Re: Firewall Service dies like clockwork
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 25 Nov 2002 21:32:02 -0800
I did forget to congratulate you for a nice bit of sleuthing, didn't I?
;-)
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: Phill Hardstaff
To: [ISAserver.org Discussion List]
Sent: Monday, November 25, 2002 10:22 PM
Subject: [isalist] Re: Firewall Service dies like clockwork
http://www.ISAserver.org
Jim, yeah most likely, but the reports are not running on the ISA server, I
don't know if I made that real clear ? but if you mean by bogging it down with
thousands of DNS queries a second then yes, but like I siad, it was never an
issue with my old firewall, I'm just glad I found it :)
Phill
----- Original Message -----
From: Jim Harrison
To: [ISAserver.org Discussion List]
Sent: Tuesday, November 26, 2002 4:16 PM
Subject: [isalist] Re: Firewall Service dies like clockwork
http://www.ISAserver.org
Take another look at the perf logs; I'll bet WebTrends is sucking the life
out of your ISA while it creates all those reports for you.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/pages/author_index.asp?aut=3
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: Phill Hardstaff
To: [ISAserver.org Discussion List]
Sent: Monday, November 25, 2002 8:57 PM
Subject: [isalist] Firewall Service dies like clockwork
http://www.ISAserver.org
I posted something about 3 months back about how my firewall service
stopped working at 0200h every Sunday morning and would not come back up until
0430h with a reboot or restart the Firewall service. Anyway, after months of
pulling my hair out I finally nailed it, and looking back over some posts on
the list about problems with the firewall service I believe others are probably
having this problem as well.
What happens : 0200h Sunday morning, firewall service dies, web proxy
still runs OK, can still access web site by IP, published servers stop working
etc.
Last Friday I ran a Webtrends report on my web server, which is behind
the firewall, this is also my DNS server, this was during the day, within 10
minutes I had these same symptoms that I outlined above, I stopped and
restarted the firewall, I rebooted it but it would just die straight away. I
had hadn't made the link with Webtrends yet, but I shutdown the web server and
while it was off found I could stop and start the firewall service and IT
WORKED. I bought the web server back up and had a look at Webtrends and found I
had all my reports set to run at 0200h Sunday morning (they run sequentially),
boy was I happy. I disabled all the Webtrends reports and shut down the
scheduler. By this time I had to leave work to catch a plane, I checked on
Sunday morning and for the first time in 3-4 months the firewall service didn't
stop at 0200h on Sunday morning.
Why ? Webtrends does DNS lookups while running to resolve IP's from the
log files, you can turn this off but I have had it running like this for about
3 years and never had any problems with my last firewall (Guardian), it seems
that a big flood of DNS lookups kills the firewall service ? because this is
all that is happening. It just seems to loose the plot :)
Any feedback appreciated, I would like to run my reports again.
Phill
Phill Hardstaff
MCSA, CCNA, A+, Network+, Inet+, Server+, CIW Assoc.
Senior Support Engineer
Secretariat of the Pacific Community
B.P. D5
Noumea Cedex - 98848
New Caledonia
Phone +687-260141
Mobile +687 838091
Fax +687-263818
Email phillh@xxxxxxx
SPC Web Page http://www.spc.int
Personal Web Page http://www.hardstaff.com
Personal Email Phill@xxxxxxxxxxxxx
Personal Fax +1 (603) 299-5640
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
phillh@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
