Re: ISA 2004 - Microsoft Firewall Event ID 14147

I'll give it a go. BTW, G'day Ray.

We've seen problems (BTDT syndrome).

Really, it's sortta a myth perpetuated from the SBS4.x/2000 days, when
certain PPPoE clients actually crashed servers (SBS or nonSBS).

but then, there's also some truth in it.

IME
SBS likes to have either one or two network interfaces, it accepts a third
being the RRAS interface but even this can cause problems (HINT: 292822). A
PPPoE connection also isn't available till late in the boot process (which
can sortta be a boon), Windows DC's like to have all available interfaces
operational during startup. PPPoE also normally autoconfigures, meaning that
the PPPoE interface accepts a different gateway (resulting in two 'default'
gateways but probably at different metrics) and (to me) more importantly,
DNS settings.

You can live with that? OK. but we see more weird behaviour on systems using
PPPoE than those that don't. Often the weird behaviour has stopped when the
enquirer has used a PPPoE capable device.

BUT THERE'S MORE

By connecting my SBS to a router I control I have a stable IP interface
between the server and the router. The router, (due to ISP problems, or a
backhoe cutting the lines) may not be able to connect to the internet but
SBS doesn't care, the default gateway is there but it appears there are no
resources available through it.

WANT SOME MORE?

I change internet connection. Funny that you have bigpond.com address, I
used to too (as you know). I no longer have one but I'm still connected to
them (mate's connection, his house). When I moved the LoungeAN SBS from my
old premises I unplugged the router, changed it from bigpond cable to
bigpond adsl mode, plugged it in, and was back up. I didn't do a thing to
SBS. The same thing can happen if changing providers.

AND MORE?

Though I run SBS Premium and ISA I use a simple NAT router in front of ISA.
The NAT router (PPPoE capable) stops a lot of noise hitting my ISA because
only those ports I want open are forwarded to the server.

"Ray Collins" <ray.collins@xxxxxxxxxxxxxxxxx> wrote in message
news:%23ZxfoRPSGHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
I have seen comments like this before, could somebody explain exactly why
SBS doesn't like it, after all it is a supported feature (and there are lots
of "free" bridged modems around :-))

"Cris Hanna (SBS-MVP)" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:eY5JD8LSGHA.4792@xxxxxxxxxxxxxxxxxxxxxxx
SBS just does not like the PPPoE stuff on the server
Your best bet would be adding a "cheap" Linksys, DLink, Netgear, etc router
that can handle the PPPoE for you, get it off the server, and I'd bet a
dozen donuts that this would clear up the problem

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all
can take advantage
"Mobile PC Magic, Inc." <MobilePCMagicInc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:B5DDA05A-0AE5-4401-BD17-3F0B9CF45DCF@xxxxxxxxxxxxxxxx
OK...

The 3COM NIC for Bellsouth connects directly to the DSL modem, I manually
assigned 192.168.1.97 to the 3COM NIC.

The DSL modem is setup as an Ethernet Bridge and its IP address is
192.168.1.254 - thus the necessity of the PPPoE connection on my SBS - even
though I have a static IP, I still have to logon to the DSL service. The
PPPoE connection was setup by the SBS internet connection wizard.

I hop this makes sense!

Regards,
Robert Woehrer, CEO
Mobile PC Magic, Inc.

"Cris Hanna (SBS-MVP)" wrote:

I'm a little confused by the results
Your 3com NIC for Bell South...What does that connect to?
Are you running any kind of PPPoE software on your server?

Trying to figure out why we're seeing the PPP connection with a public IP

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so
all can take advantage
"Mobile PC Magic, Inc." <MobilePCMagicInc@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:C2844FE7-F5DC-4B8D-8BD6-FA2866A41188@xxxxxxxxxxxxxxxx
Hi Cris

Thanks for the reply. Here are the results you requested:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : server01
Primary Dns Suffix . . . . . . . : mobilepcmagic.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mobilepcmagic.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter 3COM NIC for BellSouth DSL:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI For
Complete PC
Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-75-AA-EE-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.97
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-C0-9F-25-7A-1D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2

PPP adapter Small Business Broadband Connection for BellSouth DSL:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 72.148.215.47
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 205.152.37.23
205.152.144.23
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>

Regards,
Robert Woehrer, CEO
Mobile PC Magic, Inc.

"Cris Hanna (SBS-MVP)" wrote:

> Sound like an issue with LAT
> Can you run ipconfig /all and post the results here
>
> --
> Cris Hanna [SBS-MVP]
> --------------------------------------
> Please do not respond directly to me, but only post in the newsgroup
so all can take advantage
> "Mobile PC Magic, Inc." <Mobile PC Magic,
Inc.@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4EEDD7C4-A8FD-4ECE-8110-FEBC94855C5C@xxxxxxxxxxxxxxxx
> Hello
>
> Ok... I've been intermittently getting the following error messages
several
> times per day since upgrading to DSL several months back. When Event
ID 14147
> is logged, all client PC's briefly lose connectivity to the internet
(they do
> not lose internal connections). I am running SBS2003 SP1 & ISA 2004
SP2.
>
> The error messages in Event Viewer are as follows:
> ISA Server detected routes through adapter Loopback that do not
correlate
> with the network element to which this adapter belongs. For best
practice,
> the address range of an ISA Server network should match the address
ranges
> routable through the associated network adapter as defined in the
routing
> table. Otherwise valid packets may be dropped as spoofed. (This
alert may
> occur momentarily when you create a remote site network. You may
safely
> ignore this message if it does not reoccur.) The address ranges in
conflict
> are: 72.148.215.47-72.148.215.47;.
>
> ISA Server detected routes through adapter 3COM NIC for BellSouth
DSL that
> do not correlate with the network element to which this adapter
belongs. For
> best practice, the address range of an ISA Server network should
match the
> address ranges routable through the associated network adapter as
defined in
> the routing table. Otherwise valid packets may be dropped as
spoofed. (This
> alert may occur momentarily when you create a remote site network.
You may
> safely ignore this message if it does not reoccur.) The address
ranges in
> conflict are:
>
65.14.248.10-65.14.248.10;72.148.215.47-72.148.215.47;72.255.255.255-72.255.255.255
>
> I never experienced this issue when I had a cable modem - the only
major
> difference now is the addition of the PPPoE connection to log onto
my DSL
> service. The IP address (72.148.215.47) in the first error message
is my
> Static (External) IP address. The IP address in the second error
message
> 65.14.248.10 is the default gateway for my DSL service.
>
> Route print on my server is as follows:
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator>route print
>
> IPv4 Route Table
>
===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> 0x10003 ...00 04 75 aa ee 30 ...... 3Com EtherLink 10/100 PCI For
Complete
> PC Ma
> nagement NIC (3C905C-TX)
> 0x10004 ...00 c0 9f 25 7a 1d ...... Intel(R) PRO/1000 MT Network
Connection
> 0x40005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
>
===========================================================================
>
===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface
Metric
> 0.0.0.0 0.0.0.0 65.14.248.10 72.148.215.47
1
> 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97
2
> 65.14.248.10 255.255.255.255 72.148.215.47 72.148.215.47
1
> 72.148.215.47 255.255.255.255 127.0.0.1 127.0.0.1
50
> 72.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47
50
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
1
> 192.168.1.0 255.255.255.0 192.168.1.97 192.168.1.97
20
> 192.168.1.97 255.255.255.255 127.0.0.1 127.0.0.1
20
> 192.168.1.255 255.255.255.255 192.168.1.97 192.168.1.97
20
> 192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.2
10
> 192.168.16.2 255.255.255.255 127.0.0.1 127.0.0.1
10
> 192.168.16.19 255.255.255.255 127.0.0.1 127.0.0.1
50
> 192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2
10
> 224.0.0.0 240.0.0.0 192.168.1.97 192.168.1.97
20
> 224.0.0.0 240.0.0.0 192.168.16.2 192.168.16.2
10
> 224.0.0.0 240.0.0.0 72.148.215.47 72.148.215.47
1
> 255.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47
1
> 255.255.255.255 255.255.255.255 192.168.1.97 192.168.1.97
1
> 255.255.255.255 255.255.255.255 192.168.16.2 192.168.16.2
1
> Default Gateway: 65.14.248.10
>
===========================================================================
> Persistent Routes:
> None
>
> C:\Documents and Settings\Administrator>
>
> I've tried everything short of hiring someone to come in and fix my
server!
>
> Yesterday I decided to poke around in "Routing and Remote Access".
Under "IP
> Routing", I added the following 3 "Static Routes":
> (The format is Destination, Network Mask, Gateway, Interface,
Metric, View)
> 72.255.255.255; 255.255.255.255; 72.148.215.47; 3COM NIC for
BellSouth DSL;
> 50; Both
> 72.148.215.47; 255.255.255.255; 127.0.0.1; 3COM NIC for BellSouth
DSL; 50;
> Both
> 65.14.248.10; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth
DSL; 1;
> Both
>
> After applying the 3 preceding "Static Routes", I am no longer
receiving
> Event ID 14147 and everything is running smoothly.
>
> Because I don't know that much about these settings, my question is,
did I
> compromise/weaken my security? What is the difference between adding
these
> entries under "Static Routes" as opposed to "Persistent Routes" at
the
> command prompt?
>
> Many thanks for your help!
>
> Regards,
> Robert Woehrer, CEO
> Mobile PC Magic, Inc


.

Relevant Pages

  • Re: sending message to PC that is offline
    ... this is a characteristic of PPPoE. ... not all DSL connections use PPPoE or PPPoA; ... the user isn't actively using the Internet connection). ... hardware (such as a conventional dial-in modem and phone line). ...
    (microsoft.public.win32.programmer.tapi)
  • Re: Simultaneous DSL and cable modem access on a SBS network...sorf ot.
    ... Your existing router would be surplus to requirements. ... Cable connection. ... I have my MX records pointing to the DSL line, ... The server and the fax (the line the DSL modem ...
    (microsoft.public.windows.server.sbs)
  • Re: Simultaneous DSL and cable modem access on a SBS network...sorf ot.
    ... Your existing router would be surplus to requirements. ... Cable connection. ... I have my MX records pointing to the DSL line, as primary, ... The server and the fax (the line the DSL modem ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 fails - starts to block HTTPS for no reason.....
    ... Yes they are that cheap compared to the server outlay but after extracting ... PPPOE can have a static address on SBS 2003. ... On ISA the design assumption is that you won't have a static connection. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet connetivity over LAN problem
    ... > I think my 2503 router is not compatible for broadband. ... It just can't act as a PPPoE client - Ciscos are not generally ... > provide internet connection for my all 5 XP pro Pc's. ... dcpromo on it and run DNS, and have all clients--and the server ...
    (microsoft.public.win2000.general)