RE: ISA server cannot connect to Internet

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 17 Sep 2003 15:44:43 -0700

1. The discussion is regarding TS App mode; not Admin mode.  The users have
local login rights and are apparently administrators as well, since they can
successfully install the FW client.  This is the core of future pain and
heartache.
2. ISA as a domain member or controller is not really important; TS
operating as "high encryption" is as cryptographically secure as a VPN.  The
critical difference between them is a TS protocol vuln that was discovered
and patched a year ago.
3. Terminal services on all Windows machines listen to all interfaces by
default.  Installing ISA doesn't not change anything.

Overall, I agree; TS Admin mode is great for remote ISA manglement, but TS
App mode for the lusers on the ISA / DC is a nightmare that you'll never
wake up from.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Glenn Maks" <gmaks@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, September 17, 2003 05:46
Subject: [isalist] RE: ISA server cannot connect to Internet


http://www.ISAserver.org


I would not be so quick to bash Terminal Services in Administration mode on
a Microsoft ISA server, as a matter of fact Microsoft suggests this as a
means for remote administration of the ISA server if your ISA server is
installed as a stand a lone server outside of a Active Directory Domain.  To
put your worries to rest, Terminal Services
installed on a ISA Server will answer only from a Internal Interface, NOT
the public interface, in addition, there are ways to allow and deny by
specific IP addresses, which will further secure attempted access if people
discover that Terminal Services are running.  Speaking for myself I know I
would NOT want to drive into work at 1:00 AM if I got a service call and had
to look at the ISA server to resolve the problem ... think about it.

-----Original Message-----
From: Troy Armour [mailto:troy@xxxxxxxxxx]
Sent: Tuesday, September 16, 2003 4:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA server cannot connect to Internet


http://www.ISAserver.org


I didn't ask for a debate on the what should or shoudl not be done?

But its the small business server server-so you're telling me then when i
install the server i cant install exchange because i'm installing the ISA
option-hmmmm? funny one that really when it all comes bundled together as it
does?  anyways i didn't really ask to be ridiculed. SBS is designed for this
sort of setup-this company doesn't have the budget to put 2 servers in-then
they couldn't run SBS anyway. they have 10 users-and some of them have to
have install rights as thats just the way it goes in 2 office companys.

can someone just answer the question if they have any ideas-i haven't seen
this problem before.

thanks

troy

----- Original Message ----- 
From: Steve Moffat <mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx>
Sent: Monday, September 15, 2003 10:32 PM
Subject: [isalist] RE: ISA server cannot connect to Internet

http://www.ISAserver.org <http://www.ISAserver.org>


You are kidding, Terminal Server on a firewall????....lol...heard everything
now. Not even locked down so clients can install their own
software....rotflol

Uninstall ISA, get separate hardware and reinstall it. NOTHING should be
installed on a firewall.

Steve


  _____

From: Troy Armour [mailto:troy@xxxxxxxxxx]
Sent: Monday, September 15, 2003 3:26 PM
To: Isa Weblist


http://www.ISAserver.org


hi everyone

just popped over from exchange list with a wee ISA query. i have a company
that use ISA server sitting on windows 2000 terminal services. only the
administrator can go online from a a terminal. everything was working fine
up until a week ago then all stopped-i did notice that one of the users had
installed the firewall client on his terminal session-i remember reading
somewhere that this is never to be done. what i get now is when a user tries
to access a web page he/she gets finding www.website.com
<http://www.website.com>  then the IP address and then nothing-and the error
returned is not an ISA server error. i'm not new to this but his has me
stumped. i've all the usual settings correct-but i'm obviously missing
something-i uninstalled the firewall client incase it was that but still no
joy-id appreciate anyone shedding some light.....

a frustrated irish paddy


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
troy@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



  _____

This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.





Unauthorised use, disclosure, or copying is strictly prohibited and may be
unlawful. Optimum IT Solutions disclaims any liability for any action taken
in connection of this E-Mail. The comments or statements expressed in this
E-Mail are not necessarily those of Optimum IT Solutions or its subsidiaries
or affiliates.

 <mailto:administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx>
administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx

  _____






------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

Other related posts:

• » ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet
• » RE: ISA server cannot connect to Internet

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---