Re: ISA Server 2004 and Application Events 14147

Mine turned out to be something I did several days ago and totally unrelated
to your circumstance.

David.

"Tom Walker" wrote:

> Edward
>
> Thanks - that fixed it. Now the Networs tab just has the following for
> the internal LAN and no errors are generated:
>
> 10.0.0.0 - 10.0.0.255
> 10.255.255.255
>
> Unlike the other post in this thread I did not appear to be suffering
> any Internet access restriction from either the server or the internal
> clients before the change.
>
> Regards
>
> Tom Walker
>
> Edward Tian wrote:
> > Hi Tom:
> > Nice to see you again!
> >
> > From the description, I understand that you kept on receiving event 14147
> > from the SBS Server. If I am off base, please do let me know.
> >
> > Regarding the error 14147, it may occur if the routing table on the ISA
> > Server computer is different from the ISA Server configuration. In this
> > scenario, any traffic that is sent from or to the IP addresses that appear
> > in the events from the "Symptoms" section is dropped by ISA Server. ISA
> > Server considers this traffic as spoofed.
> >
> > I suggest you try the following steps to see if the problem can be resolved:
> >
> > 1. Open ISA management console, navigate to
> > Servername\Configuration\Networks, on the "Networks" pane, and double click
> > Internal.
> >
> > 2. Go to the Addresses tab, remove the existed address range.
> >
> > 3. Click the Add Adapter button, and add your internal network adapter.
> >
> > 4. Then only the address range 10.0.0.0-10.0.0.255 will be listed.
> >
> > Click the Apply button to save the changes.
> >
> > If you have multiple subnets in your network, you may also refer to this KB
> > document:
> >
> > Client computers cannot access external resources, and event ID 14147
> > appears in the Application log in ISA Server 2004 (884496)
> > http://support.microsoft.com/default.aspx?scid=KB;EN-US;884496
> >
> > Hope the above information helps. Please feel free to let me know if you
> > have any concerns.
> >
> > Have a nice day!
> >
> > Best Regards
> > Edward Tian(MSFT)
> > Microsoft CSS Online Newsgroup Support
> >
> > Get Secure! - www.microsoft.com/security
> > ======================================================
> > This newsgroup only focuses on SBS technical issues. If you have issues
> > regarding other Microsoft products, you'd better post in the corresponding
> > newsgroups so that they can be resolved in an efficient and timely manner.
> > You can locate the newsgroup here:
> > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >
> > When opening a new thread via the web interface, we recommend you check the
> > "Notify me of replies" box to receive e-mail notifications when there are
> > any updates in your thread. When responding to posts via your newsreader,
> > please "Reply to Group" so that others may learn and benefit from your
> > issue.
> >
> > Microsoft engineers can only focus on one issue per thread. Although we
> > provide other information for your reference, we recommend you post
> > different incidents in different threads to keep the thread clean. In doing
> > so, it will ensure your issues are resolved in a timely manner.
> >
> > For urgent issues, you may want to contact Microsoft CSS directly. Please
> > check http://support.microsoft.com for regional support phone numbers.
> >
> > Any input or comments in this thread are highly appreciated.
> > ======================================================
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> > --------------------
> > | NNTP-Posting-Date: Wed, 09 Nov 2005 02:59:04 -0600
> > | Date: Wed, 09 Nov 2005 08:58:53 +0000
> > | From: Tom Walker <twalker@xxxxxxxxxxxxxxxxxxxxxxxx>
> > | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2)
> > Gecko/20040804 Netscape/7.2 (ax)
> > | X-Accept-Language: en-us, en
> > | MIME-Version: 1.0
> > | Newsgroups: microsoft.public.windows.server.sbs
> > | Subject: ISA Server 2004 and Application Events 14147
> > | Content-Type: text/plain; charset=us-ascii; format=flowed
> > | Content-Transfer-Encoding: 7bit
> > | Message-ID: <DZydncUwHbvEJ-zeRVnyuA@xxxxxxxxx>
> > | Lines: 69
> > | NNTP-Posting-Host: 81.179.30.19
> > | X-Trace:
> > sv3-mlWFEb7WzjNMrckKb9xsisU8uu9QIL1ZHLl7gxVhEHCMve+CmNVN+qJp5pBT9TrVxaxvcCeK
> > Ce8XL4v!RFXwrbXc/Gu69GM2GExdUIyBctIvCbXLda+d6oCztiACVvsIVd4VbMGLMmYwStRozxGi
> > J+6kXcTx!F9Z9a+biUVI=
> > | X-Complaints-To: abuse@xxxxxxxxxxxxx
> > | X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
> > | X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
> > | X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
> > complaint properly
> > | X-Postfilter: 1.3.32
> > | Path:
> > TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
> > ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan
> > ews.com!local01.nntp.dca.giganews.com!nntp.pipex.net!news.pipex.net.POSTED!n
> > ot-for-mail
> > | Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:220363
> > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> > |
> > | I've just installed ISA Server 2004 and am getting 14147 events in the
> > | Application log. Looks like there is a bunch of spurious entries in the
> > | ISA Network tab. I'm in the process of migrating across from SBS4.5
> > | (Swing) and I suspect I've retained some unwanted baggage from the 4.5
> > | system.
> > |
> > | I've identified below the details of my LAN to Internet setup, the ISA
> > | Internal Network entries and the detail of the 14147 event.
> > |
> > | Can I just remove all the ISA Internal Network entries except for
> > | 10.0.0.0 to 10.0.0.255? Or, is it a bit more subtle than that?
> > |
> > | Tom Walker
> > | ----------
> > |
> > | # LAN to Internet Setup
> > |
> > | Internet
> > | ---------------------
> > | |
> > | ----------------------
> > | Ext IP: 81.179.xx.xx
> > | --- ADSL Router ---
> > | 192.168.0.1
> > | ---------------------
> > | |
> > | ---------------------
> > | 192.168.0.2
> > | --- SBS 2003 ---
> > | 10.0.0.2
> > | -------------------------
> > | |
> > | Internal LAN
> > | 10.0.0.x
> > |
> > |
> > | # ISA Server 2004
> > | # Internal Network Address Ranges
> > |
> > | 10.0.0.0 to 10.0.0.255
> > | 10.0.0.0 to 10.255.255.255
> > | 10.255.255.255
> > | 169.254.0.0 to 169.254.255.255
> > | 172.16.0.0 to 172.31.255.255
> > |
> > |
> > | # Application Event
> > |
> > | Event Type: Error
> > | Event Source: Microsoft Firewall
> > | Event Category: None
> > | Event ID: 14147
> > | Date: 08/11/2005
> > | Time: 17:09:19
> > | User: N/A
> > | Computer: AZSERVER
> > | Description:
> > | ISA Server detected routes through adapter Server Local Area Connection
> > | that do not correlate with the network element to which this adapter
> > | belongs. For best practice, the address range of an ISA Server network
> > | should match the address ranges routable through the associated network
> > | adapter as defined in the routing table. Otherwise valid packets may be
> > | dropped as spoofed. (This alert may occur momentarily when you create a
> > | remote site network. You may safely ignore this message if it does not
> > | reoccur.) The address ranges in conflict are:
> > |
> > 10.0.1.0-10.255.255.254;169.254.0.0-169.254.255.255;172.16.0.0-172.31.255.25
> > 5;.
> > |
> > | For more information, see Help and Support Center at
> > | http://go.microsoft.com/fwlink/events.asp.
> > |
> >
>
.