Re: Firewall Service dies like clockwork

Take another look at the perf logs; I'll bet WebTrends is sucking the life out 
of your ISA while it creates all those reports for you.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

  ----- Original Message ----- 
  From: Phill Hardstaff 
  To: [ISAserver.org Discussion List] 
  Sent: Monday, November 25, 2002 8:57 PM
  Subject: [isalist] Firewall Service dies like clockwork


  http://www.ISAserver.org


  I posted something about 3 months back about how my firewall service stopped 
working at 0200h every Sunday morning and would not come back up until 0430h 
with a reboot or restart the Firewall service. Anyway, after months of pulling 
my hair out I finally nailed it, and looking back over some posts on the list 
about problems with the firewall service I believe others are probably having 
this problem as well.

  What happens : 0200h Sunday morning, firewall service dies, web proxy still 
runs OK, can still access web site by IP, published servers stop working etc.

  Last Friday I ran a Webtrends report on my web server, which is behind the 
firewall, this is also my DNS server, this was during the day, within 10 
minutes I had these same symptoms that I outlined above, I stopped and 
restarted the firewall, I rebooted it but it would just die straight away. I 
had hadn't made the link with Webtrends yet, but I shutdown the web server and 
while it was off found I could stop and start the firewall service and IT 
WORKED. I bought the web server back up and had a look at Webtrends and found I 
had all my reports set to run at 0200h Sunday morning (they run sequentially), 
boy was I happy. I disabled all the Webtrends reports and shut down the 
scheduler. By this time I had to leave work to catch a plane, I checked on 
Sunday morning and for the first time in 3-4 months the firewall service didn't 
stop at 0200h on Sunday morning.

  Why ? Webtrends does DNS lookups while running to resolve IP's from the log 
files, you can turn this off but I have had it running like this for about 3 
years and never had any problems with my last firewall (Guardian), it seems 
that a big flood of DNS lookups kills the firewall service ? because this is 
all that is happening. It just seems to loose the plot :)

  Any feedback appreciated, I would like to run my reports again.

  Phill

  Phill Hardstaff 
  MCSA, CCNA, A+, Network+, Inet+, Server+, CIW Assoc. 
  Senior Support Engineer 
  Secretariat of the Pacific Community 
  B.P. D5 
  Noumea Cedex - 98848 
  New Caledonia 
    
  Phone +687-260141 
  Mobile +687 838091 
  Fax +687-263818 
  Email  phillh@xxxxxxx 
  SPC Web Page http://www.spc.int 
  Personal Web Page http://www.hardstaff.com 
  Personal Email Phill@xxxxxxxxxxxxx 
  Personal Fax +1 (603) 299-5640 

  ------------------------------------------------------
  List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
  ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
  ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
  ------------------------------------------------------
  Exchange Server Resource Site: http://www.msexchange.org/
  Windows Security Resource Site: http://www.windowsecurity.com/
  Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
  ------------------------------------------------------
  You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
  To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: