I have the firewall client on 2 workstations. It will work fine for a while, and then suddenly you will go to a page and get the message "unable to display". From that time on the only way to get it working with the firewall client is to reboot. If you click on the firewall client and hit refresh, you get an error message. If you reboot the workstation, it works again.
The Firewall client can be sensitive to name resolution, so make sure your WINS or DNS is setup so that the name of the Firewall client server can be resolved to the internal interface of the ISA Server.
I have my DNS set up on a server other than the ISA Server. I have the names and IP addresses of the workstations, along the with ISA server in the DNS. I also have the DNS on the workstations set to both the internal and external DNS Servers.
Is that what you mean by the firewall client Firewall client server being able to resolve to the internal interface of the ISA Server?
I'm fairly new to ISA and have read your books numerous times, but still can't seem to resolve this issue.
Thanks for pointing me to this article but I have already reviewed it. The disconnects only happen on the firewall clients and they are not disconnected from the network, they just can't get to sites (unable to display page). This article also talks about 40 connections by 1 client and they only do 1 connection at a time.
If your clients have their Primary DNS Server set to your DNS Server and their Secondary DNS Server pointing to something external such as your ISP, this is most likely the cause.
If for any reason the Primary DNS Server is unreachable, the client will fail over to using the Secondary DNS Server which will not have any host records for computers on your domain. The client will continue to use the Secondary DNS Server and never attempt to talk to the Primary DNS Server until it is rebooted.
Many people assume that Secondary means that this server will be used to look up records that can't be resolved if the Primary can't answer the request. This is not the case. The Secondary is only used if the Primary is not reachable.
Configure your clients to only use your local DNS Server and if you require resolution of real world FQDN's, configure your DNS Server to forward requests to an external DNS Server.
Right on. By default, the ISA Server performs proxy DNS for the Firewall clients. So, there's no reason at all to include an external DNS on the Firewall clients. The internal interface of the ISA Server should be configured with the IP address of the internal DNS server which can resolve Internet host names.
i am having a similar problem. I understand how DNS would play into that completely, as the clients need to correctly resolve the internal IP in order for the firewall client to properly find the ISA server. I have an external DNS that points all web and mail records to IPs on the ISA server that it listens to. It does NOT resolve or contain any internal hosts. We then have two internal DNS servers resolving all internal hosts, and it includes the correct record for the internal adapter on the ISA server. These DNS servers then use forwarders to resolve internal queries to external hosts not in our domain.
Firewall client is installed, and auto discovery is being used. i have added a WPAD option to our DHCP server, which contains the path to our configuration info (http://<servername>:<port>/wpad.dat)
for the most part, everything works fine, but on random workstations, at random times, they loose connection to the ISA server, and can only display internal webpages. Rebooting usually works, or you can open the firewall client systray and click on "Update Now". it sometimes reconnects right away, and sometimes it takes 30 seconds or so. then it works great again.
I've even bypassed DNS altogether, and set all the autodiscovery and proxy settings to use the actual IP address instead, and it still does it.
So, any ideas or suggestions are appreciated. Sorry for jacking this thread, but I didn't see the need to start a whole new thing again.