Posts: 9
Joined: 31.May2001
From: Aliso Viejo, Ca, USA
Status: offline
I have a single ISA server which I'm trying to install and use the firewall client from. It doesn't seem to connect to the ISA server. When i open the client from the end user and click on update now, i get the following message:
Error: The server is not responding when client requests and update. -The server is not an ISA server -The server is down
I know for a fact that the server is an ISA server and it is definitely not down. I get a response from a ping to the exact server name in the configuration box.
Also, when I select browse from the Firewall client setting in ISA, it tells me to select the server or array I want to use and there is nothing listed in the browse box to select.
Is there a configuration I need to perform to allow my Firewall Clients to communicate with the ISA server?
Posts: 9
Joined: 31.May2001
From: Aliso Viejo, Ca, USA
Status: offline
Tom,
omt...i just tried to install the client on two other systems (W2K Pro and WNT4 Workstation) and both of them got the same error as below. i tried the internal ip address of the isa server too and that didn't work on either of those systems.
Posts: 10
Joined: 19.Jun.2001
From: Vienna, VA USA
Status: offline
I have this exact same problem! I cannot connect to the ISA server using the firewall client (either by name or internal IP address). I get the error message saying the server is either not an ISA server or is down. However, in IE, I can go into the LAN settings and tell it to use the ISA server to connect to the internet and that works ok...
I have ISA server running in a test lab. I have a Windows 2000 Server that has the firewall client installed. My server's firewall client will not start. I have an error in my System Event Log: Event ID 7024: The Microsoft Firewall Service terminated with service-spcific error 213005.
In my Application Log, I have this error: Event ID 11005: Microsoft Firewall Failed. The failure occurred during the Initialization of Network Address Translation (NAT) because the system call InitNat failed. Use the source location 308.1113.3.0.1200.50 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.
I am confused. Am I missing some files? Should I try to reinstall something?
Posts: 9
Joined: 31.May2001
From: Aliso Viejo, Ca, USA
Status: offline
kemi,
i had a similar problem with my firewall service before. i also was not able to start my proxy service. what fixed it was, i moved the cache file from the directory (c:\urlcache) and then started the services and everything worked. the cache file is the file with (.cdat) as the extension. you should probably just search the isa server for any files with this extension and move them. once it worked again, i just deleted the old cache file.
Clayton, Sorry this isn't an answer to your question but a cry for help as well as I too am having the same problem with the Firewall Client. I am running a test lab and the client machine I am using is a Win 98 machine. Web Proxy client is working fine, but the Firewall Client just refuses to work. However, it did work at one point as I was able to get AOL Instant Messenger working with it, but that was last Friday, since then it refuses to do anything.I have the exact same errors you mentioned on your first post...
I'm trying to install it on a Windows 2000 Server Client. Is that even possible?
The browse button I am refering to is in the isa management box under properties for client configuration - firewall client.
Autodiscovery is off and i've tried the IP address. I get the same error when I try to put the IP address in the box.
I did get the client successfully installed on a Windows NT 4 workstation. just no luck on the windows 2000 server.
Clayton
Hi Clayton,
The configuration on the ISA Server for the Firewall client applies only when the Firewall client is installed. It doesn't do anything after the client is installed.
Go to the machine on which the firewall client is installed and double click on the taskbar icon for the firewall client. Turn off autodiscovery there, and type in the IP address of the ISA Server. Then refresh the configuration and everything should work.
quote:Originally posted by Kemi: I have this exact same problem! I cannot connect to the ISA server using the firewall client (either by name or internal IP address). I get the error message saying the server is either not an ISA server or is down. However, in IE, I can go into the LAN settings and tell it to use the ISA server to connect to the internet and that works ok...
I have ISA server running in a test lab. I have a Windows 2000 Server that has the firewall client installed. My server's firewall client will not start. I have an error in my System Event Log: Event ID 7024: The Microsoft Firewall Service terminated with service-spcific error 213005.
In my Application Log, I have this error: Event ID 11005: Microsoft Firewall Failed. The failure occurred during the Initialization of Network Address Translation (NAT) because the system call InitNat failed. Use the source location 308.1113.3.0.1200.50 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.
I am confused. Am I missing some files? Should I try to reinstall something?
Thanks, Kemi
Hi Kemi,
If you have the Firewall Client installed on the ISA Server, remove it!
Also, it sounds like maybe you have ICS or the Win2k RRAS NAT service running. If either is true, be sure to disable them. The best thing for you to do right now, unless you're running a VPN, is to disable RRAS (don't stop it, disable it).
quote:Originally posted by rog2e: Clayton, Sorry this isn't an answer to your question but a cry for help as well as I too am having the same problem with the Firewall Client. I am running a test lab and the client machine I am using is a Win 98 machine. Web Proxy client is working fine, but the Firewall Client just refuses to work. However, it did work at one point as I was able to get AOL Instant Messenger working with it, but that was last Friday, since then it refuses to do anything.I have the exact same errors you mentioned on your first post...
Hi Rog,
Make sure you use the IP address rather than the name of the ISA Server in the firewall client applet on the client.
Posts: 10
Joined: 19.Jun.2001
From: Vienna, VA USA
Status: offline
Hi Tom, Thank you for your reply. I will try that. I got it to work with RRAS enabled but I know that is the wrong way! I did not install the firewall client on the ISA server but my client computer is another Win2K server. I am reading your book now, so hopefully I will be able to get things running smoothly soon.
Posts: 9
Joined: 31.May2001
From: Aliso Viejo, Ca, USA
Status: offline
tom,
i've had the autodiscovery off on all the client computers i tried to get to work and it still did not work. i've even un-installed the client and re-installed it with the autodiscovery off about 5 times. it seems like i've been through every possible setting and i really don't understand why this won't work.
the only other thing i can think is that i have a ms proxy 2.0 server still in production that handles my production environment until i get this isa completely working. if i direct the firewall client to that server, it seems to work. but the purpose of me putting this isa server in place is to decomission this proxy 2.0 server, which i can't do until i get all the services moved to the isa server. i've tried stopping the winsock service on the proxy 2.0 server, but it didn't make a difference.
i setup my isa server in integrated mode...would that make a difference here? isa definitely seems buggy and i'm hesitant to move my entire production environment to this product right now. i've even followed some simple instructions off this website word for word, like opening up napster, and that didn't seem to work either.
anyway...i would really like to get this firewall client working. it doesn't seem like it should be this difficult.
What I found that worked fine was that I had to add an CNAME entry for WPAD to the DNS server. Once I did that, all my problems went away.
I had done the same thing as you: entered the server name manually etc. NOTHING WORKED until I added the DNS entry and made sure that my default DNS suffix on the client was correct (because the firewall client appends the suffix to WPAD to find the ISA server).
quote:Originally posted by Kemi: Hi Tom, Thank you for your reply. I will try that. I got it to work with RRAS enabled but I know that is the wrong way! I did not install the firewall client on the ISA server but my client computer is another Win2K server. I am reading your book now, so hopefully I will be able to get things running smoothly soon.
Kemi
Hi Kemi,
Thanks for getting the book! It should help clear some things up for you. Remember to ask questions when they come up.
i've had the autodiscovery off on all the client computers i tried to get to work and it still did not work. i've even un-installed the client and re-installed it with the autodiscovery off about 5 times. it seems like i've been through every possible setting and i really don't understand why this won't work.
the only other thing i can think is that i have a ms proxy 2.0 server still in production that handles my production environment until i get this isa completely working. if i direct the firewall client to that server, it seems to work. but the purpose of me putting this isa server in place is to decomission this proxy 2.0 server, which i can't do until i get all the services moved to the isa server. i've tried stopping the winsock service on the proxy 2.0 server, but it didn't make a difference.
i setup my isa server in integrated mode...would that make a difference here? isa definitely seems buggy and i'm hesitant to move my entire production environment to this product right now. i've even followed some simple instructions off this website word for word, like opening up napster, and that didn't seem to work either.
anyway...i would really like to get this firewall client working. it doesn't seem like it should be this difficult.
thanks for your help
Hi Clayton,
Are you using IP addresses or computer names in the Firewall Client configuration dialog box? Does it work if you use IP addresses? If so, it might indicate a name resolution problem. Do you have a WINS and DNS server on the network and are the clients using them?
Posts: 9
Joined: 31.May2001
From: Aliso Viejo, Ca, USA
Status: offline
tom,
i've used the name and ip address in the client configuration box. i can ping the server using the name from the client computers, so i don't believe it's a name resolution problem. i have a dns server and a wins server on the network. my isa server is registered on the dns and it also has an entry in the wins database.
i also tried setting up the wpad cname entry in the dns as ken suggested, but still that does not work.
i feel i'm getting dangerously close to a complete rebuild of the server and hope that somehow that will miraculously make all my problems go away.
Posts: 9
Joined: 31.May2001
From: Aliso Viejo, Ca, USA
Status: offline
Hi Tom,
No, I haven't rebuilt the server yet. I think I'm going to go with the PIX for my Firewall solution and use ISA for just Proxy and http caching. I've had too many problems with ISA. anyway...I ran that utility and this is the response I got:
****************************************************************** **** Firewall client Diagnostic Information **** ******************************************************************
WAIT... WAIT...
-------------------------------------------
The client & server control protocol DO NOT MATCH PLEASE RUN SETUP !
I've re-run setup a few times and it doesn't help.
Well, I can't fault you for using PIX if you have one sitting around
Let us know how your caching solution goes, and if you try ISA Server again for your Firewall, I think you'll be pleasantly surpirzed (esp. after SP1).