http://www.ISAserver.org ------------------------------------------------------- http://www.isaserver.org/IsaNews/win2003sp1update.html Steve -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Noble Sent: Tuesday, June 20, 2006 9:04 AM To: ISA Mailing List Subject: [isalist] Re: ISA on active directory startup errors http://www.ISAserver.org ------------------------------------------------------- I installed 2003 sp1, then joined to the domain, I then installed ISA2004 and installed sp2. I havent patched it beyond that -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Tuesday, June 20, 2006 12:56 PM To: ISA Mailing List Subject: [isalist] Re: ISA on active directory startup errors http://www.ISAserver.org ------------------------------------------------------- Is your ISA fully patched and service packed? Did you join the server to the domain before you installed ISA? Steve -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Noble Sent: Tuesday, June 20, 2006 6:36 AM To: ISA Mailing List Subject: [isalist] ISA on active directory startup errors http://www.ISAserver.org ------------------------------------------------------- Hi there, Im currently in the process of bringing an Active Directory Server 2003 environment online (my first) to replace our existing windows NT network (to which our ISA2004 server is currently attached and working fine, last ISA install I did was 2 years ago). At the moment I've got 1 Domain Controller running AD, DNS and WINS, to that I have a Server 2003 (sp1) ISA2004 (sp2) as a member of the domain (not a controller). I have a caching only DNS server installed on the ISA server system using our isp dns servers as forwarders and internal dns points to the dc. DC dns uses isa system as a forwarder. Before I installed the ISA software on the server the server would log on fine with no error messages appearing in the system and application logs. After installing ISA2004 I get a set of error messages in the Application log and the System log, which (upon chasing thru kb articles) look to be dns or rpc communication failure. System events: 5783 The session setup to the Windows NT or Windows 2000 Domain Controller \\DC1-Reflections.reflections.loc for the domain REFLECTIONS is not responsive. The current RPC call from Netlogon on \\ISA-REFLECTIONS to \\DC1-Reflections.reflections.loc has been cancelled 5719 This computer was not able to set up a secure session with a domain controller in domain REFLECTIONS due to the following: The remote procedure call was cancelled. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. 7 The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client ISA-REFLECTIONS$ in realm REFLECTIONS.LOC had a PAC which failed to verify or was modified. Contact your system administrator. Application events: 1097 Windows cannot find the machine account, No authority could be contacted for authentication. . 1030. Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. Despite the presence of these errors when rebooted, the system does seem to have joined the domain fine, creating new rules and user groups I can browse the directory ok. The errors don't appear when I just log off and on again, it only seems to occur on boot up, no errors on the DC end either (that I can see anyway, probably looking in the wrong place!). I've compared the ISA server to the NT based ISA and I cant see any differences with the system policies, but being new to AD im not sure if they should be different or not. With this being my first Active Directory enviroment beyond one isolated server and it being 2 years since I installed ISA2004 last, I'm not sure I'm looking at this the right way at the moment, so any pointers or hints people can throw my way so I can figure it out I'd be most grateful. At the moment I'm thinking that the systems trying to log on to the domain before the ISA server has finished starting up, so its kicking the initial domain requests, hence relogging on doesn't generate the events. /me stabs dark repeatedly. Any pointers and tips are more than welcome, any more information required and I'll try and get it to help clear this up. Paul ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx