http://www.ISAserver.org
Generally, I eschew utensils, but mostly, I chew food, although I don't
shoe animals...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Monday, October 03, 2005 15:33
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Add these to your "must do" for your ISA
http://www.ISAserver.org
No, I mean, really. I bet you eat your pizza with a fork. :-p
----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, October 03, 2005 3:25 PM
Subject: [isalist] RE: Add these to your "must do" for your ISA
http://www.ISAserver.org
Almost, but no cigar.
Here's another hint:
"Good-night Doktor..."
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Monday, October 03, 2005 15:20
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Add these to your "must do" for your ISA
http://www.ISAserver.org
You eat pizza with a fork, don't you?
----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, October 03, 2005 3:00 PM
Subject: [isalist] RE: Add these to your "must do" for your ISA
http://www.ISAserver.org
If'n you aint gots one you gotta add it.
BTW - if you add the EnablePMTU.. value "Make Damnsure" you also got
MS05-019 installed first.
3 anti-social points if you identify the quoted phrase...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Ray Dzek [mailto:Ray.Dzek@xxxxxxxxxxxxxxx]
Sent: Monday, October 03, 2005 15:03
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Add these to your "must do" for your ISA
http://www.ISAserver.org
So does that mean we should add a DWORD value of NodeType with a
value
of 0x2 under Parameters - Or should there already be a NodeType
there?
'Cause I ain't got one. An-if I wuz supozed ta git one, I wants it
now.
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Sunday, October 02, 2005 4:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Add these to your "must do" for your ISA
http://www.ISAserver.org
It may have gone overlooked in the general melee of postings, but I
had
posted these before and thought them worth reiterating...
- Tired of the ISA sending NetBT broadcasts when DNS lookups fail?
This setting:
HKLM\SystemCurrentControlSet\Services\NetBT\Parameters NodeType,
DWORD,
0x2
..will cure that.
By setting this to a value of 2, You're telling Windows to limit its
name lookup efforts to defined DNS and WINS servers.
As a result, Windows will no longer wait for NetBT broadcasts to fail
before reporting a name lookup failure.
Can you say "faster lookup responses and therefore faster connections
(or failures)", boys and girls?
- MS05-019 fixed an ICMP MTU vulnerability that existed in Windows.
Because the ISA team was aware of this issue before ISA 2004 shipped,
they opted to give you a "safe by default" configuration since they
had
no idea if or when the Windows issue might be fixed.
Unfortunately, it also has the unfortunate side effect of limiting
Windows to 576-byte packets on all interfaces, reducing network
efficiency
This setting:
HKLM\SystemCurrentControlSet\Services\Tcpip\Parameters
EnablePMTUDiscovery, DWORD, 0x0
..is what the ISA installer creates.
This setting:
HKLM\SystemCurrentControlSet\Services\Tcpip\Parameters
EnablePMTUDiscovery, DWORD, 0x1
..is what will remove this protection (or you can delete the
"EnablePMTUDiscovery" value).
Both settings require a machine reboot to take effect.
Both settings will clean up your network traffic a bit.
Have fun!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as:
ray.dzek@xxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as:
jim@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
