• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Is it possible for my remote pc to monitor the ISA?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Management >> Is it possible for my remote pc to monitor the ISA? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 6:51:00 AM   
finbom

 

Posts: 10
Joined: 31.Mar.2004
From: Sweden
Status: offline
Hi everyone!
I have this problem that keeps me awake..
I have a server running a monitor utility (WhatsUp Pro) that is supposed to check the status on the ISA NT-services.

Problem is that the ISA refuse to let the server see the services.
First I tried to shutdown the firewall completely, just to see that I was doing right.. and that worked.
And now I have tried to create several firewall-rules that include tha isa and monitor-server as source/destinations.
I have tried "all outgoing", created own rules, disabled all RPC-filteing, Included the remote server as a magagement-machine.. nothing works.

I used the ISA-logging to monitor whats traffic that is used and all it says is secure-nat and RPC(135).

Has anyone any ideas on whats to try?

Regards, Magnus Finbom
Post #: 1
RE: Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 8:01:00 AM   
trung

 

Posts: 20
Joined: 16.Jun.2005
From: Vietnam
Status: offline
Hi Magnus,

can you try to create an "all outbound" rule, In the rule, specify your Management server as Source, Dest. is Localhost.

(in reply to finbom)
Post #: 2
RE: Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 8:04:00 AM   
trung

 

Posts: 20
Joined: 16.Jun.2005
From: Vietnam
Status: offline
Hi Magnus,

can you try to create an "all outbound" rule, In the rule, specify your Management server as Source, Dest. is Localhost.

(in reply to finbom)
Post #: 3
RE: Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 8:12:00 AM   
finbom

 

Posts: 10
Joined: 31.Mar.2004
From: Sweden
Status: offline
Hello! Thanks for replying.
I have done that test several times, both with and without rpc-filtering on the rule. The rule is on top.

I just cant figure out how to let this remote server comminucate on all possible ports with all kind of traffic, or at least why the "all outbound" cant work.

Regards, Magnus Finbom

(in reply to finbom)
Post #: 4
RE: Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 8:32:00 AM   
trung

 

Posts: 20
Joined: 16.Jun.2005
From: Vietnam
Status: offline
Hi Magnus,

You can try to create an rule with "seleted protocols", then try to add the RDP (3389) to the list. You can see the protocols in Protocols/Remote Terminal at the right side.

(in reply to finbom)
Post #: 5
RE: Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 8:33:00 AM   
trung

 

Posts: 20
Joined: 16.Jun.2005
From: Vietnam
Status: offline
Hi Magnus,

You can try to create a rule with "seleted protocols", then try to add the RDP (3389) to the list. You can see the protocols in Protocols/Remote Terminal at the right side. Or you can use Logging feature in ISA console to observe the communication between your management server and ISA server when the "all outbound" is applied.

(in reply to finbom)
Post #: 6
RE: Is it possible for my remote pc to monitor the ISA? - 22.Jun.2005 9:43:00 AM   
finbom

 

Posts: 10
Joined: 31.Mar.2004
From: Sweden
Status: offline
Hello again!

First it is not RDP but RCP im fooling around with. :-)

I have used the ISA-logging with a filter and when accessing from the remote server it says PORT: 135 and protokoll: RPC(All interfaces).

But even if I create a rule allowing that protokoll on port 135 the problem remains.. Really anoying. :-/

Regards, Magnus Finbom

(in reply to finbom)
Post #: 7
RE: Is it possible for my remote pc to monitor the ISA? - 23.Jun.2005 6:05:00 AM   
finbom

 

Posts: 10
Joined: 31.Mar.2004
From: Sweden
Status: offline
Hello!

A breakthrough...

I found out that if I connect from the remote server with the local administrator-account it works just fine.
But I cant use my domain admin-account... Can anyone explain this? My domain account is member of the local admin-group.

wierd..

Regards, Magnus Finbom

(in reply to finbom)
Post #: 8
RE: Is it possible for my remote pc to monitor the ISA? - 26.Jun.2005 9:36:00 AM   
Rickymag

 

Posts: 509
Joined: 26.Nov.2003
From: SA
Status: offline
Hello Finbom,

It sounds like you do not have access privileges to access what you want to though the rules that you have setup. The best way to test and verify what exactly is happening is to review the live logs as they are streaming though.

You can do this under monitoring. the fact that it is working with the local admin account indicates that that account is allowed though.

HTH

RM

(in reply to finbom)
Post #: 9
RE: Is it possible for my remote pc to monitor the ISA? - 15.Aug.2005 8:22:00 AM   
stevea-uk

 

Posts: 8
Joined: 1.Aug.2005
From: Chelmsford, UK
Status: offline
got it working.......
stupid error on my part... having looked at this for days it was a routing problem between the 184 & 190 range to the Internal network card - added 2 persistant routes and hey presto!
[Cool]

Thanks for your help.

Steve

(in reply to finbom)
Post #: 10
RE: Is it possible for my remote pc to monitor the ISA? - 15.Aug.2005 8:23:00 AM   
stevea-uk

 

Posts: 8
Joined: 1.Aug.2005
From: Chelmsford, UK
Status: offline
sorry - having bad day - posted reply to wrong message - will try again!

(in reply to finbom)
Post #: 11
RE: Is it possible for my remote pc to monitor the ISA? - 15.Aug.2005 10:05:00 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
Run the delegation wizard in the ISA console to allow your domain account ISA Server Full Administrator permissions.

The "Administration Delegation" option is available when you right click the %ServerName% icon.

I've monkied with mine so I can recall what the defaults are - even if the local Administrators group is in there, I'd add you domain account explicitly to see if it makes a difference.

(in reply to finbom)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Management >> Is it possible for my remote pc to monitor the ISA? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts