Re: ISA 2004 and Exchange 2003 Error



ISA 2004 as opposed to ISA2000 protects all interfaces - including
"Internal". Therefore, when you install ISA2004 on your domain controller,
all protocols are blocked (on the internal interface as well) and domain
traffic does not get through. You are basically putting a firewall
in-between your clients and the domain authentication services (which
incidentally run on the same machine but that is not relevant, the concept
is important).

Anyway, you should NOT run ISA on a domain controller, but I'm sure you've
been told that already. If you insist on making it work in the present
config, then you need to create rules on your ISA2004 allowing access from
"Internal" to "Localhost" ("Localhost" is a built-in network object that
represents the ISA2004 computer).

Also for other things like remote management of your ISA2004 machine
(through TS for example), make sure that you have all the right settings in
the System Policy. The System Policy exists on all ISA2004 machine, it
applies before the firewall policy (which contains all your "user-defined"
rules), and can be edited through the special task interface in ISA2004
Management Console. As a rule of thumb, when you want to do something that
involves the ISA2004 computer in some way, always check the System Policy
first.

Virgil




"Thomas" <Thomas@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D586E3F5-50D6-4844-943C-E9675743DBBC@xxxxxxxxxxxxxxxx
>I am trying to install ISA 2004 on a 2003 server with SP1 and when I do so
> the exchange system store and MTA stacks can no longer start on the
> exchange
> server. Can someone please help.
>
> Here is a more detailed description of what my current configuration is.
> We
> have 2 physical servers both running windows server 2003 SP1. the first
> one
> is a dedicated exchange server with exchange server 2003 SP1, and the
> other
> is the gateway server running ISA 2000. the ISA server is the master
> domain
> controller, the schema master, the master browser and so on. The exchange
> server is a back up domain controller, with Active directory and DNS
> installed in it.
>
> What I am doing is I uninstall ISA 200o form the ISA server and then go to
> install the ISA 2004 because I want a clean install. I am able to get the
> internet to work for all networked computers through the ISA server, but
> what
> is not working is the exchange services in the exchange server can no
> longer
> run.
>
> What seems to be happening to me in looking at the error logs and so on
> are
> that that the exchange server can no longer see the ISA server like it
> used
> to, for example I don't think it is able to propagate the active directory
> correctly among other things.
>
> I am guessing that the ISA 2004 needs some ports or settings changed on it
> but I can not figure it out... I searched TechNet and everywhere else that
> I
> could find.
>
> please help.
>
> some of the errors I got in the event logs are
> ___________________________________________________________________
> LDAP Bind was unsuccessful on directory dc2.source.local for distinguished
> name ''. Directory returned error:[0x51] Server Down.
> ___________________________________________________________________
>
> Unexpected error The specified domain either does not exist or could not
> be
> contacted. Facility: Win32 ID no: c007054b Microsoft Exchange System
> Attendant occurred.
> ____________________________________________________________________
>
> Process INETINFO.EXE (PID=1664). Topology Discovery failed, error
> 0x80040a02.
> ___________________________________________________________________
>
> Could not open LDAP session to directory 'dc2.source.local' using local
> service credentials. Cannot access Address List configuration information.
> Make sure the server 'dc2.source.local' is running.
>
> ______________________________________________________________
>
> and I got many other errors....
>
> Please help
>
> Thank you in advance
>
>
>


.