Re: ISA Server 2004 and Application Events 14147

Dear Tom:
I am glad to hear the problem has been resolved.

As always, please feel free to post back if you encounter any difficulties
in the future.

Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| NNTP-Posting-Date: Thu, 10 Nov 2005 02:51:22 -0600
| Date: Thu, 10 Nov 2005 08:51:19 +0000
| From: Tom Walker <twalker@xxxxxxxxxxxxxxxxxxxxxxxx>
| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
Gecko/20040804 Netscape/7.2 (ax)
| X-Accept-Language: en-us, en
| MIME-Version: 1.0
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: ISA Server 2004 and Application Events 14147
| References: <DZydncUwHbvEJ-zeRVnyuA@xxxxxxxxx>
<OMS#LZb5FHA.832@xxxxxxxxxxxxxxxxxxxxx>
| In-Reply-To: <OMS#LZb5FHA.832@xxxxxxxxxxxxxxxxxxxxx>
| Content-Type: text/plain; charset=us-ascii; format=flowed
| Content-Transfer-Encoding: 7bit
| Message-ID: <8_idnR0xss6Xl-7enZ2dnUVZ8qudnZ2d@xxxxxxxxx>
| Lines: 191
| NNTP-Posting-Host: 81.179.30.19
| X-Trace:
sv3-JAyBMBmGY7lvczZeEBURyBfo3IBlvchG6CEMM82kSozq4eozTjZ7xHP4L+5CH78cb8S10ruj
owy2MNo!EagSl/CRUvdg6R+2qy4QIJAGKUmXRESGgtYQbYYmf8uY3FJIBPYyzdMydgxBzlgp+IT6
tK38v0VX!cLEz6GJ5IvzBgm5D70m6eN2N
| X-Complaints-To: abuse@xxxxxxxxxxxxx
| X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.32
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
ews.com!local01.nntp.dca.giganews.com!nntp.pipex.net!news.pipex.net.POSTED!n
ot-for-mail
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220781
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Edward
|
| Thanks - that fixed it. Now the Networs tab just has the following for
| the internal LAN and no errors are generated:
|
| 10.0.0.0 - 10.0.0.255
| 10.255.255.255
|
| Unlike the other post in this thread I did not appear to be suffering
| any Internet access restriction from either the server or the internal
| clients before the change.
|
| Regards
|
| Tom Walker
|
| Edward Tian wrote:
| > Hi Tom:
| > Nice to see you again!
| >
| > From the description, I understand that you kept on receiving event
14147
| > from the SBS Server. If I am off base, please do let me know.
| >
| > Regarding the error 14147, it may occur if the routing table on the ISA
| > Server computer is different from the ISA Server configuration. In this
| > scenario, any traffic that is sent from or to the IP addresses that
appear
| > in the events from the "Symptoms" section is dropped by ISA Server. ISA
| > Server considers this traffic as spoofed.
| >
| > I suggest you try the following steps to see if the problem can be
resolved:
| >
| > 1. Open ISA management console, navigate to
| > Servername\Configuration\Networks, on the "Networks" pane, and double
click
| > Internal.
| >
| > 2. Go to the Addresses tab, remove the existed address range.
| >
| > 3. Click the Add Adapter button, and add your internal network adapter.
| >
| > 4. Then only the address range 10.0.0.0-10.0.0.255 will be listed.
| >
| > Click the Apply button to save the changes.
| >
| > If you have multiple subnets in your network, you may also refer to
this KB
| > document:
| >
| > Client computers cannot access external resources, and event ID 14147
| > appears in the Application log in ISA Server 2004 (884496)
| > http://support.microsoft.com/default.aspx?scid=KB;EN-US;884496
| >
| > Hope the above information helps. Please feel free to let me know if
you
| > have any concerns.
| >
| > Have a nice day!
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | NNTP-Posting-Date: Wed, 09 Nov 2005 02:59:04 -0600
| > | Date: Wed, 09 Nov 2005 08:58:53 +0000
| > | From: Tom Walker <twalker@xxxxxxxxxxxxxxxxxxxxxxxx>
| > | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
| > Gecko/20040804 Netscape/7.2 (ax)
| > | X-Accept-Language: en-us, en
| > | MIME-Version: 1.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Subject: ISA Server 2004 and Application Events 14147
| > | Content-Type: text/plain; charset=us-ascii; format=flowed
| > | Content-Transfer-Encoding: 7bit
| > | Message-ID: <DZydncUwHbvEJ-zeRVnyuA@xxxxxxxxx>
| > | Lines: 69
| > | NNTP-Posting-Host: 81.179.30.19
| > | X-Trace:
| >
sv3-mlWFEb7WzjNMrckKb9xsisU8uu9QIL1ZHLl7gxVhEHCMve+CmNVN+qJp5pBT9TrVxaxvcCeK
| >
Ce8XL4v!RFXwrbXc/Gu69GM2GExdUIyBctIvCbXLda+d6oCztiACVvsIVd4VbMGLMmYwStRozxGi
| > J+6kXcTx!F9Z9a+biUVI=
| > | X-Complaints-To: abuse@xxxxxxxxxxxxx
| > | X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
| > | X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| > | X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
| > complaint properly
| > | X-Postfilter: 1.3.32
| > | Path:
| >
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
| >
ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
| >
ews.com!local01.nntp.dca.giganews.com!nntp.pipex.net!news.pipex.net.POSTED!n
| > ot-for-mail
| > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220363
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | I've just installed ISA Server 2004 and am getting 14147 events in
the
| > | Application log. Looks like there is a bunch of spurious entries in
the
| > | ISA Network tab. I'm in the process of migrating across from SBS4.5
| > | (Swing) and I suspect I've retained some unwanted baggage from the
4.5
| > | system.
| > |
| > | I've identified below the details of my LAN to Internet setup, the
ISA
| > | Internal Network entries and the detail of the 14147 event.
| > |
| > | Can I just remove all the ISA Internal Network entries except for
| > | 10.0.0.0 to 10.0.0.255? Or, is it a bit more subtle than that?
| > |
| > | Tom Walker
| > | ----------
| > |
| > | # LAN to Internet Setup
| > |
| > | Internet
| > | ---------------------
| > | |
| > | ----------------------
| > | Ext IP: 81.179.xx.xx
| > | --- ADSL Router ---
| > | 192.168.0.1
| > | ---------------------
| > | |
| > | ---------------------
| > | 192.168.0.2
| > | --- SBS 2003 ---
| > | 10.0.0.2
| > | -------------------------
| > | |
| > | Internal LAN
| > | 10.0.0.x
| > |
| > |
| > | # ISA Server 2004
| > | # Internal Network Address Ranges
| > |
| > | 10.0.0.0 to 10.0.0.255
| > | 10.0.0.0 to 10.255.255.255
| > | 10.255.255.255
| > | 169.254.0.0 to 169.254.255.255
| > | 172.16.0.0 to 172.31.255.255
| > |
| > |
| > | # Application Event
| > |
| > | Event Type: Error
| > | Event Source: Microsoft Firewall
| > | Event Category: None
| > | Event ID: 14147
| > | Date: 08/11/2005
| > | Time: 17:09:19
| > | User: N/A
| > | Computer: AZSERVER
| > | Description:
| > | ISA Server detected routes through adapter Server Local Area
Connection
| > | that do not correlate with the network element to which this adapter
| > | belongs. For best practice, the address range of an ISA Server
network
| > | should match the address ranges routable through the associated
network
| > | adapter as defined in the routing table. Otherwise valid packets may
be
| > | dropped as spoofed. (This alert may occur momentarily when you create
a
| > | remote site network. You may safely ignore this message if it does
not
| > | reoccur.) The address ranges in conflict are:
| > |
| >
10.0.1.0-10.255.255.254;169.254.0.0-169.254.255.255;172.16.0.0-172.31.255.25
| > 5;.
| > |
| > | For more information, see Help and Support Center at
| > | http://go.microsoft.com/fwlink/events.asp.
| > |
| >
|

.