Almost, but no cigar. Here's another hint: "Good-night Doktor..." ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Monday, October 03, 2005 15:20 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Add these to your "must do" for your ISA http://www.ISAserver.org You eat pizza with a fork, don't you? ----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, October 03, 2005 3:00 PM Subject: [isalist] RE: Add these to your "must do" for your ISA > http://www.ISAserver.org > > If'n you aint gots one you gotta add it. > > BTW - if you add the EnablePMTU.. value "Make Damnsure" you also got > MS05-019 installed first. > > 3 anti-social points if you identify the quoted phrase... > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Ray Dzek [mailto:Ray.Dzek@xxxxxxxxxxxxxxx] > Sent: Monday, October 03, 2005 15:03 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Add these to your "must do" for your ISA > > http://www.ISAserver.org > > So does that mean we should add a DWORD value of NodeType with a value > of 0x2 under Parameters - Or should there already be a NodeType there? > 'Cause I ain't got one. An-if I wuz supozed ta git one, I wants it now. > > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Sunday, October 02, 2005 4:36 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Add these to your "must do" for your ISA > > http://www.ISAserver.org > > > It may have gone overlooked in the general melee of postings, but I had > posted these before and thought them worth reiterating... > > > > - Tired of the ISA sending NetBT broadcasts when DNS lookups fail? > > This setting: > > HKLM\SystemCurrentControlSet\Services\NetBT\Parameters NodeType, DWORD, > 0x2 > > ..will cure that. > > By setting this to a value of 2, You're telling Windows to limit its > name lookup efforts to defined DNS and WINS servers. > > As a result, Windows will no longer wait for NetBT broadcasts to fail > before reporting a name lookup failure. > > Can you say "faster lookup responses and therefore faster connections > (or failures)", boys and girls? > > > > - MS05-019 fixed an ICMP MTU vulnerability that existed in Windows. > > Because the ISA team was aware of this issue before ISA 2004 shipped, > they opted to give you a "safe by default" configuration since they had > no idea if or when the Windows issue might be fixed. > > Unfortunately, it also has the unfortunate side effect of limiting > Windows to 576-byte packets on all interfaces, reducing network > efficiency > > This setting: > > HKLM\SystemCurrentControlSet\Services\Tcpip\Parameters > EnablePMTUDiscovery, DWORD, 0x0 > > ..is what the ISA installer creates. > > This setting: > > HKLM\SystemCurrentControlSet\Services\Tcpip\Parameters > EnablePMTUDiscovery, DWORD, 0x1 > > ..is what will remove this protection (or you can delete the > "EnablePMTUDiscovery" value). > > > > Both settings require a machine reboot to take effect. > > Both settings will clean up your network traffic a bit. > > > > > > Have fun! > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > ray.dzek@xxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.