RE: automatically detect isa server problem

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Jul 2005 08:12:29 -0500

Hi Jank,

Let's stay away from the nuclear option until we can't find out what's
going on.

Are the clients a member of the domain?

What is the primary DNS suffix on the clients?

What operating systems are you using for clients?

What is/are the DNS setting(s) on the ISA firewall's interface(s)

What are the DNS settings on the client's interface?

Can you do a NetMon capture on the client when you do a Detect Now at
the Client?

What OS is the DNS server on, the Windows Server 2003 DC?

Are you using the ISA Server 2004 Firewall client?

Thanks!

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> Sent: Wednesday, July 20, 2005 8:07 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
> 
> http://www.ISAserver.org
> 
> Since this is my home network, I was able to add the isa server to the
> domain "fels.us" in no time.
> 
> It did not solve the problem. I still need to do an explicit 
> "ping wpad"
> on the client, before I am able to automatically detect the 
> isa server.
> 
> Then I added the client to the domain and logged in to the domain.
> 
> Still not the solution.
> 
> I am willing to let you log on to my network with mstsc if you want to
> see the whole setup.
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Wednesday, July 20, 2005 2:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
> 
> http://www.ISAserver.org
> 
> ARRRGGG!
> 
> Join that ISA firewall to the domain ASAP. It's a more secure 
> config and
> then your Firewall clients will work (which is just one of the many
> reasons why a domain joined ISA firewall is more secure).
> 
> I always join ISA firewalls to the domain when appropriate. The only
> time when it wouldn't provide an enhanced security posture is 
> in a back
> to back config, when the front end isn't doing any auth chores and
> you're running an anonymous access DMZ between the front end and back
> end.
> 
> HTH,
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > Sent: Wednesday, July 20, 2005 7:29 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> > 
> > http://www.ISAserver.org
> > 
> > Firewall is a standalone server. (not member of any domain) 
> Client is
> > not member of any domain.
> > DNS server is AD domain controller. (this is my personal exchange
> > server, hence the AD.....)
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > Sent: Wednesday, July 20, 2005 2:19 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> > 
> > http://www.ISAserver.org
> > 
> > Hi Info,
> > 
> > Are the clients members of the same domain as the ISA firewall?
> > 
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > Sent: Wednesday, July 20, 2005 7:15 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > > 
> > > http://www.ISAserver.org
> > > 
> > > It takes about 4 seconds before it syas: Failed to detect 
> > ISA Server.
> > > 
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > Sent: Wednesday, July 20, 2005 2:06 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Hi Info,
> > > 
> > > OK, sounds good so far.
> > > 
> > > What happens when you click Detect Now?
> > > 
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > >  
> > > 
> > > > -----Original Message-----
> > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > Sent: Wednesday, July 20, 2005 6:57 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > 
> > > > The configuration must almost be correct, since the 
> > autodetect does
> > > > work, after I do an explicit "ping wpad" from the client.
> > > > 
> > > > 
> > > > 
> > > > Dns is setup as follows:
> > > > 
> > > > Wpad                    alias (cname)    boss_lan.fels.us
> > > > Boss_lan                host (A)                10.1.0.1
> > > > Boss_dmz                host (A)                10.2.0.1
> > > > 
> > > > Default gateway of the client is 10.1.0.1
> > > > 
> > > > Client is on the "Internal" network.
> > > > 
> > > > "Internal" network settings on isa firewall:
> > > > 
> > > > Firewall client support is enabled.
> > > > Isa server name is set to "boss_lan.fels.us"
> > > > Automatically detect settings is selected.
> > > > 
> > > > Publish automatic discovery information is selected, 
> > default port 80
> > > > 
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > > Sent: Wednesday, July 20, 2005 1:26 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > What are they?
> > > > 
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > > 
> > > >  
> > > > 
> > > > > -----Original Message-----
> > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > Sent: Wednesday, July 20, 2005 6:22 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > > 
> > > > > http://www.ISAserver.org
> > > > > 
> > > > > Hi there,
> > > > > 
> > > > > I believe they are correct. What can I do?
> > > > > 
> > > > > -----Original Message-----
> > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > > > Sent: Wednesday, July 20, 2005 1:12 PM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > > 
> > > > > http://www.ISAserver.org
> > > > > 
> > > > > Hi Info,
> > > > > 
> > > > > Sounds like the Firewall client listener settings aren't 
> > > configured
> > > > > correctly.
> > > > > 
> > > > > HTH,
> > > > > 
> > > > > Tom
> > > > > www.isaserver.org/shinder
> > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > > 
> > > > >  
> > > > > 
> > > > > > -----Original Message-----
> > > > > > From: info@xxxxxxx [mailto:info@xxxxxxx] 
> > > > > > Sent: Wednesday, July 20, 2005 6:03 AM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] automatically detect isa server problem
> > > > > > 
> > > > > > http://www.ISAserver.org
> > > > > > 
> > > > > > Hello,
> > > > > > 
> > > > > > I have a strange problem with "wpad".
> > > > > > 
> > > > > > My isa firewall client will not automatically detect the 
> > > > isa server.
> > > > > > Only after I explicitly do a "ping wpad" from the firewall 
> > > > > > client, the dns
> > > > > > cache is filled on the client with the wpad entry. 
> Only then, 
> > > > > > the firewall
> > > > > > client can "automatically" detect the isa server.
> > > > > > 
> > > > > > Why do I have to explicitly do a "ping wpad". According to 
> > > > > > the manual, the
> > > > > > firewall client is supposed to do it.
> > > > > > 
> > > > > > In my scenario, there is only 1 isa server and the 
> dns server 
> > > > > > is running
> > > > > > on a different server.
> > > > > > 
> > > > > > ------------------------------------------------------
> > > > > > List Archives: 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > > ISA Server Newsletter: 
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > > > ISA Server FAQ: 
> > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > > ------------------------------------------------------
> > > > > > Other Internet Software Marketing Sites:
> > > > > > World of Windows Networking: 
> http://www.windowsnetworking.com
> > > > > > Leading Network Software Directory: 
> http://www.serverfiles.com
> > > > > > No.1 Exchange Server Resource Site: 
> http://www.msexchange.org
> > > > > > Windows Security Resource Site: 
> http://www.windowsecurity.com/
> > > > > > Network Security Library: http://www.secinf.net/
> > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > > ------------------------------------------------------
> > > > > > You are currently subscribed to this ISAserver.org 
> Discussion 
> > > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > > To unsubscribe visit 
> > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > > 
> > > > > > 
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org 
> > > > Discussion List as:
> > > > > info@xxxxxxx
> > > > > To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion 
> > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > info@xxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion 
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> > Discussion List as:
> > > info@xxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > info@xxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> info@xxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---