Re: ISA 2004 - Microsoft Firewall Event ID 14147

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Cris

Thanks for the response!

Originally, I did have my Westell DSL modem in PPPoE mode (rather than
Bridged Ethernet mode) and let it handle logging on to my DSL service. The
only problem I ran into with this configuration was the inability to connect
remotely using VPN. Also, Outlook Web Access (which is less important) was
extremely slow and would occasionally time out. I even went so far as to set
up the DSL modem for Static NAT, with no results and then I tried pointing
the DMZ to the server's external NIC/IP address - both with no results (NOTE:
Static NAT and DMZ are mutually exclusive of one another - you can only
choose one option or the other).

As I recall, when I let the DSL modem handle its own PPPoE connection, I did
not receive the 14147 error message, however, without being able to connect
remotely through VPN, this configuration wasn't acceptable.

Also, as I mentioned in my original post, I had set up Static Routes in
Routing and Remote Access. The 14147 error is occuring less frequently,
however, it has happened twice in the past 24 hours (rather than 6 to 8
times). This may just be a coincidence. I will also say my DSL service does
go down from time to time and I'm starting to wonder if the 14147 error is
being logged when the service goes down. Unfortunately, I can't sit and watch
my DSL modem all day to determine if this is a factor.

Any other suggestions? Should I try setting these addresses up as Persistent
Routes via the command prompt in addition to (or instead of) Static Routes
using Routing and Remote Access? Or do these settings have no effect?

Thanks!

Regards,
Robert Woehrer, CEO
Mobile PC Magic, Inc.

"Cris Hanna (SBS-MVP)" wrote:

SBS just does not like the PPPoE stuff on the server
Your best bet would be adding a "cheap" Linksys, DLink, Netgear, etc router that can handle the PPPoE for you, get it off the server, and I'd bet a dozen donuts that this would clear up the problem

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage
"Mobile PC Magic, Inc." <MobilePCMagicInc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:B5DDA05A-0AE5-4401-BD17-3F0B9CF45DCF@xxxxxxxxxxxxxxxx
OK...

The 3COM NIC for Bellsouth connects directly to the DSL modem, I manually
assigned 192.168.1.97 to the 3COM NIC.

The DSL modem is setup as an Ethernet Bridge and its IP address is
192.168.1.254 - thus the necessity of the PPPoE connection on my SBS - even
though I have a static IP, I still have to logon to the DSL service. The
PPPoE connection was setup by the SBS internet connection wizard.

I hop this makes sense!

Regards,
Robert Woehrer, CEO
Mobile PC Magic, Inc.

"Cris Hanna (SBS-MVP)" wrote:

> I'm a little confused by the results
> Your 3com NIC for Bell South...What does that connect to?
> Are you running any kind of PPPoE software on your server?
>
> Trying to figure out why we're seeing the PPP connection with a public IP
>
> --
> Cris Hanna [SBS-MVP]
> --------------------------------------
> Please do not respond directly to me, but only post in the newsgroup so all can take advantage
> "Mobile PC Magic, Inc." <MobilePCMagicInc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:C2844FE7-F5DC-4B8D-8BD6-FA2866A41188@xxxxxxxxxxxxxxxx
> Hi Cris
>
> Thanks for the reply. Here are the results you requested:
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : server01
> Primary Dns Suffix . . . . . . . : mobilepcmagic.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : mobilepcmagic.local
>
> PPP adapter RAS Server (Dial In) Interface:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.19
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . :
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter 3COM NIC for BellSouth DSL:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI For
> Complete PC
> Management NIC (3C905C-TX)
> Physical Address. . . . . . . . . : 00-04-75-AA-EE-30
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.1.97
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.1.254
> DNS Servers . . . . . . . . . . . : 192.168.16.2
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
> Physical Address. . . . . . . . . : 00-C0-9F-25-7A-1D
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.16.2
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . :
> DNS Servers . . . . . . . . . . . : 192.168.16.2
>
> PPP adapter Small Business Broadband Connection for BellSouth DSL:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 72.148.215.47
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
> Default Gateway . . . . . . . . . : 0.0.0.0
> DNS Servers . . . . . . . . . . . : 205.152.37.23
> 205.152.144.23
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> C:\Documents and Settings\Administrator>
>
> Regards,
> Robert Woehrer, CEO
> Mobile PC Magic, Inc.
>
> "Cris Hanna (SBS-MVP)" wrote:
>
> > Sound like an issue with LAT
> > Can you run ipconfig /all and post the results here
> >
> > --
> > Cris Hanna [SBS-MVP]
> > --------------------------------------
> > Please do not respond directly to me, but only post in the newsgroup so all can take advantage
> > "Mobile PC Magic, Inc." <Mobile PC Magic, Inc.@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4EEDD7C4-A8FD-4ECE-8110-FEBC94855C5C@xxxxxxxxxxxxxxxx
> > Hello
> >
> > Ok... I've been intermittently getting the following error messages several
> > times per day since upgrading to DSL several months back. When Event ID 14147
> > is logged, all client PC's briefly lose connectivity to the internet (they do
> > not lose internal connections). I am running SBS2003 SP1 & ISA 2004 SP2.
> >
> > The error messages in Event Viewer are as follows:
> > ISA Server detected routes through adapter Loopback that do not correlate
> > with the network element to which this adapter belongs. For best practice,
> > the address range of an ISA Server network should match the address ranges
> > routable through the associated network adapter as defined in the routing
> > table. Otherwise valid packets may be dropped as spoofed. (This alert may
> > occur momentarily when you create a remote site network. You may safely
> > ignore this message if it does not reoccur.) The address ranges in conflict
> > are: 72.148.215.47-72.148.215.47;.
> >
> > ISA Server detected routes through adapter 3COM NIC for BellSouth DSL that
> > do not correlate with the network element to which this adapter belongs. For
> > best practice, the address range of an ISA Server network should match the
> > address ranges routable through the associated network adapter as defined in
> > the routing table. Otherwise valid packets may be dropped as spoofed. (This
> > alert may occur momentarily when you create a remote site network. You may
> > safely ignore this message if it does not reoccur.) The address ranges in
> > conflict are:
> > 65.14.248.10-65.14.248.10;72.148.215.47-72.148.215.47;72.255.255.255-72.255.255.255
> >
> > I never experienced this issue when I had a cable modem - the only major
> > difference now is the addition of the PPPoE connection to log onto my DSL
> > service. The IP address (72.148.215.47) in the first error message is my
> > Static (External) IP address. The IP address in the second error message
> > 65.14.248.10 is the default gateway for my DSL service.
> >
> > Route print on my server is as follows:
> > Microsoft Windows [Version 5.2.3790]
> > (C) Copyright 1985-2003 Microsoft Corp.
> >
> > C:\Documents and Settings\Administrator>route print
> >
> > IPv4 Route Table
> > ===========================================================================
> > Interface List
> > 0x1 ........................... MS TCP Loopback interface
> > 0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> > 0x10003 ...00 04 75 aa ee 30 ...... 3Com EtherLink 10/100 PCI For Complete
> > PC Ma
> > nagement NIC (3C905C-TX)
> > 0x10004 ...00 c0 9f 25 7a 1d ...... Intel(R) PRO/1000 MT Network Connection
> > 0x40005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> > ===========================================================================
> > ===========================================================================
> > Active Routes:
> > Network Destination Netmask Gateway Interface Metric
> > 0.0.0.0 0.0.0.0 65.14.248.10 72.148.215.47 1
> > 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97 2
> > 65.14.248.10 255.255.255.255 72.148.215.47 72.148.215.47 1
> > 72.148.215.47 255.255.255.255 127.0.0.1 127.0.0.1 50
> > 72.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47 50
> > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> > 192.168.1.0 255.255.255.0 192.168.1.97 192.168.1.97 20
> > 192.168.1.97 255.255.255.255 127.0.0.1 127.0.0.1 20
> > 192.168.1.255 255.255.255.255 192.168.1.97 192.168.1.97 20
> > 192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.2 10
> > 192.168.16.2 255.255.255.255 127.0.0.1 127.0.0.1 10
> > 192.168.16.19 255.255.255.255 127.0.0.1 127.0.0.1 50
> > 192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2 10
> > 224.0.0.0 240.0.0.0 192.168.1.97 192.168.1.97 20
> > 224.0.0.0 240.0.0.0 192.168.16.2 192.168.16.2 10
> > 224.0.0.0 240.0.0.0 72.148.215.47 72.148.215.47 1
> > 255.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47 1
> > 255.255.255.255 255.255.255.255 192.168.1.97 192.168.1.97 1
> > 255.255.255.255 255.255.255.255 192.168.16.2 192.168.16.2 1
> > Default Gateway: 65.14.248.10
> > ===========================================================================
> > Persistent Routes:
> > None
> >
> > C:\Documents and Settings\Administrator>
> >
> > I've tried everything short of hiring someone to come in and fix my server!
> >
> > Yesterday I decided to poke around in "Routing and Remote Access". Under "IP
> > Routing", I added the following 3 "Static Routes":
> > (The format is Destination, Network Mask, Gateway, Interface, Metric, View)
> > 72.255.255.255; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth DSL;
> > 50; Both
> > 72.148.215.47; 255.255.255.255; 127.0.0.1; 3COM NIC for BellSouth DSL; 50;
> > Both
> > 65.14.248.10; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth DSL; 1;
> > Both
> >
> > After applying the 3 preceding "Static Routes", I am no longer receiving
> > Event ID 14147 and everything is running smoothly.
> >
> > Because I don't know that much about these settings, my question is, did I
> > compromise/weaken my security? What is the difference between adding these
> > entries under "Static Routes" as opposed to "Persistent Routes" at the
> > command prompt?
> >
> > Many thanks for your help!
> >
> > Regards,
> > Robert Woehrer, CEO
> > Mobile PC Magic, Inc
.

Relevant Pages

  • Re: ISA 2004 - Microsoft Firewall Event ID 14147
    ... The 3COM NIC for Bellsouth connects directly to the DSL modem, ... Connection-specific DNS Suffix. ... Ethernet adapter 3COM NIC for BellSouth DSL: ... > with the network element to which this adapter belongs. ...
    (microsoft.public.windows.server.sbs)
  • Re: sending message to PC that is offline
    ... this is a characteristic of PPPoE. ... not all DSL connections use PPPoE or PPPoA; ... the user isn't actively using the Internet connection). ... hardware (such as a conventional dial-in modem and phone line). ...
    (microsoft.public.win32.programmer.tapi)
  • RE: Strange problem with DSL modem.
    ... aside from realizing that I have a shitty DSL modem! ... "You haven't said exactly how your DSL connection is setup. ... I work for an ISP which is a Qwest Megahost and have dealt ... I have dealt with the ActionTec people as ...
    (freebsd-questions)
  • Re: rewiring for DSL
    ... for the DSL modem and one for a Vonage connection. ... Is the old phone wiring capable of DSL? ... I believe the Telco entrance box has a phone jack that can plug into ... the filter which I mount outside next to the phone company NID. ...
    (alt.home.repair)
  • Re: ISA 2004 - Microsoft Firewall Event ID 14147
    ... PPPoE connection also isn't available till late in the boot process (which ... only those ports I want open are forwarded to the server. ... The 3COM NIC for Bellsouth connects directly to the DSL modem, ...
    (microsoft.public.windows.server.sbs)