Re: ISA rules?
From: Nick Hill (please_at_dont.use)
Date: 03/08/05
- Next message: SuperGumby [SBS MVP]: "Re: Virtual Server vs Headless PCs"
- Previous message: Matt Gibson: "Re: Virtual Server vs Headless PCs"
- In reply to: Bill Peng [MSFT]: "Re: ISA rules?"
- Next in thread: Bill Peng [MSFT]: "Re: ISA rules?"
- Reply: Bill Peng [MSFT]: "Re: ISA rules?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Mar 2005 08:05:53 -0000
Hi Bill
Thank you for your help with this.
I deleted the cache - there was only 1 file which was called dir1.cdat. On
starting the Web Proxy service, the file was immediately recreated. I
however had the same problems again. A test site like www.bbc.co.uk brought
up the following error on first load:
"11004 - Host not found
Internet Security and Acceleration Server"
Refreshing, loaded the site, but slowly. Typing the MS support site address
URL took 30 secs to load the page (2mb ADSL connection).
I will next try to uninstall & reinstall ISA. To uninstall I assume I use
Add/Remove programs & to reinstall I use the install disk? The Firewall
client on the workstations is an odd situation. The client is the same one
that I was using on my SBS2000 installation. Using SBS2000, this is
installed to the workstation by adding software to a computer from the
server. In SBS2003, there is no facility to add the Firewall Client to a
computer from the setup computer wizard. I therefore continued to use the
old client & after initial installation, this worked perfectly. Could this
be an issue?
Regards
Nick
"Bill Peng [MSFT]" <v-bpeng@online.microsoft.com> wrote in message
news:I92MEx6IFHA.3836@TK2MSFTNGXA02.phx.gbl...
> Hi Nick,
>
> Thank you for posting back.
>
> Based on your description, it seems that the ISA server has some serious
> problems.
>
> I recommend you to try clearing ISA cache first. To do so:
>
> A. Stop the Web Proxy service.
> B. Locate the Urlcache folder.
> C. From the multiple files in this folder, locate the *.cdat file in this
> folder.
> D. Delete the *.cdat file.
> E. Start the Web Proxy service.
>
> Related Knowledge Base article:
>
> 301471 How to Delete the Web Cache on Internet Security and Acceleration
> Server
> http://support.microsoft.com/?id=301471
>
> If the problem persists, I recommend you to Remove ISA Server and Firewall
> clients. Then, Install ISA Server and Firewall clients again.
>
> After that, re-run CEICW to configure ISA firewall settings again.
>
> If there's any update, please feel free to post back.
>
> Bill Peng
> MCSE 2000, MCDBA
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Nick Hill" <please@dont.use>
>>Newsgroups: microsoft.public.windows.server.sbs
>>Subject: Re: ISA rules?
>>Date: Mon, 7 Mar 2005 21:50:21 -0000
>>Lines: 250
>>Message-ID: <d0iib0$4o9$1$8300dec7@news.demon.co.uk>
>>References: <d053f8$5b3$1$830fa7a5@news.demon.co.uk>
> <ZP4Nls8HFHA.3692@TK2MSFTNGXA02.phx.gbl>
> <d0f603$p8h$1$8300dec7@news.demon.co.uk>
> <dombdlvIFHA.3224@TK2MSFTNGXA02.phx.gbl>
> <d0ia28$n2f$1$8300dec7@news.demon.co.uk>
>>NNTP-Posting-Host: microuk-adsl.demon.co.uk
>>X-Trace: news.demon.co.uk 1110232225 4873 83.104.7.73 (7 Mar 2005 21:50:25
> GMT)
>>X-Complaints-To: abuse@demon.net
>>NNTP-Posting-Date: Mon, 7 Mar 2005 21:50:25 +0000 (UTC)
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>X-Priority: 3
>>X-RFC2646: Format=Flowed; Response
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>X-MSMail-Priority: Normal
>>Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.
> sul.t-online.de!t-online.de!newsfeed.freenet.de!216.196.110.149.MISMATCH!bor
> der2.nntp.ams.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!p
> roxad.net!194.159.246.34.MISMATCH!peer-uk.news.demon.net!kibo.news.demon.net
> !news.demon.co.uk!demon!not-for-mail
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:152116
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Just a thought anyone?
>>
>>Is there a way that I can just turn off the ISA server?
>>
>>Regards
>>Nick
>>
>>
>>"Nick Hill" <please@dont.use> wrote in message
>>news:d0ia28$n2f$1$8300dec7@news.demon.co.uk...
>>> Thank you Bill
>>>
>>> I have unapplied the method 4, as this seemed to cause severe web access
>>> issues. However setting the ISA server back to normal seems to have
>>> retained the issues. Visiting any site that has not been visited for a
> day
>>> will cause issues, either the error shown below or severe speed problems
>>> on the first page to load.
>>>
>>> "HTTP 502 Proxy Error - Bad network address encountered. For more
>>> information about this event, see ISA Server Help. (10014)
>>> Internet Security and Acceleration Server"
>>>
>>> I would very much like to put the server back to it's previous fast web
>>> access, but apart from a complete wipe & reinstall, I'm not sure how to
> do
>>> this.
>>>
>>> Regards
>>> Nick
>>>
>>>
>>>
>>> "Bill Peng [MSFT]" <v-bpeng@online.microsoft.com> wrote in message
>>> news:dombdlvIFHA.3224@TK2MSFTNGXA02.phx.gbl...
>>>> Hi Nick,
>>>>
>>>> Thank you for posting back.
>>>>
>>>> To clarify the problem, please let me know:
>>>>
>>>> 1. After you applied Method 4, have you configured all clients to NOT
>>>> using
>>>> ISA server and port 8080 as the proxy server?
>>>>
>>>> Based on my experience, if there's no proxy configured, the HTTP 502
>>>> Proxy
>>>> Error should not be appear on the clients.
>>>>
>>>> 2. Did the slow network browsing problem persist, or only happens for a
>>>> short period of time? Did the problem happen on all web sites, or only
>>>> certain sites?
>>>>
>>>> If the problem only happens for a short period of time and for only a
> few
>>>> web sites, it may caused by the web sites themselves.
>>>>
>>>> I hope the above info helps and I look forward to your update.
>>>>
>>>> Bill Peng
>>>> MCSE 2000, MCDBA
>>>> Microsoft CSS Online Newsgroup Support
>>>>
>>>> Get Secure! - www.microsoft.com/security
>>>> =====================================================
>>>> When responding to posts, please "Reply to Group" via your newsreader
>>>> so
>>>> that others may learn and benefit from your issue.
>>>> =====================================================
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> --------------------
>>>>>From: "Nick Hill" <please@dont.use>
>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>Subject: Re: ISA rules?
>>>>>Date: Sun, 6 Mar 2005 15:01:15 -0000
>>>>>Lines: 129
>>>>>Message-ID: <d0f603$p8h$1$8300dec7@news.demon.co.uk>
>>>>>References: <d053f8$5b3$1$830fa7a5@news.demon.co.uk>
>>>> <ZP4Nls8HFHA.3692@TK2MSFTNGXA02.phx.gbl>
>>>>>NNTP-Posting-Host: microuk-adsl.demon.co.uk
>>>>>X-Trace: news.demon.co.uk 1110121284 25873 83.104.7.73 (6 Mar 2005
>>>> 15:01:24 GMT)
>>>>>X-Complaints-To: abuse@demon.net
>>>>>NNTP-Posting-Date: Sun, 6 Mar 2005 15:01:24 +0000 (UTC)
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>>>X-Priority: 3
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>>>X-MSMail-Priority: Normal
>>>>>Path:
>>>>
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.
>>>>
> sul.t-online.de!t-online.de!newsfeed.freenet.de!solnet.ch!solnet.ch!proxad.n
>>>>
> et!proxad.net!194.159.246.34.MISMATCH!peer-uk.news.demon.net!kibo.news.demon
>>>> .net!mutlu.news.demon.net!news.demon.co.uk!demon!not-for-mail
>>>>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:151787
>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>
>>>>>Thanks for your reply Bill
>>>>>
>>>>>The products that were not working were Boinc, Adaware (updates),
> Winamp
>>>>>&
>>>>>Worldmate updates (running through a Palm sync). All these products are
>>>>>running on workstations. All workstations have the ISA Firewall client
>>>>>running. It is the same client as used on my SBS2000 server.
>>>>>
>>>>>Checking Q295667, I tried each tweak in order. The only tweak to allow
>>>>>all
>>>>>the products to work was Method 4: Forward all requests to the
>>>>>Internet.
>>>>>This allows both web access & all the mentioned products to work. I had
>>>> some
>>>>>issues with SUS syncs, but have managed to fix it.
>>>>>
>>>>>My problem now is that Web access for clients is now slow. Often I can
>>>>>try
>>>>>to access any web site (eg www.google.co.uk) & get a "This page cannot
> be
>>>>>displayed" error.
>>>>>"HTTP 502 Proxy Error - Bad network address encountered. For more
>>>>>information about this event, see ISA Server Help. (10014)
>>>>>Internet Security and Acceleration Server""
>>>>>
>>>>>I can then press "refresh" & the page loads normally. If I access the
>>>>>page
>>>>>later the same day, it loads normally.
>>>>>
>>>>>Can you offer any advice with this please? I may have to put the ISA
>>>> server
>>>>>back to default settings, because web access now is now good & seems
>>>> slower.
>>>>>This would mean that I can no longer run Boinc & would have to update
>>>>>Adaware manually.
>>>>>
>>>>>Regards
>>>>>Nick
>>>>>
>>>>>
>>>>>"Bill Peng [MSFT]" <v-bpeng@online.microsoft.com> wrote in message
>>>>>news:ZP4Nls8HFHA.3692@TK2MSFTNGXA02.phx.gbl...
>>>>>> Hi Nick,
>>>>>>
>>>>>> Thank you for posting here.
>>>>>>
>>>>>> I understand that ISA server blocked some applications and I'd like
>>>>>> to
>>>>>> provide the following suggestions for your reference.
>>>>>>
>>>>>> Suggesiton 1.
>>>>>> Make sure that you've run the CEICW with "Enable Firewall".
>>>>>>
>>>>>> Suggestion 2.
>>>>>>
>>>>>> Please check the authentication for outgoing web requests. (Right
> click
>>>>>> the
>>>>>> server in ISA Management, click Outgoing Web Request tab.)
>>>>>>
>>>>>> Suggestion 3.
>>>>>>
>>>>>> If the applications are on the server, please check IP packet
>>>>>> filters.
>>>>>> (You
>>>>>> may want to create a new filter to allow the traffic from the
>>>>>> applications.) If they are on clients, you can check Firewall Client
>>>>>> and
>>>>>> then ISA rules. (Make sure that the clients have installed ISA
> Firewall
>>>>>> Client)
>>>>>>
>>>>>> Please refer to the following KB:
>>>>>>
>>>>>> How to Allow Third-Party Internet Application Connections Through ISA
>>>>>> http://support.microsoft.com/?id=295667
>>>>>>
>>>>>> I hope the above info helps. If you have any questions, please feel
>>>>>> free
>>>>>> to
>>>>>> let me know.
>>>>>>
>>>>>> Bill Peng
>>>>>> MCSE 2000, MCDBA
>>>>>> Microsoft CSS Online Newsgroup Support
>>>>>>
>>>>>> Get Secure! - www.microsoft.com/security
>>>>>> =====================================================
>>>>>> When responding to posts, please "Reply to Group" via your newsreader
>>>>>> so
>>>>>> that others may learn and benefit from your issue.
>>>>>> =====================================================
>>>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>>> rights.
>>>>>>
>>>>>> --------------------
>>>>>>>From: "Nick Hill" <please@dont.use>
>>>>>>>Newsgroups: microsoft.public.windows.server.sbs
>>>>>>>Subject: ISA rules?
>>>>>>>Date: Wed, 2 Mar 2005 19:16:45 -0000
>>>>>>>Lines: 21
>>>>>>>Message-ID: <d053f8$5b3$1$830fa7a5@news.demon.co.uk>
>>>>>>>NNTP-Posting-Host: microuk-adsl.demon.co.uk
>>>>>>>X-Trace: news.demon.co.uk 1109791016 5475 83.104.7.73 (2 Mar 2005
>>>> 19:16:56
>>>>>> GMT)
>>>>>>>X-Complaints-To: abuse@demon.net
>>>>>>>NNTP-Posting-Date: Wed, 2 Mar 2005 19:16:56 +0000 (UTC)
>>>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>>>>>X-Priority: 3
>>>>>>>X-RFC2646: Format=Flowed; Original
>>>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>>>>>X-MSMail-Priority: Normal
>>>>>>>Path:
>>>>>>
>>>>
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.
>>>>>>
>>>>
> sul.t-online.de!t-online.de!newsfeed.freenet.de!solnet.ch!solnet.ch!proxad.n
>>>>>>
>>>>
> et!proxad.net!194.159.246.34.MISMATCH!peer-uk.news.demon.net!kibo.news.demon
>>>>>> .net!news.demon.co.uk!demon!not-for-mail
>>>>>>>Xref: TK2MSFTNGXA02.phx.gbl
>>>>>>>microsoft.public.windows.server.sbs:150853
>>>>>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>>>>>
>>>>>>>Hi
>>>>>>>
>>>>>>>SBS2003, 2 nics, router. Clean install.
>>>>>>>
>>>>>>>I've just upgraded my home office network from SBS2000 to SBS2003
>>>> Premium,
>>>>>>>it seemed to go ok... I used the same server & domain names to keep
>>>> things
>>>>>>>simple.
>>>>>>>
>>>>>>>One issue I had with SBS2000 was that ISA stopped several packages
> from
>>>>>>>accessing the internet. For instance; Winamp, Ad-aware, Palm
> Worldmate
>>>>>>>&
>>>>>>>Boinc. To fix this, I set up a protocol allowing all/all/all which
>>>>>>>worked
>>>>>>>fine. I set up the same protocol on the SBS2003 server & it doesn't
>>>>>>>work.
>>>>>>>This means I can't get Ad-aware updates & my Boinc software can't
>>>>>>>upload
>>>>>>>results.
>>>>>>>
>>>>>>>Can anyone help please?
>>>>>>>
>>>>>>>Regards
>>>>>>>Nick
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>>
>
- Next message: SuperGumby [SBS MVP]: "Re: Virtual Server vs Headless PCs"
- Previous message: Matt Gibson: "Re: Virtual Server vs Headless PCs"
- In reply to: Bill Peng [MSFT]: "Re: ISA rules?"
- Next in thread: Bill Peng [MSFT]: "Re: ISA rules?"
- Reply: Bill Peng [MSFT]: "Re: ISA rules?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
