RE: ISA won't allow external connections

Hi Rgarcia,

Thank you for posting in SBS newsgroup.

From your description, I understand the issue to be: you get "The page
cannot be displayed" when you access OWA, RWW and Companyweb from internet
once in a while. The issue will disappear if you restart the Firewall
service. If I have misunderstood your concern, please do not hesitate to
let me know.

As I know, it may be caused by another device is resetting the connection
of the ISA server. Please try to do a clean boot on SBS as following to see
how thing goes:

1. Click Start, click Run, and then in the Open box, type "MSCONFIG"
(without the quotation marks). Click OK.
2. In the System Configuration Utility (MSConfig) window, click to select
the Selective Startup button.
3. Click to clear the check mark from the "Load startup items" below
Selective Startup.
4. Click the Services tab, click to check the "Hide All Microsoft Services"
box, and remove all the check marks from the remained Non-Microsoft
Services. Please note that the Exchange services could be marked as
non-Microsoft. Please do not disable those services.
5. Click OK to close the MSConfig window. Click Yes when you are asked to
restart your computer in order to enable the changes.
6. After restarting, please check whether this issue will reoccur.

If it does not help, to narrow down the problem, would you please help me
collect the following information?

1. Do you have any router or hardware firewall before ISA 2004? If so,
please describe the detailed information of the device for me.
2. Please rerun CEICW to see how thing goes.
3. Clear ISA cache following the KB article to see how thing goes:

838248 How to delete the Web cache in Internet Security and Acceleration
Server
http://support.microsoft.com/?id=838248

4. Collect the ISA info and ISA log when the situation occurs:

Collect the ISA info:

1) Download the file from the following URL:

http://www.isatools.org/isainfo/ISAInfo.zip

2) Extract all files to a folder on ISA server
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-crinal@xxxxxxxxxxxxxx

Please also help to gather the ISA logs:

1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem (initiate an SQL access), stop the service, and
then gather the resulting W3C files to me for analysis.

I appreciate your time and look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA won't allow external connections
| thread-index: AcZ/YySn9tWOpI66QAKN0A1lihBMUg==
| X-WBNR-Posting-Host: 139.161.2.10
| From: =?Utf-8?B?UmdhcmNpYQ==?= <Rgarcia@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: ISA won't allow external connections
| Date: Wed, 24 May 2006 11:52:02 -0700
| Lines: 31
| Message-ID: <5A9534EC-4E06-4F73-88E8-39D4FF7A91E4@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:270586
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi,
|
| I'm running SBS 2003 SP1 Enterprise (ISA 2004).
|
| I get the following error message once in a while:
|
| Network Access Message: The page cannot be displayed
| ....
|
| Technical Information (for support personnel)
|
| Error Code 10061: Connection refused
| Background: The server you are attempting to access has refused the
| connection with the gateway. This usually results from trying to connect
to a
| service that is inactive on the server.
| Date: 5/24/2006 6:23:01 PM
| Server: mysbs.mydomain.local
| Source: Remote server
|
| 99 % of the time I can connect to OWA, RWW on my sbs as well as
Companyweb,
| public website (dedicated web server) internally and externally. But I
| started to get this error a few days ago... it only happens once in a
while
| and it goes away once I restart the firewall service. To make it even
more
| strange, I can send / receive e-mail from outlook (desktop) but OWA, RWW
and
| websites won't display. I can open https://myserver/exchange fine but not
| https://myexternaldomain.com/exchange... it gives the error above (from
| inside or outside).
|
| Any ideas of what's going on? I use SBC yahoo DSL if it helps.
|
| Thanks
|

.

Loading