Hey Tim, I smelled the same thing. The are a lot of holes in this perp's story. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Thursday, February 02, 2006 1:02 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Botched Setup based on W3k server / ISA 2004 > > http://www.ISAserver.org > > Are you saying that the ISA server is also configured as a domain > controller? If so, tell your management guy to go piss up a > rope and do a > full re-install. The "lack of install keys" sounds totally > bogus to me. If > the company bought them, then they are on file somewhere. > > I'm hoping that you were hired to fix what was broken, and > that the office > manager was hired to manage the office. If the office > manager is qualified > to make those decisions, then let him/her fix the problem. > If the person > who left you with no disks, no keys, and a fubar install had > the power to do > so in the first place, why don't you have the power to do the > best thing for > the company and nuke everything? Who knows what back-doors, > rootkits, > Trojans, misconfigs, etc exist? No one knows. In that case, > you will be > remiss in your duty if you don't start from scratch. Hell, > you've only got > a few servers anyway. If the office manager doesn't like it, > have them sign > a document that states that you are not responsible for any > aspect of the > network's operation from this point forward, and that he/she > assumes *full* > responsibility for any problems that may occur in the future. > > To be honest, this whole thing smacks of something "wrong." > I don't buy it. > But that's just me. > > t > > > > ----- > "I'll see your Llama and up you a Badger." > John T > > > > ----- Original Message ----- > From: "Glenn" <glenn.johnston@xxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Wednesday, February 01, 2006 10:21 PM > Subject: [isalist] Re: Botched Setup based on W3k server / ISA 2004 > > > > http://www.ISAserver.org > > > > It appears that RAS is using active directory. > > > > On an old account, I turned of "Dial in access', and the > account can no > > longer VPN in, turn back on "Dial in', and the account can > VPN in again. > > > > Interesting to note, that while the change replicated to > the other servers > > as one would expect, it DID NOT replicate to the active > directory running > > on the ISA server, even after an hour, the ISA server still > showed the > > account as having Dial in allowed, when the rest of the > servers showed the > > account as not having dial in allowed. So obviously active directory > > replication issues exist between the rest of the servers > and the ISA. > > > > O what joy, another problem to toss on the already far too big pile. > > > > Again broached the question of a server rebuild with the > office manager, > > answer is a very loud, very firm "NO WAY". This combined > with, the fact > > that I have been refushed permission to even uninstall ISA server & > > reinstall, may put this in a rock and a hard place basket. > > > > If infact this is recoverable without a full server > rebuild, which I am > > far from convinced at this point it is ??? I believe the first step > > necessary is to regain access to the ISA server management > interface, and > > make sure the rule set, networks etc are consistent and sensible. > > > > However, when you start the mangement interface, it gives > several "There > > was a problem sending the command the to program" errors. The ISA > > management interface opens, but there is nothing behind any > of the levels. > > You click on firewall rules, and it displays a blank > screen. Technet has > > nothing on this, anyone have any ideas on how to solve this ? > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > thor@xxxxxxxxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >