Re: ISA Server Problems, please help
From: Stuart Mackie [MCSE MCSA] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 02/10/05
- Next message: John: "Re: POP3 Receive only?"
- Previous message: John: "Re: Open range of ports instead of individual"
- In reply to: Joey K: "Re: ISA Server Problems, please help"
- Next in thread: Joey K: "Re: ISA Server Problems, please help"
- Reply: Joey K: "Re: ISA Server Problems, please help"
- Reply: Joey K: "Re: ISA Server Problems, please help"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Feb 2005 21:56:16 -0000
Hi Joey.
1. By default W3PROXY.EXE reserves 50% of memory for caching purposes.
Please have a look at the following and try adjusting your settings
http://www.smallbizserver.net/Default.aspx?tabid=122
2. Can you provide more information on your current configuration
- ipconfig /all data for your server
- You mention users browsing the web are unaffected and Firewall clients
are unaffected, is it secureNAT clients which are affected ?
- what action causes the proxy chain loop errors logged i.e. when
accessing an internal website/resource, or when someone external accesses an
internal resource etc ?
- is your ISA server allowing any type of internet or internal access ?
3. Since SecureNAT are unable to authenticate for internet access, you need
to have a Site and Content Rule, and a Protocol Rule which are set to allow
'Any Request' (i.e. anonymous connections). The default configuration of
ISA is configured this way. You need to consider whether this configuration
is what you want since all internal systems will be provided unrestricted
internet access. Any rules you create which control access using
users/groups etc will in effect be ignored because the all access rule will
be used by ISA before the outgoing connection is asked for credentials
(which SecureNAT clients can't provide). Ideally you would only provide
unrestricted access to specific sites rather than 'All Destinations'.
Are you able to install the firewall client rather than leaving them as
SecureNAT clients ?
4. 403 Forbidden - The ISA Server denies the specified Uniform Resource
Locator
(URL). (12202)
Do you get this error on an workstation, or when trying to access websites
on the ISA server itself ?
There are a number of good documents on www.isaserver.org which explain a
number of features in ISA. In particular if you haven't used ISA server
before, understanding how to configure rules for your Access Policy and the
differences between the secureNAT, firewall and web proxy clients would be a
few core areas to look at.
-- Hth, Stuart Mackie www.stu.uk.com MCSA: & MCSE: Security "Joey K" <no@nospam.com> wrote in message news:OnKwqL4DFHA.4004@tk2msftngp13.phx.gbl... >I just re-ran the wizard and reconfigured all of the settings. It did not >seem to change or disable any of the ISA rules and settings. > > > > Another problem I am having is, using SecureNat client internally on IE > (without the proxy set) I still get a > > 403 Forbidden - The ISA Server denies the specified Uniform Resource > Locator (URL). (12202) > Internet Security and Acceleration Server > error message. > > > I will have to wait and see if any more chain loop error messages show up. > How do I check and disable any upstream proxy requests? I checked the > Default rule (the only one) in the Routing folder, but that is set for > "Retrieve the request directly." > > Thanks, > Joey > > > > > "Henry Craven [SBS-MVP]" <IUnknown@Dot.Nyet> wrote in message > news:%238Dn9U0DFHA.3972@TK2MSFTNGP15.phx.gbl... >> Have a look at, and bookmark: http://www.eventid.net >> >> 1st thing I'd go is re-run the To-Do List CEICW >> That will reset all the ISA settings so you should have a clean slate to >> work with and be able to sort any errors before bringing in extraneous >> ones due to custom settings. >> >> -- >> Henry Craven {SBS-MVP} >> CI Information Technology >> ---------------------------------------------------- >> Melbourne SBS Users Group - >> http://groups.yahoo.com/group/melb-SBSusers/ >> >> "Joey K" <no@nospam.com> wrote in message >> news:OjIOW%23uDFHA.512@TK2MSFTNGP15.phx.gbl... >>>I have been a long time SBS user with version 4.5. Early, last month I >>>did a clean install of SBS 2003 Pro on the server here and everything >>>runs great (I installed a standard version back in October to learn the >>>new system). >>> >>> However, I am having lots of problems with ISA 2000 server. I feel like >>> I don't entirely understand what and how configure it. Users can access >>> the web alright with the proxy server settings in Firefox/IE. And >>> Firewall clients seem to work fine as well. The configuration I have is >>> really basic with two network adapters and I am running in the >>> combination mode (or whatever it was called with cache and firewall). >>> The external interface is connected to a router with static WAN DSL >>> connection on a subnet of 192.168.123.xxx. The internal adapter is >>> 192.168.16.2. >>> >>> >>> My big problems/questions are: >>> >>> 1. Memory! W3PROXY.EXE is showing 400,000 K of mem usage and 1,200,000 >>> of VM Size. That seems WAY too much for a proxy service with only 5-10 >>> users max. Does this sound right? >>> >>> >>> 2. Error message in the event viewer: >>> >>> Event Type: Warning >>> Event Source: Microsoft Web Proxy >>> Event Category: None >>> Event ID: 14141 >>> Date: 2/9/2005 >>> Time: 2:44:45 PM >>> User: N/A >>> Computer: PE2600 >>> Description: >>> ISA Server detected a proxy chain loop. There is a problem with the >>> configuration of the ISA Server routing policy. >>> >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> >>> ---- >>> >>> Event Type: Warning >>> Event Source: Microsoft Web Proxy >>> Event Category: None >>> Event ID: 14149 >>> Date: 2/9/2005 >>> Time: 12:47:12 PM >>> User: N/A >>> Computer: PE2600 >>> Description: >>> Web Proxy service failed to listen to 127.0.0.1 port 80. The network >>> interface card might not be functional. The error code specified in the >>> Data area of the event properties indicates the cause of the failure. >>> For more information about this event, see ISA Server Help. >>> >>> For more information, see Help and Support Center at >>> http://go.microsoft.com/fwlink/events.asp. >>> Data: >>> 0000: 1d 27 00 00 .'.. >>> >>> ---- >>> >>> Then in my ISA server management console there are other errors listed >>> in the alert section: >>> >>> 1. Routing (chaining) failure. The ISA server failed to route the >>> request to an upstream server >>> 2. Upstream chaning credentials. Upstream chaning credentials are >>> invalid >>> 3. Resource allocation failure. A resource allocation failure has >>> occurred. For example, insufficient memory resources. >>> >>> >>> >>> Does anyone have any clue on any of these errors? I have searched the >>> web and MS support site many times to find these errors messages with no >>> luck. It almost seems like they all maybe related. Except for the >>> routing messages, I don't think I have any upstream proxies configured. >>> >>> >>> 3. My other question is how do I allow a SecureNAT client access the >>> Internet? It was working for me, but I changed something and now I >>> cannot get any connection (web or otherwise) to work. >>> >>> >>> >>> I know there is a huge list here, but I would love some insight into >>> this!!! >>> >>> Thank you, >>> >>> Joey >>> >> >> > >
- Next message: John: "Re: POP3 Receive only?"
- Previous message: John: "Re: Open range of ports instead of individual"
- In reply to: Joey K: "Re: ISA Server Problems, please help"
- Next in thread: Joey K: "Re: ISA Server Problems, please help"
- Reply: Joey K: "Re: ISA Server Problems, please help"
- Reply: Joey K: "Re: ISA Server Problems, please help"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
