RE: automatically detect isa server problem
- From: "JosephK" <josephk@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 20 Jul 2005 09:50:48 -0700
Hi Thomas,
I join the internal ISA box in my back to back to the domain.
The front end ISA box isn't joined to the domain. And I agree that the
front end really doesn't need to be added to a domain.
Joseph
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, July 20, 2005 5:33 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: automatically detect isa server problem
http://www.ISAserver.org
ARRRGGG!
Join that ISA firewall to the domain ASAP. It's a more secure config and
then your Firewall clients will work (which is just one of the many
reasons why a domain joined ISA firewall is more secure).
I always join ISA firewalls to the domain when appropriate. The only
time when it wouldn't provide an enhanced security posture is in a back
to back config, when the front end isn't doing any auth chores and
you're running an anonymous access DMZ between the front end and back
end.
HTH,
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> Sent: Wednesday, July 20, 2005 7:29 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
>
> http://www.ISAserver.org
>
> Firewall is a standalone server. (not member of any domain) Client is
> not member of any domain.
> DNS server is AD domain controller. (this is my personal exchange
> server, hence the AD.....)
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Wednesday, July 20, 2005 2:19 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
>
> http://www.ISAserver.org
>
> Hi Info,
>
> Are the clients members of the same domain as the ISA firewall?
>
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > Sent: Wednesday, July 20, 2005 7:15 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> > http://www.ISAserver.org
> >
> > It takes about 4 seconds before it syas: Failed to detect
> ISA Server.
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Wednesday, July 20, 2005 2:06 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> > http://www.ISAserver.org
> >
> > Hi Info,
> >
> > OK, sounds good so far.
> >
> > What happens when you click Detect Now?
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > Sent: Wednesday, July 20, 2005 6:57 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > The configuration must almost be correct, since the
> autodetect does
> > > work, after I do an explicit "ping wpad" from the client.
> > >
> > >
> > >
> > > Dns is setup as follows:
> > >
> > > Wpad alias (cname) boss_lan.fels.us
> > > Boss_lan host (A) 10.1.0.1
> > > Boss_dmz host (A) 10.2.0.1
> > >
> > > Default gateway of the client is 10.1.0.1
> > >
> > > Client is on the "Internal" network.
> > >
> > > "Internal" network settings on isa firewall:
> > >
> > > Firewall client support is enabled.
> > > Isa server name is set to "boss_lan.fels.us"
> > > Automatically detect settings is selected.
> > >
> > > Publish automatic discovery information is selected,
> default port 80
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Wednesday, July 20, 2005 1:26 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > > What are they?
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > Sent: Wednesday, July 20, 2005 6:22 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi there,
> > > >
> > > > I believe they are correct. What can I do?
> > > >
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Wednesday, July 20, 2005 1:12 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Info,
> > > >
> > > > Sounds like the Firewall client listener settings aren't
> > configured
> > > > correctly.
> > > >
> > > > HTH,
> > > >
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: info@xxxxxxx [mailto:info@xxxxxxx]
> > > > > Sent: Wednesday, July 20, 2005 6:03 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hello,
> > > > >
> > > > > I have a strange problem with "wpad".
> > > > >
> > > > > My isa firewall client will not automatically detect the
> > > isa server.
> > > > > Only after I explicitly do a "ping wpad" from the firewall
> > > > > client, the dns
> > > > > cache is filled on the client with the wpad entry. Only then,
> > > > > the firewall
> > > > > client can "automatically" detect the isa server.
> > > > >
> > > > > Why do I have to explicitly do a "ping wpad". According to
> > > > > the manual, the
> > > > > firewall client is supposed to do it.
> > > > >
> > > > > In my scenario, there is only 1 isa server and the dns server
> > > > > is running
> > > > > on a different server.
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion
> > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > info@xxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > info@xxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > World of Windows Networking: http://www.windowsnetworking.com
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > info@xxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> info@xxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
