RE: Interesting feedback from Microsoft
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 29 Mar 2003 10:27:47 -0600
Hi William,
That is interesting, because I've never had to include anything in the
"exclude" list and haven't had the problem. I did see that problem the
other day on a Windows 2003 machine with ISA Server installed after I
did a big of system hardening experimentation.
Nice tip! Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: William Robertson [mailto:william.robertson@xxxxxxxxx]
Sent: Friday, March 28, 2003 1:00 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Interesting feedback from Microsoft
http://www.ISAserver.org
Hi there
I am busy working through a problem with Microsoft regarding a
RRAS/VPN issue where my Firewall Service fails when a VPN Client
connects. The problem is unfortunately not resolved but one of the
issues we identified was that I would receive the following error
message for each of my Server Publishing Rules when the Firewall was in
it's "funny state"
Here is the alert:
Microsoft Firewall failed. The failure occurred during
Initialization of reverse Network Address Translation (NAT). because
the configuration property of the key
SOFTWARE\Microsoft\Fpc\Arrays\{6DC...}\Publishing\PNATServerMappings\{FF
BA...}\ClientSetsExcluded could not be accessed. Use the source location
2.546.3.0.1200.166 to report the failure. The error code in the Data
area of the event properties indicates the cause of the failure. For
more information about this event, see ISA Server Help. The error
description is: The system cannot find the file specified.
The specific registry key within Parentheses differs for each
alert.
Anyway, official feedback from Microsoft is that this is a bit
of a bug and will be fixed in the next SP to be released. The problem is
due to the fact that all my Server Publishing Rules do not make use of
the "Exclude..." option in the "Applies To" tab, thus this registry key
has not been generated and the Firewall Service is then unable to find
whatever it is looking for.
The workaround for this at the moment is to create a dummy
client address set, and assign it to the "Exclude" list within each
Server Publishing rule.
Just thought some of you may find this interesting, if not
helpful.
Cheers
William R.
_____
William Robertson
AST Mpumalanga
Systems House / Consultant: Software
Tel: 013-2472703 / 083 638 0354
Fax: 013-2462236
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
