Check option #2 John .as in "umesh"the website.Not "Umesh"the man.
,
I have ISA 2000 server with sp2 and hotfix installed.It gets hanged frequently atleast for every 4 hrs.In the event log it shows ISA cache initialization failed.What it means?Can anynone help me out to solve this issues?Is there any patches available?
thekevin
http://www.ISAserver.org
Fact - humans can't hear while their mouth is running. Several folks have (unsuccessfully) tried to point out that your assertion is based on no: 1. fact presented by Umesh 2. fact presented by that website 3. combination of either or neither of them
Must Learn To Ask For Relevant Information
-----Original Message----- From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx] Sent: Thursday, June 30, 2005 8:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
Like I said,I suspect his{the victim}ISA server to be misconfigured in the 1st place;Server product possibly infected before install? His attempt at discovery with Stinger was doomed to fail. A corrupt registry ,being the
fruit of the firewall killer,could in turn be partially responsible for the ISA mis/dysfunctionality. No amount of "reconfiguration" will cure his ills,that being the case. I'm still curious about the Task Manager question.
thekevin
----- Original Message ----- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 30, 2005 9:57 PM
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I suggest you take a closer look at the link you provided. Yes, it lists a lot of "Firewall Killer" Trojans. But, take a closer look at what the website describes this as:
Quote: Firewall Killer : Any hacker tool intended to disable a user's personal firewall. Some will also disable resident anti-virus software.
Note the use of the phrase "user's personal firewall", which, by any description, the ISA server is NOT. These are programs designed to attack the home user, or employee workstation, they are NOT designed to attack ISA servers. While they might have an effect, it won't be same as on a workstation.
Note: A "properly configured" and "properly administrated" ISA server is not susceptible to these trojans. The exception to this is some idiot using the server as a workstation.
-----Original Message----- From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx] Sent: Thursday, June 30, 2005 8:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I just got through learning this scenario the hard way,for about 2 weeks.A total of 14- 17 fresh installs on 2 seperate machines which in some cases netted a trojan in the 1st 30 seconds of connectivity behind 2 isolated NAT routers. The word is "prolific". I would have thought you "Black Hat" people would have beat me to the punch on this one,or any other reported ISA failure. To my knowledge,ISA has never been defeated at the External interface,leaving me to further believe that his{the victim} ISA server was/is misconfigured to begin with. 1.What causes ISA server to "crash" intermittently or regularly,every "4
hours"? 2.At the same time,generating a "Web Proxy Failure" entry in Event Viewer? Same scenario>Same Software>different location,3 weeks later. The word is "parallel".
Take a look at what's waiting for us all. http://www3.ca.com/securityadvisor/pest/browse.aspx?cat=Firewall%20Kille r
Then take a look at the recommended course of action upon the discovery of infection. 3.Will ISA function with a corrupt registry? 4.What is the fastest way to acquire a clean registry? 5.Is this a DC that has possibly been compromised? 6.Is time = {lots of} money here?
Both the current victim and I,I'm sure, are open to constructive suggestions and analysis.
Thanks, thekevin
----- Original Message ----- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 30, 2005 6:49 AM
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I believe that his point was that by simply hearing that the server is hanging, you've already diagnosed it as a polymorphic trojan infection.
That is a bit (okay, more than a bit) premature.
If indeed it IS infected, your recommended course of action isn't as far-fetched, but it is simply way too soon to jump to that conclusion.
-----Original Message----- From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx] Sent: Thursday, June 30, 2005 7:38 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
Ever tried to get rid of a polymorphic Firewall killer otherwise?...Before your ISP kills your connection due to the port scanning/virus distribution coming from the machine in question? A boot disk might be more accessible than a copy of DELPART for most.
thekevin
----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, June 30, 2005 2:18 AM
Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
Wow. With the little bit of information provided by the poster, you clearly diagnosed his server problem and provided a clear solution, FDISK. Personally, I prefer DELPART.
Gees, I have not heard reformat used so easily in a while.
John T eServices For You
-----Original Message----- From: thekevin@xxxxxxxxxxxx [mailto:thekevin@xxxxxxxxxxxx] Sent: Wednesday, June 29, 2005 6:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: ISA Server crashes
http://www.ISAserver.org
I had a similar problem recently.I would guess your base servermachine istime.infected with something along the lines of MultiBot Pro,which is a successful Firewall/Antivirus killer. A reinstall of the O/S is required,that being the case as almost all of these trojans are polymorphic.If you don't Fdisk your Boot drive FIRST,your wasting yourRemember to do your reinstall DISCONNECTED from the internet.W2000family ishighly vulnerable to the net nowadays without ALL the patchs.Don'tforgetMicrosoft's new AntiSpyware Beta 1 which is currently KING and willcatchcacheand remove what has been eating all other Anti V and firewalls for breakfast. It's also FREE!!!
Happy hunting, thekevin
----- Original Message ----- From: "Umesh" <umeshblr@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, June 29, 2005 1:25 AM Subject: [isalist] ISA Server crashes
> http://www.ISAserver.org > > Hi, > I have ISA 2000 server with sp2 and hotfix installed.It gets hanged > frequently atleast for every 4 hrs.In the event log it shows ISA> initialization failed.What it means?Can anynone help me out to solvethis> issues?Is there any patches available? >
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thekevin@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thekevin@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx