RE: Understanding ISA Server System Policy

for dhcp and dns the system policies do able isa to be dhcp and dns CLIENT
not a server.
I show you required protocols and hope that you will be able to create
required access rule and properly configure them.
Microsoft CIFS (TCP 445)

DNS
Kerberos-Adm(UDP)
Kerberos-Sec(TCP)
Kerberos-Sec(UDP)
LDAP (TCP)
LDAP (UDP)
LDAP GC (Global Catalog)
RPC (all interfaces)
NTP
Ping

then you will be able to successfully join clients to your AD domain.
--
Mohammad Ghavidel MCSE 2000 & 2003


"Andy" wrote:

I am running ISA 2006 Standard on a Windows 2003 Enterprise R2 Server which
is a DC with DHCP and DNS roles.

I know it is best having ISA on another server but that is what the primary
school that I work at wanted after our LEA ICT support people said that is
all we needed. It saved the school some money and I had to go along with it.

The server has 2 NIC's for internal and external (internet) traffic.

External
10.210.10.10
Subnet Mask 255.255.255.0
Gateway 10.210.10.1
TCP/IP only

Internal
10.200.10.10
Subnet Mask 255.255.255.0
Gateway Blank
Client for Microsoft Windows, QoS, File and Printer sharing, TCP/IP.

The Internal card is above the external card in the advanced options in
network connections.

At http://www.microsoft.com/technet/isa/2006/system_policy.mspx it mentions
that default system policies are applied after a default install for required
network services: Active Directory, DHCP, DNS etc

Initially my workstations couldn't get an IP address through DHCP.

I created my own access rule for DHCP Requests and Replies, DNS, LDAP and
PING, the workstations could get an IP address and the DNS server was from
the internal card. I could then ping the server through IP address and by
name.

I still cannot get the workstation to join the domain. It asks me for the
username and password, which I enter the correct user details to perform the
task. After a while I get a network path not found error.

My questions are:
1. Why did I have to create my own access rules when there are default
system ploiys for these?
2. If I do have to create rules, what have I missed to enable the
workstations to join the domain?

Thanks in advance for any help you can offer.

Andy
.

Relevant Pages

  • Re: DHCP IP lease renewal ok, but a new PC can not obtain an IP ("An e
    ... I guess the problem seen with DHCP from PC's is a symptom of another ... Note that both robert and tina are blade servers within the save blade ... Connection-specific DNS Suffix. ... I.e. DNS servers has their own IP as the first DNS server and another as ...
    (microsoft.public.windows.server.networking)
  • RE: RPC Service unavailable
    ... Below are settings with fixed and DHCP settings on one op the clients: ... DNS Suffix search list: maddogs.local ... also when setting things on DHCP I can still access the client woth RDP ... is that the dhcp server is assigning some options incorrectly, ...
    (microsoft.public.windows.server.dns)
  • Re: Application Hang
    ... If the workstation ip is expired, the lease time is exceeded, delete the ip on the DHCP server "address leases" and run ipconfig /renew on the workstation. ... The forwarders ip is only used form the DNS server, all domain members will ask the domain DNS server for the www.whatever.com address, if the server doesn't know it, it will automatically forward ther request to the ip addresses under the forwarders tab. ... When I do a "ipconfig /all" on the client, ...
    (microsoft.public.windows.server.networking)
  • Re: Internet Speed
    ... I think what we are trying to say is to use the DHCP from the SBS and NOT ... DNS and WINS point to the SBS. ... as the server IP address. ... it is recommend to configure all SBS client computers' IP and DNS ...
    (microsoft.public.windows.server.sbs)
  • Re: Application Hang
    ... When I do a "ipconfig /all" on the client, it is now showing the router's IP address as it should, but I still can't get to the internet on the client. ... I've noticed a couple of things in the server that may or may not be significant: ... I am still hoping that you will post the scope options from the DHCP ... "without DG ip address" I assume you mean to set the DNS to auto. ...
    (microsoft.public.windows.server.networking)