCP Problem In ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
DHCP Problem In ISA 2006 - 29.Dec.2010 12:37:50 AM   
jamal007

 

Posts: 7
Joined: 11.Nov.2010
Status: offline
Hi every One,

i have face problem, i install ISA 2006 on windows server 2003 R2 with install DHCP and Active Directory before installing ISA2006 DHCP give the ip on clinet pc but when i install ISA 2006 DHCP could not give the ip on clinet pc.

plzz tell me how can i configure ISA 2006 with DHCP.
Post #: 1
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 1:50:42 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

Im not sure if installation of ISA on a DC is supported by Microsoft. Maybe, only when used on a branch office (?): http://technet.microsoft.com/en-gb/library/cc891503.aspx

For how configure ISA as a DHCP server: http://technet.microsoft.com/en-gb/library/cc302605.aspx

BUT, it is not recommended to install other services on ISA firewall besisdes ISA itself. You should treat ISA firewall as a firewall and not increase its attack surface.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to jamal007)
Post #: 2
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 2:52:10 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
ISA/TMG is not supported on a DC,....and is a bad idea in general on a DHCP machine.

ISA/TMG needs to be on a dedicated "bare-naked" machine all by itself.   The machine should be a Domain Member before the ISA/TMG Software is installed

_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 3
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 3:52:07 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Phillip,

this doubt was bugging me. So I asked a Microsoft fellow about it and it seems MS changed its policy for co-location of ISA/TMG with a DC.

They are supporting this scenario! For TMG, you must be at least with SP1+Update 1 installed to match the criteria.
quote:

ISA/TMG needs to be on a dedicated "bare-naked" machine all by itself.   The machine should be a Domain Member before the ISA/TMG Software is installed

Totally agree!

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pwindell)
Post #: 4
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 4:12:36 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It probably depends on who you ask.  It is not the first time there were contradictions within the company.  If they did changed their mind [again],...then it is the second time they changed their mind.  If so, then I am exercising my stubbornness to not go along with them.  So as far as I am concerned it is not supported and that is the only thing I am ever going to tell anyone  :-)

_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 5
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 4:16:37 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Don't forget that whoever you talk may be thinking that since ISA can be on SBS,....therefore it can be on a DC,...however that is not true,...When installing the regular ISA/TMG on a regular Domain Controller, it does not have all the "wizardry" and engineering built into the installation program that the Installation Wizards of SBS have.  So it is not the same thing and SBS is a specifically engineered product to do what it specifically does and it cannot be applied to non-SBS situations.

_____________________________

Phillip Windell

(in reply to pwindell)
Post #: 6
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 5:07:14 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

I see your point. But, he told me its not SBS or EBS.

For ISA the only scenario supported is according to this: http://technet.microsoft.com/en-gb/library/cc891503.aspx

For TMG the only scenario supported is with a RODC as per here:
http://technet.microsoft.com/en-us/library/ff808305.aspx
 
All the other scenarios for TMG are unsupported as per here:
quote:


Forefront TMG installed on a domain controller is not supported
Issue: Installing Forefront TMG or Forefront TMG EMS on a computer configured as an Active Directory domain controller is not supported.
 
Cause: This installation is blocked by the Forefront TMG installer.
http://technet.microsoft.com/es-es/library/ee796231.aspx#rthrty5

Im also not comfortable to place ISA/TMG+DC on the same machine. So, Ill continue not recommending ISA/TMG admins being such sinners, but will inform them the supported scenarios, so they can make their own decisions 
 
Regards,
Paulo Oliveira.


< Message edited by paulo.oliveira -- 29.Dec.2010 5:08:59 PM >


_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pwindell)
Post #: 7
RE: DHCP Problem In ISA 2006 - 29.Dec.2010 5:15:49 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok,  sounds good.

You gonna be at the Summit?

I look forward to seeing a lot of you guys there.

_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 8
RE: DHCP Problem In ISA 2006 - 30.Dec.2010 7:34:07 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
I wish, but unfortunally not. Im not MVP.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pwindell)
Post #: 9
RE: DHCP Problem In ISA 2006 - 30.Dec.2010 3:06:09 PM   
jamal007

 

Posts: 7
Joined: 11.Nov.2010
Status: offline
plzz help me  my problem still waiting

(in reply to paulo.oliveira)
Post #: 10
RE: DHCP Problem In ISA 2006 - 30.Dec.2010 3:58:53 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
quote:

ORIGINAL: paulo.oliveira

Hi,

Im not sure if installation of ISA on a DC is supported by Microsoft. Maybe, only when used on a branch office (?): http://technet.microsoft.com/en-gb/library/cc891503.aspx

For how configure ISA as a DHCP server: http://technet.microsoft.com/en-gb/library/cc302605.aspx

BUT, it is not recommended to install other services on ISA firewall besisdes ISA itself. You should treat ISA firewall as a firewall and not increase its attack surface.

Regards,
Paulo Oliveira.

Have you tried the articles I pointed above?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to paulo.oliveira)
Post #: 11
RE: DHCP Problem In ISA 2006 - 5.Jan.2011 2:15:42 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

updating...

Blogged about Supportability for ISA/TMG co-location with a DC

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to paulo.oliveira)
Post #: 12
RE: DHCP Problem In ISA 2006 - 5.Jan.2011 2:31:23 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Looks like from the original post that this is really an issue of getting DHCP to function on the ISA and not so much a Domain Controller thing.

Somewhere there is an article about running the DHCP Service on an ISA (no matter if DC or not DC).  However I have not been able to find a "good" one.  Many things I find list the steps to install the DHCP Service on the ISA via Add/Remove Programs,...yet anyone can do that.  But I cannot find the details to handle Access Rules or System Policies that actually allow the DHCP Service to function.

It may be as simple as allowing the DHCP Protocols DHCP-Reply and DHCP-Request using a bi-directional Access Rule that uses both Internal and Localhost in both the From and the To of the Rule at the same time.  However it could be more complex than that.

However I still think this is a bad idea and should not be done.

_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 13
RE: DHCP Problem In ISA 2006 - 5.Jan.2011 2:35:46 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
May also have to go into System Policies and select Network Services-->DHCP and add LocalHost to the Trusted DHCP Servers under the From Tab

But again,...this is a guess,...I don't know for sure.

_____________________________

Phillip Windell

(in reply to pwindell)
Post #: 14
RE: DHCP Problem In ISA 2006 - 5.Jan.2011 4:13:34 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Phillip,

the user was asking about two different things: First, install ISA on a DC and the second, Install a DHCP server on ISA.

I already provided the link for both situations, desmistifying if ISA is a supported scenario when co-locating with a DC.

And how to configure ISA as a DHCP server:
quote:

For how configure ISA as a DHCP server: http://technet.microsoft.com/en-gb/library/cc302605.aspx

The user still did not feed us back if it worked for him or not.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to pwindell)
Post #: 15
RE: DHCP Problem In ISA 2006 - 5.Jan.2011 4:15:16 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok, very good.
I missed that.

_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 16
RE: DHCP Problem In ISA 2006 - 20.Jul.2011 10:31:52 PM   
luluxiu

 

Posts: 6
Joined: 20.Jul.2011
Status: offline
This is the second time, they changed their minds. If so, then I exercise my stubbornness not get along with them. Therefore, as I do not support it, I want to tell anyone, this is the only...

_____________________________

Tera Items,Tera Gold Cheap,WOW Items

(in reply to pwindell)
Post #: 17

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> DHCP Problem In ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts