Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: "Claus" <cjobes@xxxxxxxxxxxxx>
- Date: Wed, 20 Feb 2008 00:22:38 -0500
Paul,
I just jump in here as I had something very similar at one client. Leave all
NICs at GB speed. Go into your managed switch and change all ports that have
workstations with GB NICs connected from AUTO to 1000.
--
Claus
"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:OBgxJO3cIHA.4696@xxxxxxxxxxxxxxxxxxxxxxx
The only 100Mb switch I have is currently being used by a client. I tried
setting the SBS lan port to 100Mb on the managed switch. No change. I also
tried setting one of the gigabit workstation ports to 100Mb, and again no
change.
"Jim Behning SBS MVP" <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:b48nr3ld95hacprne1inimgg7ksmjm32im@xxxxxxxxxx
I tried the 12.4 recently on a new motherboard with no luck. this
would be a 5000 series motherboard which is new.
So what happens when the server and the workstations are on the same
100Mb switch?
On Tue, 19 Feb 2008 21:32:26 -0500, "Paul Shapiro"
<paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
I've thought some more about this. The common elements are:
a) All workstations with a gigabit network adapter are affected, and none
of
the workstations with 100Mb.
b) The gigabit workstations work fine when they bypass the server's LAN
and
go directly to the firewall.
c) The server's external nic works fine- browsing from the server is
good.
The thing that's left is the server's lan nic, which is an onboard Intel
Pro/1000 CT nic. I've tried updating it's drivers, but Intel's website is
not very cooperative. It keeps suggesting I need to check with the
motherboard manufacturer. That would be ok, but it's an Intel
motherboard,
Intel Entry Server Board SE7210TP1-E. Intel's web page for that board
only
offers drivers from 2004.
My current driver version is 8.9.1.0. Intel's nic drivers seem to be up
to
versions more like 12.4, but I can't find it on their site for this
motherboard or this nic. There are some links, but they all lead to
errors
instead of downloads. This is the last Intel motherboard I purchase. They
seem to have a habit of dropping support when they're ready to move on to
the next newer product. I've seen it for too many years in too many
different product lines.
Any suggestions? Any recommended well-supported pcix or pci Ethernet
cards?
"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:44405600-F026-48C8-8A9F-4F6928515871@xxxxxxxxxxxxxxxx
Any commonality to things like NICs in the problem children? Fancy
stuff,
offloading etc?
Dang, it just doesn't look like a server side issue when not *all*
workstations are affected. Know what I mean?
How about a different tack - is it user specific in any way?
Or, if workstation specific - all ISA clients at the same version
level?
IE configs | Advanced - thinks like HTTP 1.1 enabled? Any differences
seen
there?
Just dumping stuff out now - sorry about that.
--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us
"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:utaRGBpcIHA.5712@xxxxxxxxxxxxxxxxxxxxxxx
Clearing temp files didn't make a difference.
"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:uGnzCYocIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
clear temp files in IE in the problem children?
--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us
"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eGCcCTocIHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
a) I ran the SBS BPA and the ISA BPA. No issues.
b) EDNS0 was disabled.
c) Shortly after the intial system setup 2 1/2 years ago I enabled
the
PMTU that ISA Server installation disabled. Internet connections are
generally fine. I can browse successfully to MS web from IE on the
server, but it almost always times out from some workstations.
d) ISA caching is disabled.
e) ISA rules haven't been touched in about 6 months. This problem
only
started about a month ago. There aren't many custom rules, and they
look ok. ISA allows the connection, but it times out before
completing
succesfully.
"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:492887BB-C678-4C65-9809-8865B66EA3CD@xxxxxxxxxxxxxxxx
I haven't read much of the thread, but have we looked at these
things:
a) SBS BPA (link in my signature, below).
b) EDNS0 (should be identified by BPA)
c) MTU (Black hole router detection, search MS KB for "black hole
router"
d) Bad ISA cache
e) Custom rules/order in ISA? This can be hit with a big hammer -
back
up your ISA config, delete all rules, and run CEICW to rebuild. Or,
it
can be done more slowly, but start by disabling any custom rules.
--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us
"J. M. De Moor" <papajoe.nospam@xxxxxxxxxx> wrote in message
news:%2385FDencIHA.2688@xxxxxxxxxxxxxxxxxxxxxxx
Paul
Wow. If I go to MS, I get at least a dozen entries (both proxy
and
firewall). If you have the standard rules, the "SBS Protected
Networks Access Rule" should have fired for DNS to work between
your
workstation and SBS (remember that ISA also protects itself from
the
internal network).
As it stands, the "SBS Microsoft Update Sites Access Rule" should
NOT
fail for www.microsoft.com, as it did here.
(Your log entries look different from what I am used to...but it
sounds like you are completely patched. What ISA 2004 version
info
does your system show?)
Does this situation change whether or not you set your browser to
use
a proxy, or whether you use IE or another browser like Firefox?
If you have tried all these things, then it may be time to call
PSS.
It costs, but the MS ISA people have solved problems for me both
times I have had to use them.
You might also consider posting on Shinder's isaserver.org.
Pretty
good help over there (although Shinder advocates that ISA should
be
on a separate box).
.
- Follow-Ups:
- References:
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: J. M. De Moor
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Paul Shapiro
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: J. M. De Moor
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Paul Shapiro
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: J. M. De Moor
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Les Connor [SBS MVP]
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Paul Shapiro
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Les Connor [SBS MVP]
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Paul Shapiro
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Les Connor [SBS MVP]
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Paul Shapiro
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Jim Behning SBS MVP
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- From: Paul Shapiro
- Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- Prev by Date: Re: Raid 5 question, need help
- Next by Date: Re: Acronis Backup Strategy
- Previous by thread: Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- Next by thread: Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address
- Index(es):
Relevant Pages
|
