This message is quite clear; the ISA is receiving an ICMP "destination unreachable" from the upstream router. What this usually means is that the ISA server's routing table is buggered. I also suspect that you haven't updated the ISA configuration to support your new deployment. Is this a multi- or single-net deployment? -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Ray Dzek [mailto:Ray.Dzek@xxxxxxxxxxxxxxx] Sent: Tuesday, December 27, 2005 10:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Changed i-net facing IP and now OWA is broken. http://www.ISAserver.org More info... We changed the outside IP from a public IP to a private IP (192.168.3.5) because we were going to place the ISA behind ASA5510. This didn't work and was ultimately deemed unnecessary and so the decision was made to change the IP back to a public IP in the new IP range. So in the logs I am still seeing the 192.168.3.5 address. From the browser: Error Code: 500 Internal Server Error. Internet Control Message Protocol (ICMP) network is unreachable. For more information about this event, see ISA Server Help. (10051) From the logs: ISA 2005-12-27 05:32:46 TCP 216.139.18.35:2435 216.139.27.21:443 216.139.18.35 External Local Host Establish 0x0 - HTTPS 0 0 0 0 - - - - - - 507 43280 ISA 2005-12-27 05:32:46 TCP 216.139.18.35:2434 216.139.27.21:443 216.139.18.35 External Local Host Terminate 0x80074e21 - HTTPS 1031 1031 3647 3647 2000 2000 - - - - 507 43279 ISA 2005-12-27 05:32:46 TCP 216.139.18.35:2434 216.139.27.21:443 216.139.18.35 External Local Host Denied 0xc0040017 - HTTPS 0 0 0 0 - - - - - - 0 0 ISA 2005-12-27 05:32:46 TCP 216.139.18.35:2434 216.139.27.21:443 216.139.18.35 External Local Host Denied 0xc0040017 - HTTPS 0 0 0 0 - - - - - - 0 0 ISA 2005-12-27 05:32:46 TCP 216.139.18.35:2435 216.139.27.21:443 216.139.18.35 External Local Host Terminate 0x80074e21 - HTTPS 996 996 3647 3647 - - - - - - 507 43280 ISA 2005-12-27 05:32:46 TCP 216.139.18.35:2437 216.139.27.21:443 216.139.18.35 External Local Host Establish 0x0 - HTTPS 0 0 0 0 - - - - - - 507 43281 216.139.18.35 anonymous MSRPC N 2005-12-27 05:32:44 W3ReverseProxy ISA - owa.specialized.com 216.139.27.21 443 1 309 2320 https RPC_IN_DATA http://owa.specialized.com:443/rpc/rpcproxy.dll?exchange.specialized.com :6002 Inet 10051 OWA RPC HTTPS - External - 0xa40 Failed 216.139.18.35 anonymous MSRPC N 2005-12-27 05:32:44 W3ReverseProxy ISA - owa.specialized.com 216.139.27.21 443 1 454 2320 https RPC_OUT_DATA http://owa.specialized.com:443/rpc/rpcproxy.dll?exchange.specialized.com :6002 Inet 10051 OWA RPC HTTPS - External - 0xa40 Failed 216.139.18.35 anonymous MSRPC N 2005-12-27 05:32:44 W3ReverseProxy ISA - owa.specialized.com 216.139.27.21 443 1 309 2320 https RPC_IN_DATA http://owa.specialized.com:443/rpc/rpcproxy.dll?exchange.specialized.com :6001 Inet 10051 OWA RPC HTTPS - External - 0xa40 Failed 216.139.18.35 anonymous MSRPC N 2005-12-27 05:32:44 W3ReverseProxy ISA - owa.specialized.com 216.139.27.21 443 1 454 2320 https RPC_OUT_DATA http://owa.specialized.com:443/rpc/rpcproxy.dll?exchange.specialized.com :6001 Inet 10051 OWA RPC HTTPS - External - 0xa40 Failed -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, December 27, 2005 8:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Changed i-net facing IP and now OWA is broken. http://www.ISAserver.org Ok - we're getting there. "failed" is important, but ultimately useless without the actual error code. Can you provide the whole log snip? -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Ray Dzek [mailto:Ray.Dzek@xxxxxxxxxxxxxxx] Sent: Monday, December 26, 2005 11:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Changed i-net facing IP and now OWA is broken. http://www.ISAserver.org Roger that... The BGP implemetation was simply the reason for having to change the outside IP address. I realize BGP has nothing in of itself to cause OWA and RPC over HTTPS to stop working. As stated, in/out web traffic, other published servers are working fine. The problem seems specific to OWA and RPC over HTTPS. ERROR: Failed Connection Attempt Rule: OWA RPC HTTPS Which makes sense. The request is dying in the rule. But I don't know why. Should I yank it out and re-publish the rules? -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, December 26, 2005 10:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Changed i-net facing IP and now OWA is broken. http://www.ISAserver.org Hm.. ISA doesn't "do" BGP, OSPF, RIP or F2F. Maybe you could add some details like: *exact* user experience ISA log excerpts for this traffic -------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -------------------------------------------- -----Original Message----- From: Ray Dzek [mailto:Ray.Dzek@xxxxxxxxxxxxxxx] Sent: Monday, December 26, 2005 8:02 PM To: [ISAserver.org Discussion List] Subject: [isalist] Changed i-net facing IP and now OWA is broken. http://www.ISAserver.org We implemented BGP today (yippee for us) and I was able to get almost everything up and running. But both OWA publishing rules are not working. RPC over HTTPS, and OWA both will not work. I changed the owa web and certificate listenters to the new IP address but its still being cranky. Any ideas? Thanks! Ray Dzek Net Ops / Helpdesk Supervisor Specialized Bicycle Components ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ray.dzek@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ray.dzek@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.