[isalist] Re: ISA on active directory startup errors

http://www.ISAserver.org
-------------------------------------------------------
  
I installed 2003 sp1, then joined to the domain, I then installed ISA2004
and installed sp2. I havent patched it beyond that 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Tuesday, June 20, 2006 12:56 PM
To: ISA Mailing List
Subject: [isalist] Re: ISA on active directory startup errors

http://www.ISAserver.org
-------------------------------------------------------
  
Is your ISA fully patched and service packed? Did you join the server to
the domain before you installed ISA?

Steve

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Paul Noble
Sent: Tuesday, June 20, 2006 6:36 AM
To: ISA Mailing List
Subject: [isalist] ISA on active directory startup errors

http://www.ISAserver.org
-------------------------------------------------------
  
 Hi there,

Im currently in the process of bringing an Active Directory Server 2003
environment online (my first) to replace our existing windows NT network
(to which our ISA2004 server is currently attached and working fine,
last ISA install I did was 2 years ago).

At the moment I've got 1 Domain Controller running AD, DNS and WINS, to
that I have a Server 2003 (sp1) ISA2004 (sp2) as a member of the domain
(not a controller).

I have a caching only DNS server installed on the ISA server system
using our isp dns servers as forwarders and internal dns points to the
dc. DC dns uses isa system as a forwarder.

Before I installed the ISA software on the server the server would log
on fine with no error messages appearing in the system and application
logs.

After installing ISA2004 I get a set of error messages in the
Application log and the System log, which (upon chasing thru kb
articles) look to be dns or rpc communication failure.

System events: 
5783 The session setup to the Windows NT or Windows 2000 Domain
Controller \\DC1-Reflections.reflections.loc for the domain REFLECTIONS
is not responsive.  The current RPC call from Netlogon on
\\ISA-REFLECTIONS to \\DC1-Reflections.reflections.loc has been
cancelled
 
5719 This computer was not able to set up a secure session with a domain
controller in domain REFLECTIONS due to the following: 
The remote procedure call was cancelled.  
This may lead to authentication problems. Make sure that this computer
is connected to the network. If the problem persists, please contact
your domain administrator.  

7 The kerberos subsystem encountered a PAC verification failure.  This
indicates that the PAC from the client ISA-REFLECTIONS$ in realm
REFLECTIONS.LOC had a PAC which failed to verify or was modified.
Contact your system administrator.

Application events: 

1097 Windows cannot find the machine account, No authority could be
contacted for authentication. .

1030. Windows cannot query for the list of Group Policy objects. Check
the event log for possible messages previously logged by the policy
engine that describes the reason for this.


Despite the presence of these errors when rebooted, the system does seem
to have joined the domain fine, creating new rules and user groups I can
browse the directory ok. The errors don't appear when I just log off and
on again, it only seems to occur on boot up, no errors on the DC end
either (that I can see anyway, probably looking in the wrong place!).

I've compared the ISA server to the NT based ISA and I cant see any
differences with the system policies, but being new to AD im not sure if
they should be different or not.

With this being my first Active Directory enviroment beyond one isolated
server and it being 2 years since I installed ISA2004 last, I'm not sure
I'm looking at this the right way at the moment, so any pointers or
hints people can throw my way so I can figure it out I'd be most
grateful.

At the moment I'm thinking that the systems trying to log on to the
domain before the ISA server has finished starting up, so its kicking
the initial domain requests, hence relogging on doesn't generate the
events. /me stabs dark repeatedly.


Any pointers and tips are more than welcome, any more information
required and I'll try and get it to help clear this up.

Paul
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: