RE: ISA Server 2004 and Application Events 14147

Hi Tom:
Nice to see you again!

>From the description, I understand that you kept on receiving event 14147
from the SBS Server. If I am off base, please do let me know.

Regarding the error 14147, it may occur if the routing table on the ISA
Server computer is different from the ISA Server configuration. In this
scenario, any traffic that is sent from or to the IP addresses that appear
in the events from the "Symptoms" section is dropped by ISA Server. ISA
Server considers this traffic as spoofed.

I suggest you try the following steps to see if the problem can be resolved:

1. Open ISA management console, navigate to
Servername\Configuration\Networks, on the "Networks" pane, and double click
Internal.

2. Go to the Addresses tab, remove the existed address range.

3. Click the Add Adapter button, and add your internal network adapter.

4. Then only the address range 10.0.0.0-10.0.0.255 will be listed.

Click the Apply button to save the changes.

If you have multiple subnets in your network, you may also refer to this KB
document:

Client computers cannot access external resources, and event ID 14147
appears in the Application log in ISA Server 2004 (884496)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;884496

Hope the above information helps. Please feel free to let me know if you
have any concerns.

Have a nice day!

Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| NNTP-Posting-Date: Wed, 09 Nov 2005 02:59:04 -0600
| Date: Wed, 09 Nov 2005 08:58:53 +0000
| From: Tom Walker <twalker@xxxxxxxxxxxxxxxxxxxxxxxx>
| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
Gecko/20040804 Netscape/7.2 (ax)
| X-Accept-Language: en-us, en
| MIME-Version: 1.0
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: ISA Server 2004 and Application Events 14147
| Content-Type: text/plain; charset=us-ascii; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <DZydncUwHbvEJ-zeRVnyuA@xxxxxxxxx>
| Lines: 69
| NNTP-Posting-Host: 81.179.30.19
| X-Trace:
sv3-mlWFEb7WzjNMrckKb9xsisU8uu9QIL1ZHLl7gxVhEHCMve+CmNVN+qJp5pBT9TrVxaxvcCeK
Ce8XL4v!RFXwrbXc/Gu69GM2GExdUIyBctIvCbXLda+d6oCztiACVvsIVd4VbMGLMmYwStRozxGi
J+6kXcTx!F9Z9a+biUVI=
| X-Complaints-To: abuse@xxxxxxxxxxxxx
| X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
ews.com!local01.nntp.dca.giganews.com!nntp.pipex.net!news.pipex.net.POSTED!n
ot-for-mail
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220363
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I've just installed ISA Server 2004 and am getting 14147 events in the
| Application log. Looks like there is a bunch of spurious entries in the
| ISA Network tab. I'm in the process of migrating across from SBS4.5
| (Swing) and I suspect I've retained some unwanted baggage from the 4.5
| system.
|
| I've identified below the details of my LAN to Internet setup, the ISA
| Internal Network entries and the detail of the 14147 event.
|
| Can I just remove all the ISA Internal Network entries except for
| 10.0.0.0 to 10.0.0.255? Or, is it a bit more subtle than that?
|
| Tom Walker
| ----------
|
| # LAN to Internet Setup
|
| Internet
| ---------------------
| |
| ----------------------
| Ext IP: 81.179.xx.xx
| --- ADSL Router ---
| 192.168.0.1
| ---------------------
| |
| ---------------------
| 192.168.0.2
| --- SBS 2003 ---
| 10.0.0.2
| -------------------------
| |
| Internal LAN
| 10.0.0.x
|
|
| # ISA Server 2004
| # Internal Network Address Ranges
|
| 10.0.0.0 to 10.0.0.255
| 10.0.0.0 to 10.255.255.255
| 10.255.255.255
| 169.254.0.0 to 169.254.255.255
| 172.16.0.0 to 172.31.255.255
|
|
| # Application Event
|
| Event Type: Error
| Event Source: Microsoft Firewall
| Event Category: None
| Event ID: 14147
| Date: 08/11/2005
| Time: 17:09:19
| User: N/A
| Computer: AZSERVER
| Description:
| ISA Server detected routes through adapter Server Local Area Connection
| that do not correlate with the network element to which this adapter
| belongs. For best practice, the address range of an ISA Server network
| should match the address ranges routable through the associated network
| adapter as defined in the routing table. Otherwise valid packets may be
| dropped as spoofed. (This alert may occur momentarily when you create a
| remote site network. You may safely ignore this message if it does not
| reoccur.) The address ranges in conflict are:
|
10.0.1.0-10.255.255.254;169.254.0.0-169.254.255.255;172.16.0.0-172.31.255.25
5;.
|
| For more information, see Help and Support Center at
| http://go.microsoft.com/fwlink/events.asp.
|

.

Loading