http://www.ISAserver.org -------------------------------------------------------
Paul,
upon my first reply by links.... these links illustrate that the cause of the problem is that the Isa server is rebooted and try to authenticate in DC and the DC itself has not startup completely, so u have to wait till the DC completely start and then restart ISA,
or ,
the DC's are not included in authenticated group in ISA policy,
Please review the links and tell me if it works
From: Paul Noble <pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-To: isalist@xxxxxxxxxxxxx
To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: ISA on active directory startup errors
Date: Wed, 21 Jun 2006 16:01:19 +0100
>http://www.ISAserver.org
>-------------------------------------------------------
>
>Yep,
>
>Upon reboot the isa server system event log has:
>
>5783
>5719
>7
>
>Application event log has
>
>1097
>1030
>
>The DC has no errors at all and the security log just reports successful
>logons from the ISA server (and the account used), the ISA server reports
>one kerberos failure at the same second that error 5719 and 1097/1030
>occurs.
>
>The errors occur when the system contacts the domain rather than when a user
>attempts login.
>
>-----Original Message-----
>From: Egyptian Mind [mailto:innocent_angel_eng@xxxxxxxxxxx]
>Sent: Wednesday, June 21, 2006 3:21 PM
>To: isalist@xxxxxxxxxxxxx
>Cc: pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx
>Subject: RE: [isalist] Re: ISA on active directory startup errors
>
>Paul,
>
>can u just provide me with the event ID # in the event log
>
>
>
>
>
>
> Best Regards
> Mohamed Saleh
>
> Senior Network Administrator
> College of Business Administration, CBA
> Jeddah, Saudi Arabia
> Tel: +966-02-6563199 ext 2521
> Cell: - +966-50-2953591
>
>
>!~` Yesterday is a History` ~!
>!~` Tomorrow is a Mystery` ~!
>!~` Today is a Gift` ~!
>!~` So we call it ...............` ~!
>!~` Present .......Simple` ~!
>
>
>
>
>________________________________
>
> From: Paul Noble <pnoble@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> Reply-To: isalist@xxxxxxxxxxxxx
> To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] Re: ISA on active directory startup errors
> Date: Wed, 21 Jun 2006 10:33:39 +0100
> >http://www.ISAserver.org
> >-------------------------------------------------------
> >
> >Hi there,
> >
> >First off thanks for the replies.
> >
> >I tried following the post that Steve put up, however the servers
>already
> >got sp2 on it so the update to sp1 didn't work :)
> >I updated to the http issues for isa server as per the below mail,
>still no
> >joy.
> >
> >I removed isa2004
> >Reboot
> >Reinstalled 2003 sp1
> >Reboot (clean event log at this point)
> >Reinstalled isa2004 and immediately patched it to the sp1 install
>as per
> >steves mail and rebooted
> >Setup dns forwarder access rule
> >Reinstalled isa sp2 and MS Update to the latest patch (http issues
>for isa)
> >and rebooted
> >
> >Still the same set of error messages in the event logs.
> >
> >Short of taking a hammer to the OS and rebuilding from scratch does
>anyone
> >have any other ideas to try?
> >
> >
> >This install is the factory default dell sc1450 install, the system
>used to
> >be part of another active directory before I moved it to the
>current AD. It
> >didn't have any role in this other AD nor did it have ISA on it (or
>any
> >programs, it was literally joined into the domain, turned off for 3
>weeks
> >then removed from the old AD and added to the new one).
> >
> >Any help is appreciated :)
> >
> >Paul
> >
> >-----Original Message-----
> >From: isalist-bounce@xxxxxxxxxxxxx
>[mailto:isalist-bounce@xxxxxxxxxxxxx] On
> >Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA
> >Sent: Tuesday, June 20, 2006 1:29 PM
> >To: isalist@xxxxxxxxxxxxx
> >Subject: [isalist] Re: ISA on active directory startup errors
> >
> >http://www.ISAserver.org
> >-------------------------------------------------------
> >
> >There is a post service pack 2 patch for ISA2004, search on
>Microsoft
> >for it. Service pack 2 have some HTTP compression issues and I
>don't
> >know if something else.
> >
> >Regards
> >Diego R. Pietruszka
> >
> >-----Original Message-----
> >From: isalist-bounce@xxxxxxxxxxxxx
>[mailto:isalist-bounce@xxxxxxxxxxxxx]
> >On Behalf Of Paul Noble
> >Sent: Tuesday, June 20, 2006 8:04 AM
> >To: 'isalist@xxxxxxxxxxxxx'
> >Subject: [isalist] Re: ISA on active directory startup errors
> >
> >http://www.ISAserver.org
> >-------------------------------------------------------
> >
> >I installed 2003 sp1, then joined to the domain, I then installed
> >ISA2004
> >and installed sp2. I havent patched it beyond that
> >
> >-----Original Message-----
> >From: isalist-bounce@xxxxxxxxxxxxx
>[mailto:isalist-bounce@xxxxxxxxxxxxx]
> >On
> >Behalf Of Steve Moffat
> >Sent: Tuesday, June 20, 2006 12:56 PM
> >To: ISA Mailing List
> >Subject: [isalist] Re: ISA on active directory startup errors
> >
> >http://www.ISAserver.org
> >-------------------------------------------------------
> >
> >Is your ISA fully patched and service packed? Did you join the
>server to
> >the domain before you installed ISA?
> >
> >Steve
> >
> >-----Original Message-----
> >From: isalist-bounce@xxxxxxxxxxxxx
>[mailto:isalist-bounce@xxxxxxxxxxxxx]
> >On Behalf Of Paul Noble
> >Sent: Tuesday, June 20, 2006 6:36 AM
> >To: ISA Mailing List
> >Subject: [isalist] ISA on active directory startup errors
> >
> >http://www.ISAserver.org
> >-------------------------------------------------------
> >
> > Hi there,
> >
> >Im currently in the process of bringing an Active Directory Server
>2003
> >environment online (my first) to replace our existing windows NT
>network
> >(to which our ISA2004 server is currently attached and working
>fine,
> >last ISA install I did was 2 years ago).
> >
> >At the moment I've got 1 Domain Controller running AD, DNS and
>WINS, to
> >that I have a Server 2003 (sp1) ISA2004 (sp2) as a member of the
>domain
> >(not a controller).
> >
> >I have a caching only DNS server installed on the ISA server system
> >using our isp dns servers as forwarders and internal dns points to
>the
> >dc. DC dns uses isa system as a forwarder.
> >
> >Before I installed the ISA software on the server the server would
>log
> >on fine with no error messages appearing in the system and
>application
> >logs.
> >
> >After installing ISA2004 I get a set of error messages in the
> >Application log and the System log, which (upon chasing thru kb
> >articles) look to be dns or rpc communication failure.
> >
> >System events:
> >5783 The session setup to the Windows NT or Windows 2000 Domain
> >Controller \\DC1-Reflections.reflections.loc for the domain
>REFLECTIONS
> >is not responsive. The current RPC call from Netlogon on
> >\\ISA-REFLECTIONS to \\DC1-Reflections.reflections.loc has been
> >cancelled
> >
> >5719 This computer was not able to set up a secure session with a
>domain
> >controller in domain REFLECTIONS due to the following:
> >The remote procedure call was cancelled.
> >This may lead to authentication problems. Make sure that this
>computer
> >is connected to the network. If the problem persists, please
>contact
> >your domain administrator.
> >
> >7 The kerberos subsystem encountered a PAC verification failure.
>This
> >indicates that the PAC from the client ISA-REFLECTIONS$ in realm
> >REFLECTIONS.LOC had a PAC which failed to verify or was modified.
> >Contact your system administrator.
> >
> >Application events:
> >
> >1097 Windows cannot find the machine account, No authority could be
> >contacted for authentication. .
> >
> >1030. Windows cannot query for the list of Group Policy objects.
>Check
> >the event log for possible messages previously logged by the policy
> >engine that describes the reason for this.
> >
> >
> >Despite the presence of these errors when rebooted, the system does
>seem
> >to have joined the domain fine, creating new rules and user groups
>I can
> >browse the directory ok. The errors don't appear when I just log
>off and
> >on again, it only seems to occur on boot up, no errors on the DC
>end
> >either (that I can see anyway, probably looking in the wrong
>place!).
> >
> >I've compared the ISA server to the NT based ISA and I cant see any
> >differences with the system policies, but being new to AD im not
>sure if
> >they should be different or not.
> >
> >With this being my first Active Directory enviroment beyond one
>isolated
> >server and it being 2 years since I installed ISA2004 last, I'm not
>sure
> >I'm looking at this the right way at the moment, so any pointers or
> >hints people can throw my way so I can figure it out I'd be most
> >grateful.
> >
> >At the moment I'm thinking that the systems trying to log on to the
> >domain before the ISA server has finished starting up, so its
>kicking
> >the initial domain requests, hence relogging on doesn't generate
>the
> >events. /me stabs dark repeatedly.
> >
> >
> >Any pointers and tips are more than welcome, any more information
> >required and I'll try and get it to help clear this up.
> >
> >Paul
> >------------------------------------------------------
> >List Archives: //www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
> >http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
> >------------------------------------------------------
> >Visit TechGenix.com for more information about our other sites:
> >http://www.techgenix.com
> >------------------------------------------------------
> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >------------------------------------------------------
> >List Archives: //www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
> >http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
> >------------------------------------------------------
> >Visit TechGenix.com for more information about our other sites:
> >http://www.techgenix.com
> >------------------------------------------------------
> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >------------------------------------------------------
> >List Archives: //www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
> >http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
> >------------------------------------------------------
> >Visit TechGenix.com for more information about our other sites:
> >http://www.techgenix.com
> >------------------------------------------------------
> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >------------------------------------------------------
> >List Archives: //www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
> >http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
> >------------------------------------------------------
> >Visit TechGenix.com for more information about our other sites:
> >http://www.techgenix.com
> >------------------------------------------------------
> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >------------------------------------------------------
> >List Archives: //www.freelists.org/archives/isalist/
> >ISA Server Newsletter:
>http://www.isaserver.org/pages/newsletter.asp
> >ISA Server Articles and Tutorials:
>http://www.isaserver.org/articles_tutorials/
> >ISA Server Blogs: http://blogs.isaserver.org/
> >------------------------------------------------------
> >Visit TechGenix.com for more information about our other sites:
> >http://www.techgenix.com
> >------------------------------------------------------
> >To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
>
>------------------------------------------------------
>List Archives: //www.freelists.org/archives/isalist/
>ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
>ISA Server Blogs: http://blogs.isaserver.org/
>------------------------------------------------------
>Visit TechGenix.com for more information about our other sites:
>http://www.techgenix.com
>------------------------------------------------------
>To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>Report abuse to listadmin@xxxxxxxxxxxxx
>
