[isalist] Re: ISA server problem - connection refused.
- From: "David Farinic" <davidfa@xxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 19 Apr 2006 14:46:56 +0200
>Can you suggest any resolutions to the problem?
Just run ethereal between your firewall and ISA and catch RST
connections coming from web server port to ISA interface.
If you will find them, problem lays in your "firewall" handling
"difference" between getting all http connections from ISA compared to
ISA-less network.
That's the first step you have to do before claiming that ISA is doing
something wrong.
David Farinic - Developer
GFI Software - www.gfi.com <http://www.gfi.com/>
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Stuart Tonge
Sent: Wednesday, April 19, 2006 2:35 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA server problem - connection refused.
Hi Amy.
Not connection limits - I've disabled any limits.
DNS works just fine for everything else, and lookups work in general.
Both simple and recursive.
It's not intended to protect - I have existing hardware firewalls
deployed which do the job just fine.
All I want it to do is proxy.
If I have time to reconfigure & learn ISA more fully after the project
then I'll reconfigure it.
Right now I just want it to not cause me problems.
Can you suggest any resolutions to the problem?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: 19 April 2006 13:21
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA server problem - connection refused.
Might be connection limits or a problem with your DNS or workstation
setup in general. Just from the brief description you gave of your ISA
configuration it sounds like it might not be set up properly at all.
Firewalls don't interfere, they protect.
Amy
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Stuart Tonge
Sent: Wednesday, April 19, 2006 7:25 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] ISA server problem - connection refused.
Hi all.
I have an ISA server 2004 box deployed as a web proxy.
I have set an allow any-any rule to stop the firewall interfering.
I have my users proxying through this box to the web.
It works 95% of the time. The rest of the time, i get a 10061 connection
refused error.
If i refresh the page, it generally refreshes the first time.
This happens on many sites & has been seen nmultiple times on
microsoft.com, bbc.co.uk, isaserver.org.
Sometimes images do not load on a page, but this is fairly rare, and
some of the images may load.
Some will load, some will not.
I have tried to isolate 'problem sites' but this has not worked - the
error seems totally random.
The only common occurance I have noted is that after one error, some
clients - not all - seem to have trouble
connecting to any site for the next 30-60 seconds, instead receiving the
error over and over.
I have only seen this on 2 of 40 clients.
I have tried disabling all web filter add-ins, caching, ip routing, ip
filtering, etc.
Basically i've tried every button i can find in ISA 2004! nothing makes
the problem better.
It's also hard to test since it's intermittent.
The ISA server is directly connected to a firewall which filters
traffic, but this device works fine 100% of the time when
web traffic passed via it instead of ISA.
ISA is reporting no errors in the console. There are no errors in the
syslogs.
Does anyone have any ideas short of uninstalling ISA & getting a refund?
Thanks,
Stuart Tonge
Pink Fish I.T. LTD
Network Architect
stuart.tonge@xxxxxxxxxxxx
http://www.pink-fish.tv
01302 365408
This mail was checked for viruses by GFI MailSecurity.
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI
FAXmaker), and network security and management software (GFI LANguard) -
www.gfi.com
Other related posts:
