Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Internet Access still stopping ...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Internet Access still stopping ... - 27.Nov.2002 5:38:00 PM
|
|
|
jyoung_ISA
Posts: 3
Joined: 7.Feb.2002
Status: offline
|
I have 2 ISA firewalls doing this same thing.
I get some of those odd 14120's from ip address nobody knows and and then the 14148 follows them and my adapters go dumb after that.
My lat is all 10. and the external interface is noplace near the subnets in the 14120's.
Another thing is i keep getting warnings that my dns server is port scanning me over and over.
This ISA server is not publishing anything it webproxies as an upstream from an internal firewall and has a DMZ leg on the side with packet filters.
Latest Service packs
added in the event log messages.
Event Type: Warning
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14148
Date: 11/27/2002
Time: 9:34:14 AM
User: N/A
Computer:
Description:
Web Proxy service failed to bind its socket to 168.xxx.xxx.xxx port 80. This could be caused by another service that is already using the same port or by a network interface card that is not functional. The error code specified in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help.
Data:
0000: 40 27 00 00 @'..
Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14120
Date: 11/27/2002
Time: 9:34:10 AM
User: N/A
Computer:
Description:
The ISA Server services cannot create a packet filter 207.68.176.250. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.
Data:
0000: 41 01 00 c0 A..+
Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14120
Date: 11/27/2002
Time: 9:34:11 AM
User: N/A
Computer:
Description:
The ISA Server services cannot create a packet filter 207.46.249.61. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.
Data:
0000: 41 01 00 c0 A..+ Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14120
Date: 11/27/2002
Time: 9:34:14 AM
User: N/A
Computer:
Description:
The ISA Server services cannot create a packet filter 208.216.197.254. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.
Data:
0000: 41 01 00 c0 A..+
===---=== That 150 is the DNS server ==---
Event Type: Warning
Event Source: Microsoft ISA Server Control
Event Category: Packet filter
Event ID: 15105
Date: 11/27/2002
Time: 9:22:59 AM
User: N/A
Computer:
Description:
ISA Server detected an all port scan attack from Internet Protocol (IP) address 150.199.199.1. For more information about this event, see ISA Server Help.
Data:
0000: 1f 00 00 00 ....
|
|
|
|
|
RE: Internet Access still stopping ... - 27.Nov.2002 5:41:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
This might help:
====================
Jorgen
Junior Member
Member # 8800
posted November 15, 2002 12:13 PM
--------------------------------------------------------------------------------
** NEWS FLASH **
Microsoft has managed to reproduce our problem in their lab AND they have managed to find the cause.. no cure yet though :-(
IF you have UDP based publishing (any UPD not just DNS) AND a Site and Content filter containing FQDN the following happens;
Incoming UDP requests are checked against the Site and Content rules by attempting to do a reverse lookup on the incoming IP (to find a FQDN to match against the IP).
If this for some reason fails (like the requesting IP not being in a reverse zone) then the ISA tries to make a NBTSTAT query against the remote IP to find the FQDN.
Once it has succeded, failed or timed-out on the incoming request it will then process the request.
This can take some time (at least on my side we just drop incoming netbios so those will have to timeout) and during that time the ISA is gobbling up UDP connections.
With heavy traffic this will at times cause the pool of available UDP mapppings to be full so that incoming requests first have to wait for another request to make it through the S&S rules before itself can start the path through!
So if;
- you have a remote client that is not in a reverse zone and that can not be resolved by nbtstat AND if it is re-requesting the DNS information after say 5 seconds
- then you can easily end up in a situation where
- the requests are being held pending, in wait for a process slot, while the ISA is trying to resolve the FQDN of a previous request FROM THE SAME MACHINE!
So the good news is that they know why and the bad news is that it sounds like it is a fundamental change that needs to be done!
Possible workaround, no S&S rules! Not sure I want to go that way....
Was this clear? If not, drop me a line and I'll try again....
/Jśrgen
======================
HTH,
Tom
|
|
|
|
|
RE: Internet Access still stopping ... - 22.Apr.2003 5:41:00 PM
|
|
|
BarbWire
Posts: 41
Joined: 1.Aug.2002
From: Wisconsin
Status: offline
|
Hey guys, we had exactly this same problem with our ISA server. The external NIC would essentially stop functioning, disabling and re-enabling the external NIC would bring the ISA box back around for us.
What we found out by checking the cam tables on our switch was that the switch was essentially "losing" the MAC address of the ISA servers external NIC. Adding this statically into the switch has cured the problem for us.
Hope this helps!
Barb
|
|
|
|
|
RE: Internet Access still stopping ... - 29.Apr.2003 10:40:00 PM
|
|
|
Guest
|
I had a problem on my isa server, it would only fail when large files where downloaded (About 6Mb upwards). It turned out to be my nic (D-link 538TX). Replaced with generic realtek card and it sorted all my problems out !.
-- Just a thought, Paul
|
|
|
|
|
RE: Internet Access still stopping ... - 2.Jun.2004 8:40:00 PM
|
|
|
Rutger_Diehard
Posts: 4
Joined: 31.Jan.2004
From: Devon England
Status: offline
|
Well people
...just to bring up this old chestnut again, w3proxy.exe has started to crash intermittently. I have to manually restart Web Proxy service. When this happens I lose nslookup ability therefore DNS goes south. Have tracked it down to MSNBC site access from a Fedora Core 2 Linux box. Only thing that has changed recently is installed ISA SP2 and installed and enabled the SMTP filter on ISA itself about 8 days before first problem. ISA has been running fine for nearly two years without a problem before this. Going to remove SMTP filtering and see what happens. M
|
|
|
|
|
RE: Internet Access still stopping ... - 2.Jun.2004 10:24:00 PM
|
|
|
Rutger_Diehard
Posts: 4
Joined: 31.Jan.2004
From: Devon England
Status: offline
|
.... nope, still crashes w3proxy.exe even after removing SMTP filter.
Anyone have any problems with ISA 2004? I have Beta 2 that I am thinking of installing to get round this problem.
Service crashes every time I go to MSNBC. Any ideas as a workaround other than not going there!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Wink]](/image/smiles/wink.gif)
). ![[Mad]](/image/smiles/mad.gif)
