Ok kids; if you can't play nice, then I'm going to have to stop this car and smack some bottoms. The next thing that pops out (after the TS on the DC) is the statement "installed the FW client". This is not supported on the ISA server itself. You'll have to remove it before any other troubleshooting can be done. Sorry if this sounds like preaching, but there's nothing about SBS that requires you to keep the TS App server on the main server; this was a decision made by whomever installed it. The fact that your lusers can log on locally to your DC (required for TS access) indicates a future fraught with similar pain and heartache for you as the administrator. Again; nothing about SBS requires this deployment. TS App servers don't require behemoth servers; behecaterpillars are more than adequate. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Tue, 16 Sep 2003 13:53:00 +0100 "Troy Armour" <troy@xxxxxxxxxx> wrote: http://www.ISAserver.org just for the record-the isa server is used in conjuntion with the router to control access as the router doesn't offer that-they control times etc users can go online-and can report back on what sites the users were looking at-maybe other tools can do this but it comes with SBS2000. please just get off my case and help find a solution. regards troy ----- Original Message ----- From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, September 16, 2003 1:04 PM Subject: [isalist] RE: ISA server cannot connect to Internet http://www.ISAserver.org Hi Troy You said it was a terminal server, you said nothing about exchange, it's the fact that a firewall is running on a Terminal Services box, which is very stupid. If as you say remote users are using the isa box to surf the net, they get a virus or a worm from some page that they visit, voila that's the firewall compromised and their who;e network has been compromised. It doesn't matter if it's a dial up or not. Your saying in effect that this company doesn't have a firewall at all. That is very stupid. Also the firewall client should never be installed on the isa server. Permissions should be set on the folder in order that no-one can get access to it. Is isa a multiple kernel application, I wouldn't have thought so. -----Original Message----- From: Troy Armour [mailto:troy@xxxxxxxxxx] Sent: Tuesday, September 16, 2003 7:58 AM To: Isa Weblist http://www.ISAserver.org thanks greg for the input but the ISA in question is just used as a proxy server on a dial-up connection and thats its primary function not as a firewall. steve jumped to conclusions. it seems that the clients aren't seeing the proxy server at all. if i log in as the Administrator on any terminal i can go online with no problem-but when i log in as a user the browser does the following: in the status bar i see it looking for www.msn.com then in returns the IP address of the site-it then sits at this-after a long time out period i get a DNS error on the page. i know its not a DNS error-the DNS is passing simple and recursive testing and the Administrator user has no DNS problems. all DNS settings are correct-i'm confident of that. my feeling is that when the user installed the firewall client it must've made entries in the registry that didn't get removed on the uninstall. have you any ideas on what these could be? its bugging me at this stage..... thanks troy ----- Original Message ----- From: "Greg Mulholland" <gmulholland@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, September 16, 2003 10:41 AM Subject: [isalist] RE: ISA server cannot connect to Internet > http://www.ISAserver.org > > > > This is a multi-part message in MIME format. > ------------------------------------------------------------------------ ---- ---- I think the point was more that it shouldn't be done on the firewall. In most cases you should be able to scrounge enough money together for a Pentium and install some sort of firewall, even if it is Linux. Then put all the goodies (SBS, ISA, EX) etc behind it not on it. More to the point i spose, where is the web traffic breaking down? How far do you get, is it a DNS error or is it ip related. Did you restart the server at all, what does the error message say as well as the firewall logs. Greg ________________________________ From: Troy Armour [mailto:troy@xxxxxxxxxx] Sent: Tue 9/16/2003 6:46 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA server cannot connect to Internet http://www.ISAserver.org I didn't ask for a debate on the what should or shoudl not be done? But its the small business server server-so you're telling me then when i install the server i cant install exchange because i'm installing the ISA option-hmmmm? funny one that really when it all comes bundled together as it does? anyways i didn't really ask to be ridiculed. SBS is designed for this sort of setup-this company doesn't have the budget to put 2 servers in-then they couldn't run SBS anyway. they have 10 users-and some of them have to have install rights as thats just the way it goes in 2 office companys. can someone just answer the question if they have any ideas-i haven't seen this problem before. thanks troy ----- Original Message ----- From: Steve Moffat <mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Monday, September 15, 2003 10:32 PM Subject: [isalist] RE: ISA server cannot connect to Internet http://www.ISAserver.org You are kidding, Terminal Server on a firewall????....lol...heard everything now. Not even locked down so clients can install their own software....rotflol Uninstall ISA, get separate hardware and reinstall it. NOTHING should be installed on a firewall. Steve ________________________________ From: Troy Armour [mailto:troy@xxxxxxxxxx] Sent: Monday, September 15, 2003 3:26 PM To: Isa Weblist http://www.ISAserver.org hi everyone just popped over from exchange list with a wee ISA query. i have a company that use ISA server sitting on windows 2000 terminal services. only the administrator can go online from a a terminal. everything was working fine up until a week ago then all stopped-i did notice that one of the users had installed the firewall client on his terminal session-i remember reading somewhere that this is never to be done. what i get now is when a user tries to access a web page he/she gets finding www.website.com then the IP address and then nothing-and the error returned is not an ISA server error. i'm not new to this but his has me stumped. i've all the usual settings correct-but i'm obviously missing something-i uninstalled the firewall client incase it was that but still no joy-id appreciate anyone shedding some light..... a frustrated irish paddy ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') --------------------------------------- --------------- List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: troy@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ________________________________ This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient named above. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum IT Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum IT Solutions or its subsidiaries or affiliates. administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx <mailto:administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx> ________________________________ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gmulholland@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------------------------ ---- ---- > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: troy@xxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: troy@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^* All mail from this domain is virus-scanned with RAV. www.ravantivirus.com ^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*