RE: Understanding ISA Server System Policy

Because your Setup is not recommended and the System Policy consider your
have an ISA Server that is SEPERATE from your DC which considered to be on
your Internal Network and NOT Installed on the LocalHost itself !!

HTH,
Tarek
--
_____________________________

Tarek Majdalani
Computer Engineer, CIW, MCSA: Security 2000/2003
http://www.elmajdal.net/ISAServer


"Andy" wrote:

I am running ISA 2006 Standard on a Windows 2003 Enterprise R2 Server which
is a DC with DHCP and DNS roles.

I know it is best having ISA on another server but that is what the primary
school that I work at wanted after our LEA ICT support people said that is
all we needed. It saved the school some money and I had to go along with it.

The server has 2 NIC's for internal and external (internet) traffic.

External
10.210.10.10
Subnet Mask 255.255.255.0
Gateway 10.210.10.1
TCP/IP only

Internal
10.200.10.10
Subnet Mask 255.255.255.0
Gateway Blank
Client for Microsoft Windows, QoS, File and Printer sharing, TCP/IP.

The Internal card is above the external card in the advanced options in
network connections.

At http://www.microsoft.com/technet/isa/2006/system_policy.mspx it mentions
that default system policies are applied after a default install for required
network services: Active Directory, DHCP, DNS etc

Initially my workstations couldn't get an IP address through DHCP.

I created my own access rule for DHCP Requests and Replies, DNS, LDAP and
PING, the workstations could get an IP address and the DNS server was from
the internal card. I could then ping the server through IP address and by
name.

I still cannot get the workstation to join the domain. It asks me for the
username and password, which I enter the correct user details to perform the
task. After a while I get a network path not found error.

My questions are:
1. Why did I have to create my own access rules when there are default
system ploiys for these?
2. If I do have to create rules, what have I missed to enable the
workstations to join the domain?

Thanks in advance for any help you can offer.

Andy
.

Relevant Pages

  • Re: Cannot connect to RWW from home PC
    ... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
    (microsoft.public.windows.server.sbs)
  • Re: Non-domain connection problem
    ... For some reason the DNS is persistent. ... connect new PC to the internet from the non-domain network: ... In server 2000 gpoedit.msc showed them but in SBS it is different. ...
    (microsoft.public.windows.server.sbs)
  • Re: resolve incorrect IP from RRA server.
    ... dynamic address, 10.5.101.123 from DHCP server. ... This is because the addtional DNS records that get registered cause major problems with AD functionality, especially the additional IPs registered by RRAS. ... However, if you choose to keep RRAS on the DC, then you have to force DNS to only register the internal static interface, and no others. ... If it is the internet gateway, it is recommended to purchase an inexpensive, or cable/DLS router, or even better, a Cisco or similar firewall to perform the task, which if it is compromised by an internet attacker remotely, can further compromise the rest of the internal network. ...
    (microsoft.public.windows.server.dns)
  • Re: Urgent! New router and big disaster
    ... Even a single-NIC configuration should have ONLY the LAN IP of the server as ... Then you can run the CEICW or use the DNS console to enter ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect to RWW from home PC
    ... DNS stuff says your mail server is responding with reply that is not MS ... When we setup this new SBS2003 setup we installed without ISA as it does ... not seeing any problems anywhere regards internet or email - we also run ...
    (microsoft.public.windows.server.sbs)
Loading