Re: Cannot connect through ISA Server to www.microsoft.com, but can connect via IP address

Thanks, but setting the switch ports to 1000 instead of Auto-negotiate didn't help. I got some improvement by enabling Flow Control on the switch ports. Now it connects every time, but slowly. From the server it takes about 1 second for MS web page to come up, while on the affected workstation it's more like 15 seconds. But that's A LOT better than not working at all.

"Claus" <cjobes@xxxxxxxxxxxxx> wrote in message news:OeRsZC4cIHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
Paul,

I just jump in here as I had something very similar at one client. Leave all NICs at GB speed. Go into your managed switch and change all ports that have workstations with GB NICs connected from AUTO to 1000.

--
Claus
"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:OBgxJO3cIHA.4696@xxxxxxxxxxxxxxxxxxxxxxx
The only 100Mb switch I have is currently being used by a client. I tried setting the SBS lan port to 100Mb on the managed switch. No change. I also tried setting one of the gigabit workstation ports to 100Mb, and again no change.

"Jim Behning SBS MVP" <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:b48nr3ld95hacprne1inimgg7ksmjm32im@xxxxxxxxxx
I tried the 12.4 recently on a new motherboard with no luck. this
would be a 5000 series motherboard which is new.

So what happens when the server and the workstations are on the same
100Mb switch?

On Tue, 19 Feb 2008 21:32:26 -0500, "Paul Shapiro"
<paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

I've thought some more about this. The common elements are:
a) All workstations with a gigabit network adapter are affected, and none of
the workstations with 100Mb.
b) The gigabit workstations work fine when they bypass the server's LAN and
go directly to the firewall.
c) The server's external nic works fine- browsing from the server is good.

The thing that's left is the server's lan nic, which is an onboard Intel
Pro/1000 CT nic. I've tried updating it's drivers, but Intel's website is
not very cooperative. It keeps suggesting I need to check with the
motherboard manufacturer. That would be ok, but it's an Intel motherboard,
Intel Entry Server Board SE7210TP1-E. Intel's web page for that board only
offers drivers from 2004.

My current driver version is 8.9.1.0. Intel's nic drivers seem to be up to
versions more like 12.4, but I can't find it on their site for this
motherboard or this nic. There are some links, but they all lead to errors
instead of downloads. This is the last Intel motherboard I purchase. They
seem to have a habit of dropping support when they're ready to move on to
the next newer product. I've seen it for too many years in too many
different product lines.

Any suggestions? Any recommended well-supported pcix or pci Ethernet cards?

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:44405600-F026-48C8-8A9F-4F6928515871@xxxxxxxxxxxxxxxx
Any commonality to things like NICs in the problem children? Fancy stuff,
offloading etc?

Dang, it just doesn't look like a server side issue when not *all*
workstations are affected. Know what I mean?

How about a different tack - is it user specific in any way?

Or, if workstation specific - all ISA clients at the same version level?

IE configs | Advanced - thinks like HTTP 1.1 enabled? Any differences seen
there?

Just dumping stuff out now - sorry about that.

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:utaRGBpcIHA.5712@xxxxxxxxxxxxxxxxxxxxxxx
Clearing temp files didn't make a difference.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:uGnzCYocIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
clear temp files in IE in the problem children?

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"Paul Shapiro" <paul@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eGCcCTocIHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
a) I ran the SBS BPA and the ISA BPA. No issues.
b) EDNS0 was disabled.
c) Shortly after the intial system setup 2 1/2 years ago I enabled the
PMTU that ISA Server installation disabled. Internet connections are
generally fine. I can browse successfully to MS web from IE on the
server, but it almost always times out from some workstations.
d) ISA caching is disabled.
e) ISA rules haven't been touched in about 6 months. This problem only
started about a month ago. There aren't many custom rules, and they
look ok. ISA allows the connection, but it times out before completing
succesfully.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message
news:492887BB-C678-4C65-9809-8865B66EA3CD@xxxxxxxxxxxxxxxx
I haven't read much of the thread, but have we looked at these things:

a) SBS BPA (link in my signature, below).
b) EDNS0 (should be identified by BPA)
c) MTU (Black hole router detection, search MS KB for "black hole
router"
d) Bad ISA cache
e) Custom rules/order in ISA? This can be hit with a big hammer - back
up your ISA config, delete all rules, and run CEICW to rebuild. Or, it
can be done more slowly, but start by disabling any custom rules.

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"J. M. De Moor" <papajoe.nospam@xxxxxxxxxx> wrote in message
news:%2385FDencIHA.2688@xxxxxxxxxxxxxxxxxxxxxxx
Paul


Wow. If I go to MS, I get at least a dozen entries (both proxy and
firewall). If you have the standard rules, the "SBS Protected
Networks Access Rule" should have fired for DNS to work between your
workstation and SBS (remember that ISA also protects itself from the
internal network).

As it stands, the "SBS Microsoft Update Sites Access Rule" should NOT
fail for www.microsoft.com, as it did here.

(Your log entries look different from what I am used to...but it
sounds like you are completely patched. What ISA 2004 version info
does your system show?)

Does this situation change whether or not you set your browser to use
a proxy, or whether you use IE or another browser like Firefox?

If you have tried all these things, then it may be time to call PSS.
It costs, but the MS ISA people have solved problems for me both
times I have had to use them.

You might also consider posting on Shinder's isaserver.org. Pretty
good help over there (although Shinder advocates that ISA should be
on a separate box).




.

Relevant Pages
Loading