Posts: 4
Joined: 15.Jan.2005
From: Chicago area
Status: offline
Nice - very nice. Well done.
Simple question: Do same reg keys work for ISA-04??
I have a similar issue (at least it has the earmarks) - different client, different host, different service. However, same behavior, same symptoms, same environment - a LOT of hits on a few servers. It seems easy enough to try the hack and see if it resolves my issue.
Posts: 1561
Joined: 22.Jul.2002
From: Sydney, Australia
Status: offline
A truly brilliant and informative article. Whilst never being plagued with this problem myself as I've only ever installed ISA in sites that either a) Run their own "internal" mail-server or b) ran a relatively small number of internal clients. This does however clear up a number of posts/questions I've seen over the years. Cheers to you! Thanks Stefaan
Posts: 22
Joined: 11.Jul.2003
From: USA
Status: offline
Greetings to all: Great article. Congratulations. I had a similar problem a few months ago with a network I inherited as administrator. The internal clients were addressing the POP3 server with the public name and complained of several timeout problems. I changed the configuration and have them address the mail server with its internal FQDN and never got a timeout again. Are both things related? Regards, Marco.
I have one ISA2000 (running Firewall and Cache and one DMZ (where is located the mail server)) over Win2000Server, and made the registry modification cited in the article "The mystery of the failing POP...", however, exactly thus, intermittently, we continue with POP connection problems. We perceive that some times, beyond the POP connections problem, the Cache service it also unavailable. Some times we need to restart the Windows 2000 SRV - for not being possible to restart ISA services. When we make this, all return to works fine, as nothing had been happened and does not have nothing stranger in logs and the event logs.
are the internal clients configured as Firewall or SecureNAT clients? Remember that the issue described in my article happens *only* with Firewall clients, *not* SecureNAT clients.
Hi.. I am using 2003 serv / isa 2000 When clients try to use outlook connection lost and give a warning "isa server inaccessible"
when I looked registry at HKLM\System\CurrentControlSet\Services\FwSrv\Parameters I saw only installroot reg_sz.. I did your suggestion but still cant solve this..
Please help me its very big problem.. My company cant live without mail.
did you first verify that your issue is indeed what is described in my article? Can you proof it with a netmon trace?
Also, if the regkey isn't there, create it and if it is the same issue, the problem should be solved. Of course, don't forget to restart the Firewall service.
according to your information, it doesn't sound to be the same problem as described in my article. Can you provide us a NetMon trace on the ISA internal and external interface of such an incident?
I am having problem in routing POP3 access through the ISA server (2000).Few dayz back this was working. Firewall clients could directly access their external POP3 servers and check their mails. I checked the article published by you and modified the keys.Thanks a ton and really appriciate for publishing such a detailed troubleshhoting article. However I am able to to check mails using HTTP server like hotmail.
if it worked before, then something must have changed. The first thing to check out is the ISA Firewall log. What's that telling you? Make sure you have enabled the logging of all fields to get the most out of it.