RE: Botched Setup based on W3k server / ISA 2004
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 1 Feb 2006 07:48:28 -0600
Hi Glenn,
Check to see if he's install the post Windows Server 2003 RPC fix on the
ISA firewall and Exchange Servers.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Glenn [mailto:glenn.johnston@xxxxxxxxxxx]
> Sent: Wednesday, February 01, 2006 5:50 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Botched Setup based on W3k server / ISA 2004
>
> http://www.ISAserver.org
>
> Hi,
>
> Looking for some advice / suggestions on a botched server setup I've
> inheritted. (The prior system admin left rather hurriedly
> with a boot up
> his bum last friday night)
>
> The whole system, including the physical setup, is a prime
> example of 'how
> not to set up a system'.
>
> The system will allow for new users to be created but dows
> not allow for
> these to be granted inbound VPN access into the network. This
> situation
> has been in place for several weeks, and management finally
> got feed up,
> and got rid of the cause of the problem when they found out he did not
> have any MCSE quals as he claimed 12 months ago on his job
> application.
>
> To make the situation worst there is absolutly NO
> documentation what so
> ever, they can't find the media for the software that has
> been installed
> on the servers nor the intall keys for windows server 2003.
>
> The company concerned is also in the delivery phase of a multi million
> dollar contract which will run till April / May this year.
> They can not
> allow any down time not even 1 hour on a Sunday, which makes
> the situation
> difficult to say the least. So any fiddling with the setup is really
> walking on ice stuff.
>
> They are wanting to add new users as the delivery phase ramps
> up, but the
> new users are not able to VPN in from external to read e-mail / access
> files on the server etc. When the user attempts a connect, on
> the first
> attempt they receive a 'The remote computer did not respond'
> error, on the
> second and subsequent attempts they get 'The user does not
> have dial in
> access' which they do.
>
> From what I can gather, it seems the ex sys admin installed
> Windows server
> Sp1, between christmas and new year, and thats when
> everything started to
> turn sour.
>
> The setup:
>
> There are 5 servers in the network
>
> All server are running Active directory and all are set as
> global catalog
> servers.
>
> Server 1. Configured as a firewall
>
> Windows server 2003 Standard + SP1
> ISA server 2004 Standard + SP1 + RPC hot fix
> Dual nic'ed, published exchange for incoming / outgoing e-mail
> VPN server for inbound connections
>
> When you start the ISA management console, it gives a series of errors
> 'unable to send the command to the program' and then MMC
> fails. This is
> going to be a bugger, as I am quite confidant that the set up
> of the rules
> on the ISA server are a mess, but I can't even see what they
> are, as the
> MMC is crashing when I try to acess it.
> As far as I can see so far on the servers there is not even a
> backup of
> the ISA config in a file.
>
> Server 2 Configured as a file / print server.
> Windows server 2003 Standard + SP1
>
> Server 3 Exchange server
> Window server 2003 Standard + SP1
> Exchange server 2003 + sp2
>
> Server 4 and 5 File servers doing on line copies from the
> other print file
> server at midnight.
> Windows server 2003 + Sp1
>
>
>
> The Active directory users and computers MMC on the exchange server is
> used to manage existing users / create new users as it is the only one
> with the exchange extensions.
>
> Inbound / outbound e-mail is flowing fine with no obvious issues.
>
> File access to the file server works fine, for existing users both
> throught VPN and locally, new users can only access via VPN.
>
> Inbound VPN works fine for users who were defined in the
> system prior to
> SP1 being installed. Any user created since, works OK internally for
> computer on the internal LAN with exchange etc, but are not able to
> connect from externally using VPN.
>
> Outlook web access is not working externally, but is working
> internally.
> As I can get at the config on the ISA server, I don't know if the
> publishing rules are in place.
>
> Any suggestions on firstly how to get at the firewall rule
> set, that not
> likely to bring the house down around me ?
>
> Any suggestions on how to get new users working on VPN, again with out
> breaking anything.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
