RE: automatically detect isa server problem

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Jul 2005 13:46:59 -0500

You mean this one:

"When you see a fork in the road it's ready"?

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, July 20, 2005 1:47 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
> 
> http://www.ISAserver.org
> 
> Just add Jim's ;)
> 
> ----- Original Message ----- 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Wednesday, July 20, 2005 11:39 AM
> Subject: [isalist] RE: automatically detect isa server problem
> 
> 
> http://www.ISAserver.org
> 
> Hmmm. Better see if I can get that quote removed ;)
> 
> Would like you an alternate quote included?
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> 
> > -----Original Message-----
> > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > Sent: Wednesday, July 20, 2005 1:30 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> > http://www.ISAserver.org
> >
> > Payback is a mf.
> >
> > ----- Original Message ----- 
> > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Wednesday, July 20, 2005 11:21 AM
> > Subject: [isalist] RE: automatically detect isa server problem
> >
> >
> > http://www.ISAserver.org
> >
> > You said I could quote you on that :)
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > Sent: Wednesday, July 20, 2005 1:16 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > > http://www.ISAserver.org
> > >
> > > Oh, great... "Tim the pompous ass."  I hope you're
> > including context!!
> > >
> > > t
> > >
> > > ----- Original Message ----- 
> > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Wednesday, July 20, 2005 11:03 AM
> > > Subject: [isalist] RE: automatically detect isa server problem
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Tim,
> > >
> > > Great stuff! Just entered into my database of article ideas :-)
> > >
> > > BTW -- the following quote will appear in this month's 
> ISAServer.org
> > > newsletter:
> > >
> > > "If I gloated every time I was right, I'd never have an
> > opportunity to
> > > make a
> > > mistake!"  --Tim Mullen
> > >
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Wednesday, July 20, 2005 12:48 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > It all depends on what works best for your setup.  My DMZ
> > > > houses servers for
> > > > data-driven web content, as well as my av/spam smtp gateway.
> > > > There is also
> > > > an authorization infrastructure in place for external users
> > > > to log on to
> > > > access private, client-based resources.  As such, having AD
> > > > in the DMZ
> > > > allows for much easier policy-based administration, and
> > > > affords more secure
> > > > options such as certificate-based IPSec rules in the DMZ,
> > > > server hardening
> > > > group policy objects, etc.
> > > >
> > > > t
> > > >
> > > > ----- Original Message ----- 
> > > > From: "JosephK" <josephk@xxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, July 20, 2005 10:23 AM
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > That's actually an interesting concept. I only have mail
> > > > forwarders and
> > > > a sniffer in my honeypot dmz. Do you think that it is a
> > good idea to
> > > > keep
> > > > a second domain in the DMZ domain? And what are some
> > > > additional benefits
> > > > of
> > > > doing so?
> > > > Thank you,
> > > > Joseph
> > > >
> > > > -----Original Message-----
> > > > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
> > > > Sent: Wednesday, July 20, 2005 10:17 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Well, I wouldn't say "no reason" like that... My FE ISA
> > server is a
> > > > member
> > > > of the DMZ domain for the same reason.  Of course, the DMZ
> > > domain and
> > > > the
> > > > internal domain don't have anything to do with each other-- 
> > > but things
> > > > like
> > > > authentication and group policy are quite valid reasons to
> > > have even a
> > > > FE
> > > > ISA as a domain member.   But I know you know that ;)
> > > >
> > > > t
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, July 20, 2005 10:00 AM
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi Joseph,
> > > >
> > > > Exactly. Since there isn't a net increase in the level 
> of security
> > > > offered by the front-end being a domain member, there's no
> > > > reason to do
> > > > so. What gets me are those who won't join the ISA firewall to
> > > > the domain
> > > > because they're afraid men from Mars will come here and not
> > > > get Measles.
> > > >
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: JosephK [mailto:josephk@xxxxxxxxx]
> > > > > Sent: Wednesday, July 20, 2005 11:51 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hi Thomas,
> > > > > I join the internal ISA box in my back to back to the domain.
> > > > > The front end ISA box isn't joined to the domain.  And I
> > > > > agree that the
> > > > > front end really doesn't need to be added to a domain.
> > > > >
> > > > > Joseph
> > > > >
> > > > > -----Original Message-----
> > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > Sent: Wednesday, July 20, 2005 5:33 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > ARRRGGG!
> > > > >
> > > > > Join that ISA firewall to the domain ASAP. It's a more secure
> > > > > config and
> > > > > then your Firewall clients will work (which is just one
> > > of the many
> > > > > reasons why a domain joined ISA firewall is more secure).
> > > > >
> > > > > I always join ISA firewalls to the domain when
> > > appropriate. The only
> > > > > time when it wouldn't provide an enhanced security posture is
> > > > > in a back
> > > > > to back config, when the front end isn't doing any auth
> > chores and
> > > > > you're running an anonymous access DMZ between the front
> > > > end and back
> > > > > end.
> > > > >
> > > > > HTH,
> > > > >
> > > > > Tom
> > > > > www.isaserver.org/shinder
> > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > >
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > > Sent: Wednesday, July 20, 2005 7:29 AM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] RE: automatically detect isa 
> server problem
> > > > > >
> > > > > > http://www.ISAserver.org
> > > > > >
> > > > > > Firewall is a standalone server. (not member of any domain)
> > > > > Client is
> > > > > > not member of any domain.
> > > > > > DNS server is AD domain controller. (this is my
> > > personal exchange
> > > > > > server, hence the AD.....)
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > Sent: Wednesday, July 20, 2005 2:19 PM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] RE: automatically detect isa 
> server problem
> > > > > >
> > > > > > http://www.ISAserver.org
> > > > > >
> > > > > > Hi Info,
> > > > > >
> > > > > > Are the clients members of the same domain as the ISA
> > firewall?
> > > > > >
> > > > > > Tom
> > > > > > www.isaserver.org/shinder
> > > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > > http://tinyurl.com/3xqb7
> > > > > > MVP -- ISA Firewalls
> > > > > >
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > > > Sent: Wednesday, July 20, 2005 7:15 AM
> > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > Subject: [isalist] RE: automatically detect isa
> > server problem
> > > > > > >
> > > > > > > http://www.ISAserver.org
> > > > > > >
> > > > > > > It takes about 4 seconds before it syas: Failed to detect
> > > > > > ISA Server.
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > > Sent: Wednesday, July 20, 2005 2:06 PM
> > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > Subject: [isalist] RE: automatically detect isa
> > server problem
> > > > > > >
> > > > > > > http://www.ISAserver.org
> > > > > > >
> > > > > > > Hi Info,
> > > > > > >
> > > > > > > OK, sounds good so far.
> > > > > > >
> > > > > > > What happens when you click Detect Now?
> > > > > > >
> > > > > > > Tom
> > > > > > > www.isaserver.org/shinder
> > > > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > > > http://tinyurl.com/3xqb7
> > > > > > > MVP -- ISA Firewalls
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > > > > Sent: Wednesday, July 20, 2005 6:57 AM
> > > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > > Subject: [isalist] RE: automatically detect isa
> > > server problem
> > > > > > > >
> > > > > > > > http://www.ISAserver.org
> > > > > > > >
> > > > > > > >
> > > > > > > > The configuration must almost be correct, since the
> > > > > > autodetect does
> > > > > > > > work, after I do an explicit "ping wpad" from 
> the client.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Dns is setup as follows:
> > > > > > > >
> > > > > > > > Wpad alias (cname) boss_lan.fels.us
> > > > > > > > Boss_lan host (A) 10.1.0.1
> > > > > > > > Boss_dmz host (A) 10.2.0.1
> > > > > > > >
> > > > > > > > Default gateway of the client is 10.1.0.1
> > > > > > > >
> > > > > > > > Client is on the "Internal" network.
> > > > > > > >
> > > > > > > > "Internal" network settings on isa firewall:
> > > > > > > >
> > > > > > > > Firewall client support is enabled.
> > > > > > > > Isa server name is set to "boss_lan.fels.us"
> > > > > > > > Automatically detect settings is selected.
> > > > > > > >
> > > > > > > > Publish automatic discovery information is selected,
> > > > > > default port 80
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > > > Sent: Wednesday, July 20, 2005 1:26 PM
> > > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > > Subject: [isalist] RE: automatically detect isa
> > > server problem
> > > > > > > >
> > > > > > > > http://www.ISAserver.org
> > > > > > > >
> > > > > > > > What are they?
> > > > > > > >
> > > > > > > > Tom
> > > > > > > > www.isaserver.org/shinder
> > > > > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > > > > http://tinyurl.com/3xqb7
> > > > > > > > MVP -- ISA Firewalls
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: jankees [mailto:jankees@xxxxxxx] On 
> Behalf Of info
> > > > > > > > > Sent: Wednesday, July 20, 2005 6:22 AM
> > > > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > > > Subject: [isalist] RE: automatically detect isa
> > > > server problem
> > > > > > > > >
> > > > > > > > > http://www.ISAserver.org
> > > > > > > > >
> > > > > > > > > Hi there,
> > > > > > > > >
> > > > > > > > > I believe they are correct. What can I do?
> > > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > > > > > > Sent: Wednesday, July 20, 2005 1:12 PM
> > > > > > > > > To: [ISAserver.org Discussion List]
> > > > > > > > > Subject: [isalist] RE: automatically detect isa
> > > > server problem
> > > > > > > > >
> > > > > > > > > http://www.ISAserver.org
> > > > > > > > >
> > > > > > > > > Hi Info,
> 
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: 
> thor@xxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 

Other related posts:

• » automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---