Botched Setup based on W3k server / ISA 2004
- From: "Glenn" <glenn.johnston@xxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Wed, 1 Feb 2006 04:49:56 -0700
Hi,
Looking for some advice / suggestions on a botched server setup I've
inheritted. (The prior system admin left rather hurriedly with a boot up
his bum last friday night)
The whole system, including the physical setup, is a prime example of 'how
not to set up a system'.
The system will allow for new users to be created but dows not allow for
these to be granted inbound VPN access into the network. This situation
has been in place for several weeks, and management finally got feed up,
and got rid of the cause of the problem when they found out he did not
have any MCSE quals as he claimed 12 months ago on his job application.
To make the situation worst there is absolutly NO documentation what so
ever, they can't find the media for the software that has been installed
on the servers nor the intall keys for windows server 2003.
The company concerned is also in the delivery phase of a multi million
dollar contract which will run till April / May this year. They can not
allow any down time not even 1 hour on a Sunday, which makes the situation
difficult to say the least. So any fiddling with the setup is really
walking on ice stuff.
They are wanting to add new users as the delivery phase ramps up, but the
new users are not able to VPN in from external to read e-mail / access
files on the server etc. When the user attempts a connect, on the first
attempt they receive a 'The remote computer did not respond' error, on the
second and subsequent attempts they get 'The user does not have dial in
access' which they do.
From what I can gather, it seems the ex sys admin installed Windows server
Sp1, between christmas and new year, and thats when everything started to
turn sour.
The setup:
There are 5 servers in the network
All server are running Active directory and all are set as global catalog
servers.
Server 1. Configured as a firewall
Windows server 2003 Standard + SP1
ISA server 2004 Standard + SP1 + RPC hot fix
Dual nic'ed, published exchange for incoming / outgoing e-mail
VPN server for inbound connections
When you start the ISA management console, it gives a series of errors
'unable to send the command to the program' and then MMC fails. This is
going to be a bugger, as I am quite confidant that the set up of the rules
on the ISA server are a mess, but I can't even see what they are, as the
MMC is crashing when I try to acess it.
As far as I can see so far on the servers there is not even a backup of
the ISA config in a file.
Server 2 Configured as a file / print server.
Windows server 2003 Standard + SP1
Server 3 Exchange server
Window server 2003 Standard + SP1
Exchange server 2003 + sp2
Server 4 and 5 File servers doing on line copies from the other print file
server at midnight.
Windows server 2003 + Sp1
The Active directory users and computers MMC on the exchange server is
used to manage existing users / create new users as it is the only one
with the exchange extensions.
Inbound / outbound e-mail is flowing fine with no obvious issues.
File access to the file server works fine, for existing users both
throught VPN and locally, new users can only access via VPN.
Inbound VPN works fine for users who were defined in the system prior to
SP1 being installed. Any user created since, works OK internally for
computer on the internal LAN with exchange etc, but are not able to
connect from externally using VPN.
Outlook web access is not working externally, but is working internally.
As I can get at the config on the ISA server, I don't know if the
publishing rules are in place.
Any suggestions on firstly how to get at the firewall rule set, that not
likely to bring the house down around me ?
Any suggestions on how to get new users working on VPN, again with out
breaking anything.
Other related posts:
