RE: ISA server cannot connect to Internet
- From: Jim Harrison <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 16 Sep 2003 06:25:54 -0700
Ok kids; if you can't play nice, then I'm going to have to stop this car and
smack some bottoms.
The next thing that pops out (after the TS on the DC) is the statement
"installed the FW client".
This is not supported on the ISA server itself.
You'll have to remove it before any other troubleshooting can be done.
Sorry if this sounds like preaching, but there's nothing about SBS that
requires you to keep the TS App server on the main server; this was a decision
made by whomever installed it.
The fact that your lusers can log on locally to your DC (required for TS
access) indicates a future fraught with similar pain and heartache for you as
the administrator. Again; nothing about SBS requires this deployment.
TS App servers don't require behemoth servers; behecaterpillars are more than
adequate.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Tue, 16 Sep 2003 13:53:00 +0100
"Troy Armour" <troy@xxxxxxxxxx> wrote:
http://www.ISAserver.org
just for the record-the isa server is used in conjuntion with the router to
control access as the router doesn't offer that-they control times etc users
can go online-and can report back on what sites the users were looking
at-maybe other tools can do this but it comes with SBS2000. please just get
off my case and help find a solution.
regards
troy
----- Original Message -----
From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 16, 2003 1:04 PM
Subject: [isalist] RE: ISA server cannot connect to Internet
http://www.ISAserver.org
Hi Troy
You said it was a terminal server, you said nothing about exchange, it's
the fact that a firewall is running on a Terminal Services box, which is
very stupid. If as you say remote users are using the isa box to surf
the net, they get a virus or a worm from some page that they visit,
voila that's the firewall compromised and their who;e network has been
compromised. It doesn't matter if it's a dial up or not. Your saying in
effect that this company doesn't have a firewall at all. That is very
stupid.
Also the firewall client should never be installed on the isa server.
Permissions should be set on the folder in order that no-one can get
access to it.
Is isa a multiple kernel application, I wouldn't have thought so.
-----Original Message-----
From: Troy Armour [mailto:troy@xxxxxxxxxx]
Sent: Tuesday, September 16, 2003 7:58 AM
To: Isa Weblist
http://www.ISAserver.org
thanks greg for the input but the ISA in question is just used as a
proxy server on a dial-up connection and thats its primary function not
as a firewall. steve jumped to conclusions. it seems that the clients
aren't seeing the proxy server at all. if i log in as the Administrator
on any terminal i can go online with no problem-but when i log in as a
user the browser does the following: in the status bar i see it looking
for www.msn.com then in returns the IP address of the site-it then sits
at this-after a long time out period i get a DNS error on the page. i
know its not a DNS error-the DNS is passing simple and recursive testing
and the Administrator user has no DNS problems. all DNS settings are
correct-i'm confident of that. my feeling is that when the user
installed the firewall client it must've made entries in the registry
that didn't get removed on the uninstall. have you any ideas on what
these could be? its bugging me at this stage.....
thanks
troy
----- Original Message -----
From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 16, 2003 10:41 AM
Subject: [isalist] RE: ISA server cannot connect to Internet
> http://www.ISAserver.org
>
>
>
> This is a multi-part message in MIME format.
>
------------------------------------------------------------------------
----
----
I think the point was more that it shouldn't be done on the firewall. In
most cases you should be able to scrounge enough money together for a
Pentium and install some sort of firewall, even if it is Linux. Then put
all
the goodies (SBS, ISA, EX) etc behind it not on it.
More to the point i spose, where is the web traffic breaking down? How
far
do you get, is it a DNS error or is it ip related. Did you restart the
server at all, what does the error message say as well as the firewall
logs.
Greg
________________________________
From: Troy Armour [mailto:troy@xxxxxxxxxx]
Sent: Tue 9/16/2003 6:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA server cannot connect to Internet
http://www.ISAserver.org
I didn't ask for a debate on the what should or shoudl not be done?
But its the small business server server-so you're telling me then when
i
install the server i cant install exchange because i'm installing the
ISA
option-hmmmm? funny one that really when it all comes bundled together
as it
does? anyways i didn't really ask to be ridiculed. SBS is designed for
this
sort of setup-this company doesn't have the budget to put 2 servers
in-then
they couldn't run SBS anyway. they have 10 users-and some of them have
to
have install rights as thats just the way it goes in 2 office companys.
can someone just answer the question if they have any ideas-i haven't
seen
this problem before.
thanks
troy
----- Original Message -----
From: Steve Moffat <mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>
Sent: Monday, September 15, 2003 10:32 PM
Subject: [isalist] RE: ISA server cannot connect to Internet
http://www.ISAserver.org
You are kidding, Terminal Server on a firewall????....lol...heard
everything
now. Not even locked down so clients can install their own
software....rotflol
Uninstall ISA, get separate hardware and reinstall it. NOTHING should be
installed on a firewall.
Steve
________________________________
From: Troy Armour [mailto:troy@xxxxxxxxxx]
Sent: Monday, September 15, 2003 3:26 PM
To: Isa Weblist
http://www.ISAserver.org
hi everyone
just popped over from exchange list with a wee ISA query. i have a
company
that use ISA server sitting on windows 2000 terminal services. only the
administrator can go online from a a terminal. everything was working
fine
up until a week ago then all stopped-i did notice that one of the users
had
installed the firewall client on his terminal session-i remember reading
somewhere that this is never to be done. what i get now is when a user
tries
to access a web page he/she gets finding www.website.com then the IP
address
and then nothing-and the error returned is not an ISA server error. i'm
not
new to this but his has me stumped. i've all the usual settings
correct-but
i'm obviously missing something-i uninstalled the firewall client incase
it
was that but still no joy-id appreciate anyone shedding some light.....
a frustrated irish paddy
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
---------------------------------------
---------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
troy@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
________________________________
This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.
Unauthorised use, disclosure, or copying is strictly prohibited and may
be
unlawful. Optimum IT Solutions disclaims any liability for any action
taken
in connection of this E-Mail. The comments or statements expressed in
this
E-Mail are not necessarily those of Optimum IT Solutions or its
subsidiaries
or affiliates.
administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx
<mailto:administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx>
________________________________
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------------------------
----
----
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
troy@xxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
troy@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
Other related posts:
