Re: Firewall client problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 03/09/04

Next message: Jim Harrison [MSFT]: "Re: Macintosh behind ISA can't use VOIP app, but MSN chat works..."
Previous message: Jake: "RE: Software to isa server"
In reply to: Chris Cook: "Re: Firewall client problem"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 9 Mar 2004 14:24:06 -0800

Remove the ISA external IPs from the activedirecory.loc zone.

-- 
 Jim Harrison [ISASE]
 Read the help, books and articles!
 This posting is provided "AS IS" with no warranties, and confers no rights.
"Chris Cook" <chris.cook@qsuper.qld.gov.au> wrote in message news:4a47567c.0403051629.4897b85f@posting.google.com...
"News" <emailmequan@hotpop.com> wrote in message news:<e9aYKalAEHA.3456@TK2MSFTNGP09.phx.gbl>...
> Hi All,
I have a DNs issue with the autoconfiguration script that is used from
ISa server to configure both the Firewall client and IE. The clients
are in a different domain (NT4) to the self contained W2K3 Active
Directory Environment that hosts the ISA server. I can force DNS
resolution to the AD Forrest using the NT4 DNS ZONE (adding entries
for the ISA server in the NT4 ZONE e.g ISA.nt4.loc), but when I use
the autoconfiguration script,which we need to make the ISA array fault
tolerant, it sends back the AD domian name within the script (e.g
ISA.Active Directory.loc). This in itself is not an issue, but when
the clients resolve this address, they are presented with a round
robin IP arrangement that will point to the external NIC of the ISA
server. I cannot disable round robin on the DNS server as it is
required for other services. Is there a way to alter the auto config
script to return the nt4.loc domin name?
I think after reading a lot of the problems listed in many of the
discussion groups that this is a comon problem, but I cannot find a
solution.
Please help,
Chris

Next message: Jim Harrison [MSFT]: "Re: Macintosh behind ISA can't use VOIP app, but MSN chat works..."
Previous message: Jake: "RE: Software to isa server"
In reply to: Chris Cook: "Re: Firewall client problem"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: CEICW fails - several errors
... The firewall isn't used when ISA is installed. ... On the WAN NIC of your server the DNS has to point to the LAN IP. ... I immediately checked and ISA Server ...
(microsoft.public.windows.server.sbs)
Re: Allow Remote Subnet to Authenticate
... LAN router doesn't have the ISA servers as it's gateway. ... The ISA server internal nic is in the 10.0 subnet and C/TS on that subnet ... DNS I don't see as being even relevant to this,...but the details of the ...
(microsoft.public.isa.configuration)
Success story. To whom it may concern ;-)
... A while ago I faced an issue with accessing some website via my ISA server. ... I configured my local DNS server to send DNS queries it cannot resolve by ... DNS service that have performed name resolution. ...
(microsoft.public.isa)
Re: issue with DNS forwarder on ISA SERVER
... Forget the whole thing and remove the DNS Service off of the ISA. ... Create an Access Rule to allow outbound DNS Queries for the AD/DNS machines. ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
(microsoft.public.isaserver)
Re: ISA2006 & DNS
... never assign a DNS Entry on ISA Server External NIC. ... The AD/DNS uses the ISP's DNS in the Forwarders List ...
(microsoft.public.isa)