RE: Blocking Yahoo causing issues with DHCP?
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Mon, 08 Jan 2007 03:13:11 GMT
Hello Customer,
Thank you for posting here.
According to your description, I understand that when you enable the deny
rule about Yahoo you can not get IP address from SBS DHCP server. If I have
misunderstood the problem, please don't hesitate to let me know.
Based on my research, I suggest we try the following steps to see if we can
resolve this issue:
1. To make sure your SBS 2003 server have right network configuration. Go
through the follow KB and Rerun CEICW again carefully.
How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us
2. I'd like to confirm the deny rule about Yahoo
a. Ensure the rule like following:
Rule name: Deny access Yahoo
Rule Action: Deny
Protocols: http https
Sources: internal
Destination: Yahoo (your yahoo Domain Name Sets)
User Sets: All Users
b. Move this deny rule and make it just above the SBS Internet Access Rule
3. Please change the Domain Name Sets from "login.yahoo.com" to
"*.yahoo.com". This will make internal clients can not access any web site
of Yahoo. Then try to test this issue.
4. If it does not work, please try to disable this deny rule, then modify
the SBS Internet Access Rule.
a. Disable the deny rule.
b. Open properties of the SBS Internet Access Rule, click To tab, add the
yahoo Domain Name Sets to Exceptions box.
c. Click OK, then click Apply to save the configuration.
If the issue persists, please kindly help me collect some information for
further investigation:
1. What's edition of your ISA?
2. Try to nslookup login.yahoo.com on SBS server, is it resolved?
If your ISA is 2004:
3. Please help to gather the ISA Info:
1) Download the file from the following URL:
http://www.isatools.org/tools/isainfo.zip
2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-terliu@xxxxxxxxxxxxx
4. Please follow the link and download and run the Microsoft Internet
Security and Acceleration (ISA) Server 2004 Best Practices Analyzer Tool
and then send me the results
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-
91EC-0829E5F84063&displaylang=en
5. Please also help to gather the ISA logs:
1) Schedule a down time.
2) Open ISA 2004 management console.
3) Expand the server node and highlight 'Monitoring'.
4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.
5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.
8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
9) Click 'Apply' to save changes and update the configuration.
10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.
11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.
12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.
13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.
14) Please also let me know the IP address of the testing clients so that I
can filter the data.
If your ISA is 2000:
1. Please help to gather the ISA Info:
1) Visit www.isatools.org. Click ''ISAinfo for ISA 2000''.
2) Run the script isainfo.vbe on the SBS server.
3) Send the ISAinfo log files to me at v-terliu@xxxxxxxxxxxxxx
2. Please also help to gather the ISA logs:
1) Open ISA Management console, navigate to 'Monitoring
Configuration'\'Logs'. In the right panel, right-click 'Packet filters' and
choose 'Properties'.
2) In the 'Fields' tab, select ALL log fields. Also enable all the log
fields for 'ISA Server Firewall service' and 'ISA Server web proxy service'
log. Navigate to 'Monitoring'\'Services', restart the ISA related services.
3) After reproducing the problem, gather the recent log files in C:\Program
Files\Microsoft ISA Server\ISAlogs\ folder and send them to me for further
research.
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Blocking Yahoo causing issues with DHCP?
| thread-index: Accxu4Gmx2N4NYY/SC2jqhqyjICXEQ==
| X-WBNR-Posting-Host: 66.18.36.14
| From: =?Utf-8?B?Y29sZWxhdXM=?= <colelaus@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Blocking Yahoo causing issues with DHCP?
| Date: Sat, 6 Jan 2007 09:53:00 -0800
| Lines: 12
| Message-ID: <DB2678C3-C54E-4216-B0E9-91667C1DD2E2@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:8571
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I have an ISA rule that blocks outbound traffic from internal clients to
| login.yahoo.com. If I have the rule enabled, I cannot get an IP address
from
| the server (via reboot or ipconfig /release then /renew). Enable the
rule,
| no IP. Disable the rule, get an IP.
|
| In the domain name set dialog, there is a warning that "if the DNS is not
| configured correctly, rules using domain sets may not be applied as
| expected". This is the only thing I've seen to hint that name resolution
may
| be an issue. However, if I type login.yahoo.com on one of my clients, it
| resolves without issue.
|
| Any ideas on what is going on? Your help is appreciated.
|
.
- Follow-Ups:
- RE: Blocking Yahoo causing issues with DHCP?
- From: Cole
- RE: Blocking Yahoo causing issues with DHCP?
- Prev by Date: Re: VLANs
- Next by Date: Re: Tape vs HDD vs NAS (speed considerations and size etc)..
- Previous by thread: Re: VLANs
- Next by thread: RE: Blocking Yahoo causing issues with DHCP?
- Index(es):
Relevant Pages
|
|
