I'm not sure exactly what day this began, but for the past month or so we've been having problems with outgoing SMTP on our ISA 2004 server (previously it had been working well). It's fine for several days, but then the outgoing mail queues start to fill up in Exchange. I end up having to babysit ISA by watching the Exchange queues. When it starts to happen, restarting the firewall service does the trick. I've also tried rebooting the ISA box, but after a few days the problem happens again. I had the problem again today, and it had happened yesterday as well.
have a look at the processor usage on ISA2004 examine the event logfiles on exchange and ISA servers any specific errors especially the system logs ? does it happen every so many days ? any regularity ? Can you reproduce the problem in any way using somekind of a load-testing program ? have you applied any recent service packs lately ? Installed software lately ? is your firmware up to date ? bios battery defect ? ( this could trigger reinitialization of the bios and could put the internal NICS online again ( happened to us , difficult to trace ) do you have backups of ISA of before it happened that can be restored ?
- processor usage is low--I'd say averaging less than 5%
- logs show nothing particularly unusual that I can see... I don't think Exchange is the problem, as I can't telnet on port 25 when the queues start filling up, either
- looking back, I saw instances of the problem as far back as Dec. 30th. I was going to say that it might have coincided with January's critical updates, but I guess not. Looking at the service restart logs, there does not seem to be any regularity to when it starts having trouble with outgoing SMTP
- I'm not exactly sure how I would go about replicating the problem, since it appears to be so erratic. What I can say, though, is that it doesn't stop *all* outgoing SMTP at once: first, I'll receive reports of just one or two domains not working, but yet others will continue. Not much later on, however, more and more domains will stop working
- No service packs applied (W2k3 Server), but I did apply the January critical updates. However, these do not appear to coincide with the problem, since it started shortly before January
- No software is on this machine other than ISA 2004
- Firmware is up to date
- Interesting comment about the BIOS battery; presumably it's ok. However, the machine has no internal NIC
- The ISA configuration is backed up, but the machine itself is not
What do you see in ISA monitoring tab while SMTP is denied. Any error code ? ( you need to add columns to see errors codes ) my guts tell me this is DNS related. Don't ask me why but everything is somehow 'pointing' that way. How is you DNS configured and how is your default gateways ? ( if you have 2 default gateways then you know what your problem is but I'm sure you have checked that ) How about tracing the firewall engine itself using the ISA tools ( look on the microsoft site for ISA2004 downloads and you'll see it listed somewhere ). You could also try to export your ISA config to a XML file and then reimport it in ISA. Though this may seem useless , somehow strangely the ISA will export to XML but will give an error while importing. That usually means your NIC's are corrupted ( the GUID's of the nics I mean ) You don't use TCP ipsec filtering or something strange ? Is it just a 'normal' installation of Windows 2003 you did ? Did you activate your windows 2003 CAL's ? <connections made to your w2k3 server need CALs' if you didn't configure right> happens especially if you use Win95 and Win98 clients...
well that's it I hope it leads to an answer
ps : you could post the monitoring results of ISA here including error codes.
Definitely check your logs for DNS blocks. I saw a similar problem when I installed ISA 2004, and it turned out that every once in a while DNS traffic was being denied with the log message "Unidentified IP Traffic". If it's periodic like you say, check this out, you can read my thread here for more details on what my problem was.
I am having this problem, only mine is every 12 hours. This is probably due to our email volume. Does anyone have info on this? In my ISA 2004 log it shows "Denied Connection" for outbound SMTP. Like the original post, if I restart the firewall it works for a while.