RE: ISA Server lost domain

From: Hubco (anonymous_at_discussions.microsoft.com)
Date: 05/03/04 

Date: Mon, 3 May 2004 13:06:39 -0700

Hi there;

Nic1: 172.16.32.240 Is my Internal Network
Nic2: 172.16.18.131 is my External Network. I have gteway
only on the Ext NIC. Also, I removed the 172.16.18.x from
my LAT, but when i did that I was not able to login to
Domian from the ISA server. Do I need a filter or
anything to resolve this.

Thanks.

p.s Domain Controller is running on a seprate BOX.
>-----Original Message-----
>Hi there,
>
>You won't be able to use ISA as a firewall if both of
the interfaces are configured for internal access(i.e.
both of their IP addresses are in the LAT table)
>You need to configure an internal and an external NIC
for things like routing to work.
>Also, when you 'lose the domain controller' you mean it
does not show up in the browse list correct? Is ISA also
your domain controller?
>
>The problem with multihomed browsers is that the browser
service can only bind to one interface and Windows may
chose to bind to either one on a
>multihomed server. Please take a look at the following
kb:
>Symptoms of Multihomed Browsers WGID:162
>ID: 191611
>http://support.microsoft.com/?id=191611
>
>So, again you need to define what is you internal
network and what is the external network and only enable
NetBIOS over TCP/IP on one (usually the
>internal) for network browsing to work better.
>
>Here an article that provides more details about the NIC
adapter configuration for ISA server:
>HOW TO: Safely Connect Your Company to the Internet in
Windows 2000 WGID:358
>ID: 300876
>http://support.microsoft.com/?id=300876
>
>--------------------
>Content-Class: urn:content-classes:message
>From: "HUBCO" <anonymous@discussions.microsoft.com>
>Sender: "HUBCO" <anonymous@discussions.microsoft.com>
>References:
<727ce729.0404300413.71616b31@posting.google.com>
<nFtWa7uLEHA.1136@cpmsftngxa10.phx.gbl>
>Subject: RE: ISA Server lost domain
>Date: Mon, 3 May 2004 10:15:53 -0700
>
>Hi there;
>
>I have a smellier issue with my ISA 2000.
>
>I have ISA 2000 running on windows 2003 and I have it
>configured as integrated mode so I can take advantage of
>firewall & caching. The ISA server has 2 NIC's connected
>to 2 different internal networks. Once is used for
>Intranet & the second one is used for internet, but both
>are internal Network. For some reason if I remove the
>Internet subnet from the LAT then the ISA server lose
the
>domain controller, but when I stop the ISA services then
>I will be able to see the domain. I am lost here, and I
>am very sorry to bother you, but I figured you may know
>something about this. I am not sure if I have to add a
>rule or anything, but if I add the internet NIC subnet
>then I can't FTP, and if I remove it then I can't see
the
>domain. Please Help.
>
>
>
>>-----Original Message-----
>>Hello,
>>
>>This may be an issue with the ISA administration
>component, but back up your ISA installation before
>making changes.
>>
>>The built-in backup tool included with ISA Server 2000
>can enable you to create a system specific point in time
>backup of the ISA Server 2000 firewall
>>configuration. These backups work great when you need
to
>return to a previous configuration after making changes
>to the firewall configuration that don't
>>work the way you expect them to. However, if you try to
>use that backup file for disaster recovery, the ISA
>Server 2000 integrated backup utility's backup file
>>can only be restored to the same installation on the
>same machine. If the operating system is wiped out, then
>the backup file is of no use.
>>
>>The ISA Server 2000 disaster recovery solution is Jim
>Harrison's import/export script. This script allows you
>to back up almost all of the critical components
>>of the current ISA Server 2000 firewall configuration
>and then restores them to a new ISA Server 2000 firewall
>installation. Jim's import/export script is a real
>>life saver and a must-have for any ISA Server 2000
>firewall administrator. Download the tool from Jim's
>www.isatools.org Web site at
>>http://www.isatools.org/ISAExportImport.zip
>>
>>Once you have a back up of your ISA installation then
>try removing and reinstalling the ISA Management
>component from the Administration tools.
>>
>>--------------------
>>From: mifisauk@yahoo.ca (kosta iaralov)
>>Subject: ISA Server lost domain
>>Date: 30 Apr 2004 05:13:00 -0700
>>
>>Hi, there!
>>I have ISA 2000 Standard as Win2K3 Standard member
>server. I can log
>>in/log out to domain without problems.
>>
>>Half a year ago I installed ISA Server and created rule
>based on exact
>>domain user group. It was OK.
>>After some months passed I discovered that sometimes my
>rule doesn't
>>show itself correctly. I started getting ??? signs
>instead of
>>domain\usergroup name as it was before. At the same
time
>my remote MMC
>>was not able to connect to ISA Server.
>>It was intermittent at the beginning. Now it becomes
>permanent.
>>That rule still works despite I cannot see domain user
>group in rules
>>list, but I cannot create any new rules based on domain
>accounts. It
>>sais that it cannot find domain. I also cannot connect
>
>to ISA Server
>>from any other computer using MMC.
>>
>>Any advices will be appreciated a lot!
>>
>>
>>--
>>Sergio Moreno
>>Microsoft Windows Networking
>>
>>This posting is provided "AS IS" with no warranties,
and
>confers no rights. Use of included script samples are
>subject to the terms specified at
>>http://www.microsoft.com/info/cpyright.htm
>>
>>Note: For the benefit of the community-at-large, all
>responses to this message are best directed to the
>newsgroup/thread from which they originated.
>
>
>--
>Sergio Moreno
>Microsoft Windows Networking
>
>This posting is provided "AS IS" with no warranties, and
confers no rights. Use of included script samples are
subject to the terms specified at
>http://www.microsoft.com/info/cpyright.htm
>
>Note: For the benefit of the community-at-large, all
responses to this message are best directed to the
newsgroup/thread from which they originated.

Relevant Pages

  • Re: Internet Intermittent Connection
    ... "Mohammed A. Raslan" wrote: ... Internal Network: 192.168.100.1 - 192.168.100.255 ... "ISA Server detected a proxy chain loop. ... internet. ...
    (microsoft.public.isa)
  • Re: Internet Intermittent Connection
    ... Internal Network: 192.168.100.1 - 192.168.100.255 ... any other networks and remove any additional ranges if they are added. ... "ISA Server detected a proxy chain loop. ... I have an intermittent Internet connection that has been going on ...
    (microsoft.public.isa)
  • Re: Internet Intermittent Connection
    ... Internal Network: 192.168.100.1 - 192.168.100.255 ... any other networks and remove any additional ranges if they are added. ... "ISA Server detected a proxy chain loop. ... I have an intermittent Internet connection that has been going on ...
    (microsoft.public.isa)
  • Re: Remote Access and Outlook Web Access on SBS 2003
    ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... network, firewall, secure Web site, and e-mail. ... NETWORKING CONFIGURATION SUMMARY ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA Server 2004 and Application Events 14147
    ... This newsgroup only focuses on SBS technical issues. ... | any Internet access restriction from either the server or the internal ... |> Server computer is different from the ISA Server configuration. ... and add your internal network adapter. ...
    (microsoft.public.windows.server.sbs)