RE: Understanding ISA Server System Policy

Hello Mohammad,

Thank you for that great information. The only ones I hadn't allowed is
Kerberos-Adm (TCP), Kerberos-Sec (TCP) and LDAP GC

Unfortunately I am not having any look still as mentioned in my ISA 2006 -
The remote procedure call failed and did not execute question I have
submitted.

Incidently, why do these rules need crerating if there are already system
policies?

Thanks again.

Andy

"Mohammad Ghavidel" wrote:

for dhcp and dns the system policies do able isa to be dhcp and dns CLIENT
not a server.
I show you required protocols and hope that you will be able to create
required access rule and properly configure them.
Microsoft CIFS (TCP 445)

DNS
Kerberos-Adm(UDP)
Kerberos-Sec(TCP)
Kerberos-Sec(UDP)
LDAP (TCP)
LDAP (UDP)
LDAP GC (Global Catalog)
RPC (all interfaces)
NTP
Ping

then you will be able to successfully join clients to your AD domain.
--
Mohammad Ghavidel MCSE 2000 & 2003


"Andy" wrote:

I am running ISA 2006 Standard on a Windows 2003 Enterprise R2 Server which
is a DC with DHCP and DNS roles.

I know it is best having ISA on another server but that is what the primary
school that I work at wanted after our LEA ICT support people said that is
all we needed. It saved the school some money and I had to go along with it.

The server has 2 NIC's for internal and external (internet) traffic.

External
10.210.10.10
Subnet Mask 255.255.255.0
Gateway 10.210.10.1
TCP/IP only

Internal
10.200.10.10
Subnet Mask 255.255.255.0
Gateway Blank
Client for Microsoft Windows, QoS, File and Printer sharing, TCP/IP.

The Internal card is above the external card in the advanced options in
network connections.

At http://www.microsoft.com/technet/isa/2006/system_policy.mspx it mentions
that default system policies are applied after a default install for required
network services: Active Directory, DHCP, DNS etc

Initially my workstations couldn't get an IP address through DHCP.

I created my own access rule for DHCP Requests and Replies, DNS, LDAP and
PING, the workstations could get an IP address and the DNS server was from
the internal card. I could then ping the server through IP address and by
name.

I still cannot get the workstation to join the domain. It asks me for the
username and password, which I enter the correct user details to perform the
task. After a while I get a network path not found error.

My questions are:
1. Why did I have to create my own access rules when there are default
system ploiys for these?
2. If I do have to create rules, what have I missed to enable the
workstations to join the domain?

Thanks in advance for any help you can offer.

Andy
.

Relevant Pages

  • Re: Coonecting to an External SQL Server
    ... SQL (TCP). ... What is denying my attempted connection is the SBS Internet Access Rule. ... to connect to the external server from a client. ...
    (microsoft.public.windows.server.sbs)
  • Re: LDAP & Access Rule
    ... Understanding the ISA 2004 Access Rule Processing ... Microsoft Internet Security & Acceleration Server: ... Microsoft ISA Server Partners: Partner Hardware Solutions ... I created an LDAP server and tried to create a rule to allow access to the ...
    (microsoft.public.isa)
  • Re: Need Help Understanding Kerberos SPN Problem
    ... LDAP runs on both (listener on 389 tcp). ... is a server down to the clients. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)
  • RE: LDAP & Find People not working
    ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)