Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Internet Access still stopping ...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Internet Access still stopping ... - 27.Mar.2002 9:05:00 PM
|
|
|
Peter Amato
Posts: 5
Joined: 18.Aug.2001
From: Miami, Fl, USA
Status: offline
|
I did some testing since my last post. In a semi- test enviorement I put up an ISA Server with the latest SP1a up. I have the DNS server using a Checkpoint FW1 as it's default GW. I published one web server both 80 and 443 via server publishing rules. I have no SMTP, VPN, RRAS, IIS, DNS services installed, NOTHING but ISA. I have no outbound clients other than the one web server. I add the web server into the rotation and I still get my failures. This ISA server is as clean as I can get.
Pete
|
|
|
|
|
RE: Internet Access still stopping ... - 28.Mar.2002 4:03:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
What I don't understand is why it happens to some of us only rarely (me) and some of you often. At first I thought it might be related to the forwarders, because I was see a lot of 20001 errors in the Web Proxy logs related to forwarding. When I turned off the forwarders, it went away, but the problem did not.
I would be interesting to see if this is a problem when using a non-MS DNS server? Or maybe I should run DNS off my .Net Beta Server?
Thanks!
Tom
|
|
|
|
|
RE: Internet Access still stopping ... - 28.Mar.2002 5:52:00 PM
|
|
|
AxleMunshine
Posts: 63
Joined: 13.Jul.2001
Status: offline
|
Just an update to inform you that I am still monitoring this on my side.
I restarted the services 18 hours ago and still no failure. I had restarted the services for other reasons than the failure. I needed to add an IP for a new domain so I had to change things in public DNS as well as my publishing rules. I also checked the local DNS and corrected an error I found. It had an external IP of the ISA server mapped to the server name, which I deleted. My local DNS is on the ISA itself and the public DNS server is behind. I don't know if one of these changes made the problem less frequent for now, but so far so good.
I'll come back with my findings when it fails again.
|
|
|
|
|
RE: Internet Access still stopping ... - 29.Mar.2002 5:39:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Axle,
Thanks! Its good to know that we're all just not going crazy and that they recognize this as a problem. I guess I can stop fiddling with things try to fix it and just wait for them to come up with something definitive.
Thanks!
Tom
|
|
|
|
RE: Internet Access still stopping ... - 31.Mar.2002 6:06:00 AM
|
|
|
wynn
Posts: 8
Joined: 9.Feb.2002
From: North Carolina
Status: offline
|
Tom,
I had this problem as well. You had at one point asked whether I used the security lockdown feature of the isa setup. I said yes, and as a result, ended up completely re-installing the box, without the lockdown. Since I have done that, the only problem I have had is with my isp. This problem drove me crazy for a month or two. I was always restarting the firewall service to keep internet access working. At this point the isa machine has win2k sp2 and all current security patches, most recent sp1 for isa, and services disabled on the machine that you recommended in a learning zone article. I haven't had a problem now for about a month and half. I also have 2 web servers published, and exchange 5.5 published.
|
|
|
|
RE: Internet Access still stopping ... - 2.Apr.2002 5:43:00 PM
|
|
|
wjenness
Posts: 2
Joined: 6.Feb.2002
From: Whitman, MA
Status: offline
|
ARRGH! its happening again... just all of a sudden... no one touched anything anywhere... and i just noticed that the mail queues were backing up again... i feel so helpless...arrgh...
needed to vent
any help is much appreciated
tried restarting the services and nothing
cant reboot the box right now
unless i really really have to
|
|
|
|
RE: Internet Access still stopping ... - 2.Apr.2002 7:14:00 PM
|
|
|
dbasile
Posts: 11
Joined: 3.Feb.2002
From: Truckee, CA, USA
Status: offline
|
Hello,
I've been running my ISA server since December or January.....never really had the webproxy service stop running.
However, this weekend, I turned on Authentication for my outgoing web listener. Now, my webproxy service has crashed at least twice a day (Sunday, Monday, and once today).
We are running a Win2K domain. My ISA Server is stand-alone with 3 nics. Two internal nics (one for the main network, one for VPN connections only). One external nic. My server is runnin RRAS for VPN, and I have 2 websites, 1 ftp site, and 1 Exchange Server 5.5 published to the internet.
I did notice that my DNS server showed 3 entries for my ISA Server (one for each nic). I don't run DNS for my external addresses....my ISP does.
However, this problem with the w3proxy.exe crashing did not happen prior to authenticating outgoing requests.
Dave Basile
Tahoe Forest Hospital
Truckee, CA
|
|
|
|
|
RE: Internet Access still stopping ... - 3.Apr.2002 1:06:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Marc,
I heard from someone that talked to MS that this is a known problem with DNS and that they're working on it. Something about corrupting DNS queries for incoming DNS requests when you publish your internal DNS servers. You'll see the errors in your DNS log on the DNS server indicating that a corrupted packet was recieved and dropped.
HTH,
Tom
|
|
|
|
RE: Internet Access still stopping ... - 8.Apr.2002 6:19:00 PM
|
|
|
dbasile
Posts: 11
Joined: 3.Feb.2002
From: Truckee, CA, USA
Status: offline
|
Crazy Crazy Crazy
I know everybody thinks this problem relates to DNS....however, I've been doing some testing.
When I have no authentication for outgoing web requests, my ISA Server webproxy service runs great.
As soon as I turn on authentication, the webproxy service crashes about twice a day...sometimes 3 times a day.
As soon as turn authentication OFF, the webproxy service goes back to normal....never crashing.
hmmmmmmmm.....
|
|
|
|
|
RE: Internet Access still stopping ... - 8.Apr.2002 6:42:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi D,
Are you referring to forcing authentication on the listener, or just using user/group based access controls? I think these are two different issues, as the DNS issue has been pretty well defined. Not sure about the authentication issue, though.
Thanks!
Tom
|
|
|
|
|
RE: Internet Access still stopping ... - 8.Apr.2002 7:02:00 PM
|
|
|
dbasile
Posts: 11
Joined: 3.Feb.2002
From: Truckee, CA, USA
Status: offline
|
I'm talking about setting authentication on the outgoing web requests listener. I have only one ip address for outgoing requests.
If I check the box "Ask unauthenticated users for identification" and restart the webproxy service, it usually crashes on me within a few hours.
As soon as I remove that check, and restart the webproxy service, no crahses.
I spent that past two weekends testing this on my server.
db
|
|
|
|
|
RE: Internet Access still stopping ... - 10.Apr.2002 3:54:00 PM
|
|
|
jmargel
Posts: 72
Joined: 3.Apr.2002
Status: offline
|
I think my problem might be related to this. My server disconnects at around 930 am, 130pm & 415pm Sometimes for a few seconds, sometimes for a couple of mins. Nothing in the logs shows anything, but I found out some info.
My firewall was pingable by one machine. This machine (a NT 4.0) server is a BDC, & runs WINS. No other machine could ping the firewall. However, no one else could ping the server that was able to reach this firewall. Also, none of these machines could reach our DNS server (which is another NT server).
I noticed the link from the incoming NIC card on the firewall, went out. I tried a couple of different ports on a couple of different hubs, but no luck. Then magically it lit up again & everything was fine.
Something is VERY wrong here. I know my NIC is good, is there certain times of the day that the DNS server communicates w/ the ISA? Guys, when your system goes down, is it around the same time everyday?
I then disconnected the incoming NIC from the hub on my firewall, and my internal network stayed up. Seems like my ISA server is taking down my DNS which is somehow effecting my other servers.
Its vital that my systems stay up. 911 depends on these!
[ April 10, 2002, 03:56 PM: Message edited by: jmargel ]
|
|
|
|
RE: Internet Access still stopping ... - 10.Apr.2002 4:34:00 PM
|
|
|
msgelinas
Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline
|
quote:
Originally posted by jmargel:
I think my problem might be related to this. My server disconnects at around 930 am, 130pm & 415pm Sometimes for a few seconds, sometimes for a couple of mins. Nothing in the logs shows anything, but I found out some info.
My firewall was pingable by one machine. This machine (a NT 4.0) server is a BDC, & runs WINS. No other machine could ping the firewall. However, no one else could ping the server that was able to reach this firewall. Also, none of these machines could reach our DNS server (which is another NT server).
I noticed the link from the incoming NIC card on the firewall, went out. I tried a couple of different ports on a couple of different hubs, but no luck. Then magically it lit up again & everything was fine.
Something is VERY wrong here. I know my NIC is good, is there certain times of the day that the DNS server communicates w/ the ISA? Guys, when your system goes down, is it around the same time everyday?
I then disconnected the incoming NIC from the hub on my firewall, and my internal network stayed up. Seems like my ISA server is taking down my DNS which is somehow effecting my other servers.
Its vital that my systems stay up. 911 depends on these!
If you take the time to read all the posts from the beginning you will find out that the issue here is not consistent. If it had been, chances are that we would have been able to track down the exact cause long ago. In my situation the ISA Server would loose connection to the internet anywhere from 5 to 50 times in an 8 hour day. the only way to get communication to the net again was to disable the external nic then reenable it and restart the ISA firewall service. I have tried all sort of other ways to bring the external access back with no success. Also note I do not have this problem on my other site using ISA where no one is surfing from inside the firewall. It is just there to filter incoming traffice to my web server. ![[Frown]](/image/smiles/frown.gif)
Cheers,
|
|
|
|
|
RE: Internet Access still stopping ... - 10.Apr.2002 6:16:00 PM
|
|
|
jmargel
Posts: 72
Joined: 3.Apr.2002
Status: offline
|
Try this:
From your internal DNS server, do a nslookup from the command prompt. Does it resolve to the ISP's DNS server? Mine isn't, but I can reach web sites. My email is backing up (my exchange & dns server are the same machines, sitting behind a ISA firewall)
I noticed in my firewall logs, that its blocking port 53 to my ISP's DNS server, yet I have that port open. Please help! I can reach the ISP dns server from my firewall though.
|
|
|
|
|
RE: Internet Access still stopping ... - 10.Apr.2002 8:54:00 PM
|
|
|
jmargel
Posts: 72
Joined: 3.Apr.2002
Status: offline
|
install sp1, solved my dns problem, so i guess my problem isn't related to yours.
but still trying doing a nslookup from your internal dns.. does it work ok?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Wink]](/image/smiles/wink.gif)
![[Razz]](/image/smiles/tongue.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
![[Smile]](/image/smiles/smile.gif)
![[Roll Eyes]](/image/smiles/rolleyes.gif)
![[Confused]](/image/smiles/confused.gif)
