Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: chris landman <chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 4 Feb 2009 13:03:20 -0800
Well I tried the install again and it seems to be some type of AD issue not
replicating. I looked to see if I could see the issue, but I could not.
This issue does not occur until ISA is installed. When I try to replicate
from one of the second servers, I get an error saying it cannot contact
vec-dcx…RPC is unavailable. It can replicate with the other DC in the
network. It seems like the ISA server is blocking all replication and/or RPC
traffic from the internal network. Clients are not able to setup a new
email address neither because it says the Exchange server cannot be found. I
had to uninstall it again so the users could received email. The weird thing
is I can ping it by name with no issue and can use OWA. I also did a sync
while it was rebooting to see if I would get the exact error form the second
dc and I did. Said RPC sver is unavailable and it could be a DNS lookup
problem. I ran ntfrsutl utility and got this error:
ERROR - Cannot bind w/authentication to computer, \\server; 000006ba (1722)
ERROR - Cannot bind w/o authentication to computer, \\server; 000006ba
(1722)
ERROR - Cannot RPC to computer, \\server; 000006ba (1722)
Now that I removed ISA, it replicates fine.
Any suggestions on what could be causing this?
Thanks,
Chris
"SuperGumby [SBS MVP]" wrote:
that's close enough to unedited but except for something I consider a bit.
silly I really can't see anything wrong with it.
The 'silly' bit is naming the AD whatever.org, which I take it is your
Public domain name, no big deal but it's something I would never do.
Meanwhile, I don't understand why you are experiencing the problem. DNS
looking to your other DC's shouldn't be a problem, as long as the DC's are
communicating properly.
A thought strikes me about completing the install of ISA. On install ISA
will require configuration, this should be done (at least initially) through
the SBS CEICW ('Connect to the Internet' task, SBS console), are you
performing this step?
Next idea would be to install the SBS Best Practices Analyser
(www.sbsbpa.com has a link to MS) and see what it picks up.(without ISA on
the SBS)
"chris landman" <chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:92E5338C-E108-4972-A5EE-673AAF48050E@xxxxxxxxxxxxxxxx
Ok…here is the server, I deleted some of the identifying data:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator >ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : vec-dcx
Primary Dns Suffix . . . . . . . : ####.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ####.org
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-21-9B-8B-76-F0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.233
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.233
Primary WINS Server . . . . . . . : 192.168.2.233
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS
VBD Client) #2
Physical Address. . . . . . . . . : 00-21-9B-8B-76-F2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.43.233
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.43.3
DNS Servers . . . . . . . . . . . : 192.168.2.233
Primary WINS Server . . . . . . . : 192.168.2.233
NetBIOS over Tcpip. . . . . . . . : Disabled
Here is one of the clients:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\dkoehl>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ####.org
IP Address. . . . . . . . . . . . : 192.168.2.184
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.236
C:\Documents and Settings\dkoehl>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : devery
Primary Dns Suffix . . . . . . . : ####.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ####.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : vicec.org
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connecti
on
Physical Address. . . . . . . . . : 00-11-11-CA-70-D1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.184
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.236
DHCP Server . . . . . . . . . . . : 192.168.2.232
DNS Servers . . . . . . . . . . . : 192.168.2.232
192.168.2.231
Lease Obtained. . . . . . . . . . : Wednesday, February 04, 2009
8:34:43
AM
Lease Expires . . . . . . . . . . : Wednesday, February 04, 2009
8:54:43
AM
As for the other questions, the list of adapters looks fine. This was
under advanced settings in control panelnetwork. The DNS servers were
pointed to the other two domain controllers on the network. I will fix
this
issue and point to SBS today. (once we get the sbs working, the older DC
will retire). Also not using Pix for DNS.
We did not move to a single nic, it has always been two nics. As of now
the
Exchange is working fine, but ISA has been removed from the sbs. Once I
install ISA, the Exchange server stops allowing connections from the
internal
network. They can use OWA from the internal network, so not sure what
happened.
Thanks
Chris
"SuperGumby [SBS MVP]" wrote:
nah, I think we're gonna need the full unedited ipconfig output of both
server and workstation.
Basically, if things are as you say it should be working.
Could be the binding order of your NICs, in the list of adapters (network
control panel) from the Advanced menu choose Advanced Settings, ensure
that
'internal' is 1st in the list. Also check that appropriate services are
bound to each adapter (hint: external only needs IP).
Could also be DNS, are you using the PIX for DNS from the workstations?
If
so, point all devices on the network to query SBS for DNS (and only SBS),
the DNS server on SBS can then use root hints or your ISP's DNS servers
(or
the cisco) as forwarders. (full ipconfig will confirm this)
In adding ISA did you move from a single NIC situation to dual? If so
that
may explain why you are losing services, being bound to the wrong NIC.
This
is less likely if the box was originally 2 NIC but I wouldn't expect 2
NIC
in conjunction with a PIX (though of course it is a valid alternative,
external to DMZ port, internal to LAN port).
If it's only www traffic that you want to monitor it would be possible to
use ISA in single NIC (proxy only) mode. In this mode it would though be
possible for users to bypass ISA.
"chris landman" <chrislandman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6416C08B-553D-4D71-9428-5003121FE9AA@xxxxxxxxxxxxxxxx
I am not onsite, but here is how it is setup. The server has two
nics...inside and outside. The inside nic does not have a gateway, but
the
outside does so:
Inside: Ip 192.168.2.233 Outside: 192.168.48.233 Gw: 192.168.48.1
Clients: Ip 192.168.2.x Gw: 192.168.2.236
As of now, none of the clients us the ISA sever as their gateway
because
they have a Pix on this internal network as well. they purchased the
ISA
to
monitor MOST of their users, so in time most of them will use the ISA.
The SBS also hosts Exchange which works fine unit we install isa then
the
clients can not connect to the Exchange server.
"Jim Behning SBS MVP" wrote:
You need to post ipconfig/all from server and problem workstations.
You do not need a firewall client to surf the web. You just point the
IE to use yourservername and port 8080 in the ir IE Connections/Lan
Settings/Use proxy settings. You need to install a firewall client to
do stuff like ftp or pop email.
On Tue, 3 Feb 2009 04:54:02 -0800, chris landman <chris
landman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I added sbs2003 with isa04 and ex03 into a network with another dc.See what SBS support is working on
I
have
two gateways on the sbs network, the sbs svr and a pix. Once I
installed the
isa, the clients could not access the Exchange server anymore. I did
not
install the firewall client yet because not all of them will have it.
Can
the clients that do not use the sbs as their gateway (do not have
firewall
client) access the Exchange server? They can ping the server and use
owa
from
inside. If so, what do I need to do?
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
- Follow-Ups:
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: SuperGumby [SBS MVP]
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- References:
- SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: chris landman
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: Jim Behning SBS MVP
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: chris landman
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: SuperGumby [SBS MVP]
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: chris landman
- Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- From: SuperGumby [SBS MVP]
- SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- Prev by Date: Re: SBS 2003 Std and WSS 3.0 remote access
- Next by Date: Fax server blocked for sending
- Previous by thread: Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- Next by thread: Re: SBS 2003 with ISA 2004 and EX2003 on dual gateway network
- Index(es):
Relevant Pages
|
