Re: Installing ISA Server for first time

Hi Terrence,

I've e-mailed the files which you asked for. For the benefit of the
thread, I've included the gist of the e-mail message to you. That
message is set off with "=".

Terrence, I'm wondering if SharePoint Services or the MSDE are somehow
involved here. I have never installed SQL Server from the Premium
Technologies CD, but presumably I have been using MSDE.

Did I see references to MSDE during my installation of ISA Server? I'm
thinking that I did, but I can't find any online documentation that
refers to MSDE during ISA Server installation. In any event:
CompanyWeb
several screens in the Server Management tool
and all OWA and Remote Access
are gone.

Regarding the points in your last post:
(1) I reran CEICW
(2) Not necessary - they are correct. See the IPCONFIG.
(3) While running the ISA client setup wizard the IE web proxies were
correctly configured. I reconfirmed.
(4) Done. See (3)
(5) You have the files.

(a) - (c) done
(d) not neccessary. I found it as you described. BUT... at first there
was no rule for SBS Internal Access to HTTP, HTTPS, Ident, and NTP
(UDP). There is now, though...

I can get to https sites now. I CANNOT use SSL SMTP for port 465 while
trying to send e-mail where I have to log in to the server and use SSL
to send.

Here's the e-mail message to you.
===============================
Good evening, Mr. Liu.

[snipped irrelevance]

Let me summarize the issues and tasks:

(1) I've attached a typical Outlook error message and the relevant
Outlook settings on the workstation which I'm using. This file is
"OutlookInfo.zip"

(2) I've attached the isainfo files which you asked for. This file is
"ISAInfo.zip"

(3) I've attached the W3C log files produced in the manner in which you
asked. This file is "ISALogs.zip"
a) I did an Outlook send/receive from the workstation.
b) I tried to access http://companyweb from the workstation. It
doesn't work, nor does it work from the server.
c) I tried to access the "Backups" page in the Web Management
application on the server. (many of the management pages are now
returning "page not found" errors. Also, I am no longer receiving server
status reports in my e-mail.)

My server internet FQDN is freeport1.providencereno.com
My server LAN FQDN is freeport1.providencreno.lan
It's static IP is 71.144.115.66. The gateway for this address is
71.144.115.70.
The address of the server LAN NIC is 192.168.16.254
The address of the workstation for these tests is 192.168.16.242

Here's the workstation IPconfig:

Windows IP Configuration

Host Name . . . . . . . . . . . . : home-100
Primary Dns Suffix . . . . . . . : providencereno.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : providencereno.lan
providencereno.lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : providencereno.lan
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI
For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-76-26-46-38
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.242
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.254
DHCP Server . . . . . . . . . . . : 192.168.16.254
DNS Servers . . . . . . . . . . . : 192.168.16.254
Primary WINS Server . . . . . . . : 192.168.16.254
Lease Obtained. . . . . . . . . . : Thursday, March 29, 2007
11:58:24 PM

Lease Expires . . . . . . . . . . : Friday, April 06, 2007
11:58:24 PM

Here's the server IPCONFIG:

Windows IP Configuration

Host Name . . . . . . . . . . . . : freeport1
Primary Dns Suffix . . . . . . . : providencereno.lan
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : providencereno.lan

Ethernet adapter Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop
Adapter
Physical Address. . . . . . . . . : 00-0E-0C-84-C3-A2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 71.144.115.66
Subnet Mask . . . . . . . . . . . : 255.255.255.248
Default Gateway . . . . . . . . . : 71.144.115.70
DNS Servers . . . . . . . . . . . : 192.168.16.254
Primary WINS Server . . . . . . . : 192.168.16.254
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network
Connection
Physical Address. . . . . . . . . : 00-13-20-AC-76-FC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.254
Primary WINS Server . . . . . . . : 192.168.16.254

[snipped irrelevance]
=========================================================

On Fri, 30 Mar 2007 10:20:12 GMT, Terence Liu [MSFT] wrote:

Hello Mike,

Thank you for kind update.

Base on your situation, I suggest we try the following steps:

1. Since your ISA 2004 is new installation, please rerun the CEICW to make
the ISA create allow rules automatic for internal clients

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

2. Please configure the default gateway and primary DNS of all internal
clients pointing to SBS internal interface.

3. Set IE web proxy on all workstations:
Please open Internet Explorer -> Internet Options -> Connections tab -> LAN
settings -> Input the ISA server as the proxy server and input correct
proxy port defined on ISA server, by default it is 8080 on SBS 2k3.

4. Ensure you have install ISA firewall client on all internal workstations:

On each workstation, please access \\SBSServerName\mspclnt\, then run
setup.exe.

5. Ensure all workstations are logon domain.

Then test the issue. If it persists, please go through the following steps:

Modify Internet Access Rule in ISA server to allow all users access Internet

a. Click Start, point to All Programs, point to Microsoft ISA Server, and
then click ISA Server Management.

b. In the Microsoft Internet Security and Acceleration Server 2004 console,
expand YourServerName, and then click Firewall Policy.

c. In the center pane, find a policy named SBS Internet Access Rule,
double-click it.

d. Click Users tap in SBS Internet Access Rule Properties window, highlight
SBS Internet Users and click Remove button, then click Add button and
double-click All Users

e. Click OK, then click Apply button to save and apply the new
configuration.

If the issue persists, please kindly help me collect some information for
further investigation:

1. Try to use IE and OE on SBS, do you get same result?

2. Try to access the HTTPS web site from SBS, does it success?

3. Please let me know the detail URL of the HTTPS web site. I will do a
test from my side.

4. Do you get any error message when you use IE and OE? Please capture
screenshots on the error messages and send the pictures to me at
v-terliu@xxxxxxxxxxxxx

5. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

6. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)
[snip]
.

Loading