• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Automatically detect ISA server for FWC 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Automatically detect ISA server for FWC 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Automatically detect ISA server for FWC 2004 - 1.Sep.2005 9:21:00 PM   
sodium

 

Posts: 9
Joined: 14.Aug.2005
Status: offline
Hi Dr Shinder

I am using SBS 2003 SP1 Premium (with ISA 2004)and deploying firewall client 2004 to client computers in the network.

I followed steps described in your book to publish automatic discovery information on port 80(since I chose to use DNS WPAD) in ISA management console.

I traced the detection process and found that wspad.dat entry is not available on http://wpad.xxxx.local:80/wspad.dat.

However, I was able to detect the ISA Server manual by entering my ISA firewall hostname.

Please help. Many Thanks in advance.

C:\fwctool testautodetect

FwcTool version 4.0.3439
Firewall Client for ISA Server 2004 support tool
Copyright (c) Microsoft Corporation. All rights reserved.

Action: Test the auto detection mechanism
Type: Default

Detection details:

Timeout is set to 60 seconds
Locating WSPAD URL in DHCP Server
Locating option 252 in DHCP
Reading network adapters information
DHCP option for WPAD not found
WSPAD URL was not found in DHCP Server
Locating WSPAD URL in DNS Server
Locating domain name in registry
Opening registry key:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
Querying registry value:
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Domain
Domain name found:
xxxx.local
Resolving address:
wpad.xxxx.local.
Domain name found:
wpad.xxxx.local.
WSPAD URL found in DNS Server:
http://wpad.xxxx.local/wspad.dat
Initializing Web server connection
Resolving IP addresses for wpad.xxxx.local
Resolved 1 address(es):
192.168.16.168
Connecting to address #1: 192.168.16.168:80
Waiting for address #1 to connect
Address #1 successfully connected
Requesting wspad.dat file
Received HTTP error 404
Requested file could not be found on this server
No more address
Failed to detect ISA Server

Result: The command failed and was not completed.

[ September 01, 2005, 09:32 PM: Message edited by: sodium ]
Post #: 1
RE: Automatically detect ISA server for FWC 2004 - 2.Sep.2005 6:46:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Sodium,

Go to www.isatools.org and check out Jim Harrison's script on this issue. It should fix your problem.

HTH,
Tom

(in reply to sodium)
Post #: 2
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 1:00:00 AM   
sodium

 

Posts: 9
Joined: 14.Aug.2005
Status: offline
Hi Dr Tshinder

Is it TestAutoConfig.vbs from www.isatools.org you are refering to ?

Regards
Alex

(in reply to sodium)
Post #: 3
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 2:25:00 AM   
MRIS

 

Posts: 58
Joined: 4.Aug.2005
Status: offline
alternatively you can just use the DHCP method of enabling auto-detection of the firewall.
in scope options:
option name: 252 WPAD
option value: http://server:8080/wpad.dat

by the way, the only thing that's listening on port 8080 is the ISA2004 proxy service.

[ September 05, 2005, 02:26 AM: Message edited by: MRIS ]

(in reply to sodium)
Post #: 4
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 8:53:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi MRIS,

Good point. You can change the autodiscovery listener port to be anything you want that's not being used by something else and DHCP will work with it just fine.

Thanks!
Tom

(in reply to sodium)
Post #: 5
RE: Automatically detect ISA server for FWC 2004 - 5.Sep.2005 10:33:00 AM   
sodium

 

Posts: 9
Joined: 14.Aug.2005
Status: offline
Thanks all

I have yet to try the DHCP method, however, I would like to ask another question on the wpad.dat/wspad.dat.

All these files auto-created by ISA ?

(in reply to sodium)
Post #: 6
RE: Automatically detect ISA server for FWC 2004 - 8.Sep.2005 9:57:00 PM   
ababinchak

 

Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline
Guys, because IIS is co-located with ISA the DHCP way of distributing WPAD and Tom's other article do not work on SBS. Jim Harrison's download includes instructions on how to get WPAD to work on SBS.

(in reply to sodium)
Post #: 7
RE: Automatically detect ISA server for FWC 2004 - 9.Sep.2005 9:04:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Amy,

Thanks! When the thread started, I didn't even think about the IIS installing interfering with autodiscovery.

Thanks!
Tom

(in reply to sodium)
Post #: 8
RE: Automatically detect ISA server for FWC 2004 - 9.Sep.2005 7:05:00 PM   
jed@midwaypoint.com

 

Posts: 13
Joined: 7.Sep.2005
Status: offline
AmyB, you mentioned that Jim Harrison's download includes instructions on how to get WPAD to work on SBS. I looked on isatools.org and all i could find was http://www.isatools.org/testautoconfig.vbs but this doesn't seem to do anything.
To which downloading were you talking about so i can give it a rad and trty and get this auto discover working on SBS?
Thanks
Jed

(in reply to sodium)
Post #: 9
RE: Automatically detect ISA server for FWC 2004 - 10.Sep.2005 3:50:00 AM   
sodium

 

Posts: 9
Joined: 14.Aug.2005
Status: offline
I have resolved the problem by using DHCP.

I guess SBS is using port 80 for the Windows Small Business Server 2003 Welcome Page.

Using auto-discovery(port 80) on ISA 2004 console will not work.

(in reply to sodium)
Post #: 10
RE: Automatically detect ISA server for FWC 2004 - 10.Sep.2005 6:06:00 PM   
jed@midwaypoint.com

 

Posts: 13
Joined: 7.Sep.2005
Status: offline
I don't want to use DHCP because i don't want users on my domain to have local admin rights.
From all the forum i've read it is something to do with SBS and apparently there is a fix out there for it so i can use the DNS option, does anyone know how to get this working?

(in reply to sodium)
Post #: 11
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 1:19:00 PM   
ababinchak

 

Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline
The link for the SBS wpad download is on my blog at isainsbs.blogspot.com. The wpad is currently hosted on Jim Harrison's website though not in the official listings. I spoke to Jim this week and he had some great news. The SBS wpad files will be available on the ISA downloads page at Microsoft's website in the near future. They're just neatening it up now.

(in reply to sodium)
Post #: 12
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 5:50:00 PM   
jed@midwaypoint.com

 

Posts: 13
Joined: 7.Sep.2005
Status: offline
Amy i read your post Wednesday, July 20, 2005
Getting the Firewall Client to Automatically Detect ISA.
There is a link to sbs_wpad.zip (http://isatools.org/sbs_wpad.zip)
But it does not work.
How do i get this file.
Thanks
Jed

(in reply to sodium)
Post #: 13
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 7:20:00 PM   
MRIS

 

Posts: 58
Joined: 4.Aug.2005
Status: offline
quote:
Originally posted by JedAtMidway:
I don't want to use DHCP because i don't want users on my domain to have local admin rights.

? what you say here is untrue. There is no need for users to have admin rights so that their PC's firewall client can automatically be configured via DHCP.

(in reply to sodium)
Post #: 14
RE: Automatically detect ISA server for FWC 2004 - 12.Sep.2005 11:41:00 PM   
jed@midwaypoint.com

 

Posts: 13
Joined: 7.Sep.2005
Status: offline
MRIS thanks for you reply, in short yes your right.
The reason i thought that users had to be a member of the local administrator group for DHCP autp discovery to work was that i have been reading Tom Shinder's Configuring ISA Server 2004 and in Chapter 5 ISA 2004 Client Types and Automating Client Provisioning is specifly says for DHCP Support that user must be logged on as local administrator. But is this Microsoft artical
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/automaticdiscovery.mspx
is says that this is only the case for Windows 2000 or Firewall Client 2000. So if you are running Windows XP this statement is NOT TRUE.

So for people running SBS 2003 SP1 using DNS to publish automatic discovery information is not an option because of IIS/Exchange using port 80 so you need to use the DHCP to publish automatic discovery information on a different port eg port 6666 as discribed in the above Microsft artical.
Note I did NOT have to apply the registy string SkipAuthenticationForRoutingInformation as describe in this artical to get automatically detect ISA server working.
http://support.microsoft.com/default.aspx?scid=kb;en-us;885683

Hope all this info at least helps someone.
Thanks
Jed

(in reply to sodium)
Post #: 15
RE: Automatically detect ISA server for FWC 2004 - 13.Sep.2005 6:14:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jed,

Actually, its only true if you're running SP2 on the WinXP clients. That information wasn't available when the book was published.

Thanks!
Tom

(in reply to sodium)
Post #: 16
RE: Automatically detect ISA server for FWC 2004 - 13.Sep.2005 1:02:00 PM   
ababinchak

 

Posts: 195
Joined: 16.Aug.2005
From: Michigan
Status: offline
http://isatools.org/sbs_wpad_2.zip

The URL changed. Jim made a few refinements. It'll be moving to the Microsoft ISA downloads site soon. So check there for the final version in the next couple of months.

(in reply to sodium)
Post #: 17

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Automatically detect ISA server for FWC 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts