Hi Glenn, Check to see if he's install the post Windows Server 2003 RPC fix on the ISA firewall and Exchange Servers. Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Glenn [mailto:glenn.johnston@xxxxxxxxxxx] > Sent: Wednesday, February 01, 2006 5:50 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Botched Setup based on W3k server / ISA 2004 > > http://www.ISAserver.org > > Hi, > > Looking for some advice / suggestions on a botched server setup I've > inheritted. (The prior system admin left rather hurriedly > with a boot up > his bum last friday night) > > The whole system, including the physical setup, is a prime > example of 'how > not to set up a system'. > > The system will allow for new users to be created but dows > not allow for > these to be granted inbound VPN access into the network. This > situation > has been in place for several weeks, and management finally > got feed up, > and got rid of the cause of the problem when they found out he did not > have any MCSE quals as he claimed 12 months ago on his job > application. > > To make the situation worst there is absolutly NO > documentation what so > ever, they can't find the media for the software that has > been installed > on the servers nor the intall keys for windows server 2003. > > The company concerned is also in the delivery phase of a multi million > dollar contract which will run till April / May this year. > They can not > allow any down time not even 1 hour on a Sunday, which makes > the situation > difficult to say the least. So any fiddling with the setup is really > walking on ice stuff. > > They are wanting to add new users as the delivery phase ramps > up, but the > new users are not able to VPN in from external to read e-mail / access > files on the server etc. When the user attempts a connect, on > the first > attempt they receive a 'The remote computer did not respond' > error, on the > second and subsequent attempts they get 'The user does not > have dial in > access' which they do. > > From what I can gather, it seems the ex sys admin installed > Windows server > Sp1, between christmas and new year, and thats when > everything started to > turn sour. > > The setup: > > There are 5 servers in the network > > All server are running Active directory and all are set as > global catalog > servers. > > Server 1. Configured as a firewall > > Windows server 2003 Standard + SP1 > ISA server 2004 Standard + SP1 + RPC hot fix > Dual nic'ed, published exchange for incoming / outgoing e-mail > VPN server for inbound connections > > When you start the ISA management console, it gives a series of errors > 'unable to send the command to the program' and then MMC > fails. This is > going to be a bugger, as I am quite confidant that the set up > of the rules > on the ISA server are a mess, but I can't even see what they > are, as the > MMC is crashing when I try to acess it. > As far as I can see so far on the servers there is not even a > backup of > the ISA config in a file. > > Server 2 Configured as a file / print server. > Windows server 2003 Standard + SP1 > > Server 3 Exchange server > Window server 2003 Standard + SP1 > Exchange server 2003 + sp2 > > Server 4 and 5 File servers doing on line copies from the > other print file > server at midnight. > Windows server 2003 + Sp1 > > > > The Active directory users and computers MMC on the exchange server is > used to manage existing users / create new users as it is the only one > with the exchange extensions. > > Inbound / outbound e-mail is flowing fine with no obvious issues. > > File access to the file server works fine, for existing users both > throught VPN and locally, new users can only access via VPN. > > Inbound VPN works fine for users who were defined in the > system prior to > SP1 being installed. Any user created since, works OK internally for > computer on the internal LAN with exchange etc, but are not able to > connect from externally using VPN. > > Outlook web access is not working externally, but is working > internally. > As I can get at the config on the ISA server, I don't know if the > publishing rules are in place. > > Any suggestions on firstly how to get at the firewall rule > set, that not > likely to bring the house down around me ? > > Any suggestions on how to get new users working on VPN, again with out > breaking anything. > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >