Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address

clear temp files in IE in the problem children?

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:eGCcCTocIHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
a) I ran the SBS BPA and the ISA BPA. No issues.
b) EDNS0 was disabled.
c) Shortly after the intial system setup 2 1/2 years ago I enabled the PMTU that ISA Server installation disabled. Internet connections are generally fine. I can browse successfully to MS web from IE on the server, but it almost always times out from some workstations.
d) ISA caching is disabled.
e) ISA rules haven't been touched in about 6 months. This problem only started about a month ago. There aren't many custom rules, and they look ok. ISA allows the connection, but it times out before completing succesfully.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message news:492887BB-C678-4C65-9809-8865B66EA3CD@xxxxxxxxxxxxxxxx
I haven't read much of the thread, but have we looked at these things:

a) SBS BPA (link in my signature, below).
b) EDNS0 (should be identified by BPA)
c) MTU (Black hole router detection, search MS KB for "black hole router"
d) Bad ISA cache
e) Custom rules/order in ISA? This can be hit with a big hammer - back up your ISA config, delete all rules, and run CEICW to rebuild. Or, it can be done more slowly, but start by disabling any custom rules.

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"J. M. De Moor" <papajoe.nospam@xxxxxxxxxx> wrote in message news:%2385FDencIHA.2688@xxxxxxxxxxxxxxxxxxxxxxx
Paul


Wow. If I go to MS, I get at least a dozen entries (both proxy and firewall). If you have the standard rules, the "SBS Protected Networks Access Rule" should have fired for DNS to work between your workstation and SBS (remember that ISA also protects itself from the internal network).

As it stands, the "SBS Microsoft Update Sites Access Rule" should NOT fail for www.microsoft.com, as it did here.

(Your log entries look different from what I am used to...but it sounds like you are completely patched. What ISA 2004 version info does your system show?)

Does this situation change whether or not you set your browser to use a proxy, or whether you use IE or another browser like Firefox?

If you have tried all these things, then it may be time to call PSS. It costs, but the MS ISA people have solved problems for me both times I have had to use them.

You might also consider posting on Shinder's isaserver.org. Pretty good help over there (although Shinder advocates that ISA should be on a separate box).

Joe


.

Relevant Pages