Re: ISA Server Internal User Name Resolution

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hello Customer,

Thank you for posting here. Let's also thank Steve for the input.

According to your description, I understand that the ISA report displays IP
address but not computer name for the Internet access. If I have
misunderstood the problem, please don't hesitate to let me know.

Before we go further troubleshooting, we need to run CEICW to verify the
ISA server has correct allow rules for Internet access:

Go through the follow KB and rerun CEICW carefully.

How to configure Internet access in Windows Small Business Server 2003
http://support.microsoft.com/kb/825763/en-us

The CEICW will create SBS Internet Access rule for all client computers. We
can move the "SBS Internet Access" rule to the top of other policies.

Then, install ISA firewall client on workstations which you had done.

To resolve this issue, I want to explain How the Server Usage Report work
first:

The Weblogging service receives IP address of the source and destination
from ISA/RAS of every Internet connection. It saves the IP addresses and
time stamp in the WebEvt.log file in "%windows%\temp". When the scheduled
report time (by default it's 4:30 AM every day) comes, a reverse DNS look
up is done to the source IP address to find the name of the machine. A
entry contains the source IP, destination IP, source machine name (if
available through reverse DNS look-up) and time of the connection will be
added to the MSDE database, then the webevt.log is deleted. If the reverse
DNS look up is successful, the machine name will show in the usage report,
otherwise the IP address will show. The IP address is always in the
database.

You can confirm whether the DNS server can reverse DNS look-up individual
IP from the following 2 method:

Method 1:
1. Click Start on SBS, click Run, type "dnsmgmt.msc" and click OK.

2. Expand your server\Reverse Lookup Zones\<your local subnet>.Subnet.

3. Can you see the PTR record for the unresolved IP address, if not, please
add a PTR record for this IP address.

Pointer (PTR) - For mapping a reverse DNS domain name based on the IP
address of a computer that points to the forward DNS domain name of that
computer.

PTR records are used to support the reverse lookup process, based on zones
created and rooted in the in-addr.arpa domain. These records are used to
locate a computer by its IP address and resolve this information to the DNS
domain name for that computer.

PTR RRs can be added to a zone in several ways:

- You can manually create a PTR RR for a static TCP/IP client computer
using the DNS, either as a separate procedure or as part of the procedure
for creating an A RR.

- Computers use the DHCP Client service to dynamically register and update
their PTR RR in DNS when an IP configuration change occurs.

- All other DHCP-enabled client computers can have their PTR RRs registered
and updated by the DHCP server if they obtain their IP lease from a
qualified server. The Windows 2000 and Windows Server 2003 DHCP Server
service provides this capability.

The pointer (PTR) resource record is used only in reverse lookup zones to
support reverse lookup.

Example:
2.16.168.192.in-addr.arpa PTR sbs2k3pre.woody.local

Method 2:
1. On SBS, run nslookup command in command line

2. Then input the unresolved IP address, press Enter

3. Can you get the computer name of this IP?

Please also perform the following steps to make DNS can update PTR record
automatic:

In dnsmgmt, right-click <your local subnet>.Subnet and click Properties. On
General tab, in "Dynamic updates" please select "Nonsecure and secure".
Click Aging button, do not tick "Scavenge stale resource records".

Then monitor for one day (waiting for auto update).

Additional, I suggest you download and install ISA server 2004 sp3 on your
SBS:

Microsoft? Internet Security and Acceleration (ISA) Server 2004 Standard
Edition Service Pack 3
http://www.microsoft.com/downloads/details.aspx?familyid=A05A074A-5033-4792-
AF8B-58B90D841436&displaylang=en

ISA Server 2004 Service Pack 3
http://www.microsoft.com/technet/isa/2004/sp3.mspx

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| From: "kenkcj" <unknownmailbox@xxxxxxxxxxx>
| References: <#TMmHpNDIHA.4684@xxxxxxxxxxxxxxxxxxxx>
<uRWKJSODIHA.4196@xxxxxxxxxxxxxxxxxxxx>
| Subject: Re: ISA Server Internal User Name Resolution
| Date: Fri, 12 Oct 2007 10:54:02 -0500
| Lines: 35
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
| X-RFC2646: Format=Flowed; Response
| Message-ID: <uglnbgODIHA.972@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: wsip-68-99-117-214.ks.ok.cox.net 68.99.117.214
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:68949
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| All users that require access to the internet have been installed with
the
| ISA Firewall. Would it be advisable to move my Internet Access policy
| allowing members of the "SBS Internet Users" group above all other
policies?
|
| "Steve" <newsgroup@xxxxxxxxxx> wrote in message
| news:uRWKJSODIHA.4196@xxxxxxxxxxxxxxxxxxxxxxx
| > Have you installed the ISA firewall client on the user computers? Also
be
| > careful about using any outgoing rules that allow anonymous (All Users)
| > access.
| >
| > "kenkcj" <unknownmailbox@xxxxxxxxxxx> wrote in message
| > news:%23TMmHpNDIHA.4684@xxxxxxxxxxxxxxxxxxxxxxx
| >> Hi everyone,
| >> Excuse the double-post, I had posted in ISAserver but wasn't getting
any
| >> response, and saw someone else had recommended an sbs user back to
this
| >> ng, I figured I'd try my question here. I have SBS 2003 Premium SP1
with
| >> Windows Server 2003 SP2 installed. I recently installed ISA Server
2004
| >> and am having some difficulties with the reporting. Under the top web
| >> users report, top website users report, and any report that lists the
| >> user, only select computers are listing as they should with
| >> domain/username. Other users are instead only listing by their IP
| >> address. I understand I can go into DHCP Leases and check the IP
address
| >> to the computer, however, there's not a 100% guarantee that the ip
| >> address hadn't renewed since the report went through. I was just
curious
| >> if anybody knew of a fix for getting the report to show up usernames
| >> instead of ip addresses, or would it be best to just assign dhcp
| >> reservations for all internet users in order to guarantee an outlook
on
| >> what users are using the internet.
| >> Thanks in advance.
| >> -kenkcj
| >>
| >
| >
|
|
|

.

Relevant Pages

  • Re: The Web site cannot be found - errors
    ... problems connecting with the internet. ... Internet Connection Wizard from the server. ... > files and ISA cache on all ...
    (microsoft.public.windows.server.sbs)
  • RE: Internet Usage Reports
    ... There is no other application on the SBS server box that can monitor ... internet activities as your needs rather than ISA server. ... Microsoft Internet Security and Acceleration Server 2004 is the ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 Rules
    ... internet website from the ISA server itself. ... All Users or SBS Internet Users ... Then can you access this problematic page from the workstation side this ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect the SBS to a remote IIS for Internet Printing
    ... the server can access the Internet with no problems at all. ... Checking network connection, and after a few seconds it says The ... the problem is cause by the configuration of ISA. ...
    (microsoft.public.windows.server.sbs)
  • Re: Internet slow after SBS 2003 SP1 install
    ... you may found the root cause since DNS server is response to name ... resolution and help find destination site when you access internet. ... Microsoft CSS Online Newsgroup Support ... >> To enable ISA log: ...
    (microsoft.public.windows.server.sbs)