RE: Isa 2004 E2K3 on the same box (I can hear the gasps)
- From: "Clayton Doige" <clayton.doige@xxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 30 Apr 2005 03:05:51 +0100
OK, so I was forced into saying Uncle in the end. I am giggling about that
to be honest. I can be too stubborn for my own good sometimes. I picked up
an older box for peanuts, and ramped up the RAM and all seems to be good. If
anyone has any whipped cream, I am sure it will go nicely with this slice of
humble pie I just served myself.
At any rate, I have had a couple of goofy things arise since moving to a
more standard config (ISA has a USB ADSL link and a private Ethernet link,
DC runs IIS, Exchange and SQL, and then fragged the member server and made
it XP, so have two XP boxes)
I had the ISA client on the XP box that was almost working, so rather than
uninstall it after I changed ISA Servers, I just pointed it to the new
server. When I tried to connect to my internal website, the logs came up
with port 8080 for http on the ISA Server, as opposed to port 80 for HTTP on
the IIS box.
I tried changing the internal listener to port 8080, and just generally
tried a few dns'y type things, and in the end just disabled the ISA Client
and manually put the ports in the lan props in IE, and hey presto! But is
this normal?
As an aside, Zahir Al-Saab posted something about putting ISA on the DC and
not being able to join clients. Yup, that be correct for me here too. Is one
of the reasons I just gave up, and got another box. I bet your app logs on
the various machines are full of Event ID 1053, and I bet further that if
you do a search on that event ID you won't find the exact error message. I
tried publishing RPC servers all sorts of crazy stuff, and it just would not
play ball.
I realise I am a total newbie to ISA 2004, having spent the last few years
in the land of Watchguard, but I would be willing to bet that you will have
to bite the bullet on this one and get a puter to dedicate itself to ISA,
and let your DC do it's job separately.
Anyhow thanks for the replies, and have a great weekend.
Clayton
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: 28 April 2005 10:16
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the gasps)
http://www.ISAserver.org
Hey guys,
Its taken the ISA and SBS guys thousands of man-hours to figure this out
and come up with a reasonable security compromise for a co-lo
ISA/Exchange/DC box. I guarantee that anything done outside of this
massive effort is going to lead to a haX0-r crated box, but only after
they stolen bandwdith for pR0n file sharing and ripped your personal
data from the box.
HTH<
Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
Sent: Thursday, April 28, 2005 4:18 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the
gasps)
http://www.ISAserver.org
Clayton
In re reading your post and doing some further reading of my own i would
have a go at publishing the Exchange RPC on the external interface, not
the internal for a minute and see if that gets rid of any rpc errors.
Also this article might help you
http://support.microsoft.com/?kbid=839880
________________________________
From: Clayton Doige [mailto:clayton.doige@xxxxxxxxx]
Sent: Thursday, April 28, 2005 6:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the
gasps)
http://www.ISAserver.org
The Outlook install is on a different computer than the Exchange/ISA
Server. It is running on Windows 2003 Server. The Windows XP box I have
with Outlook 2003 can connect just fine. Both of these machines get the
1053 Error in the application log: Windows cannot determine the user or
computer name. (The remote procedure call failed. ). Group Policy
processing aborted.
________________________________
From: Greg Mulholland [mailto:greg@xxxxxxxxxxxxxx]
Sent: 28 April 2005 02:56
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Isa 2004 E2K3 on the same box (I can hear the
gasps)
http://www.ISAserver.org
Clayton
Are you trying to send mail from outlook on the exchange server? or is
this a separate server you have
Greg
________________________________
From: Clayton Doige [mailto:clayton@xxxxxxxxxxxx]
Sent: Thursday, April 28, 2005 11:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Isa 2004 E2K3 on the same box (I can hear the gasps)
http://www.ISAserver.org
This is my situation, and it aint going to change. So before you all
tell me what a bad boy I am being by doing this, that is wonderful, but
I want to make this scenario work full stop. )Sorry for the party
broadcast there, was a pre-emptive measure eh)
Right. 2003 Global Catalogue, SQL 2000, ISA 2004 and Exchange 2003 are
on the same Box, as I am doing a wee bit of learning here, and just
seeing how far I can push things. This is not SBS. The mail server is
published and email happily goes in and out of my server. IIS works a
treat, SQL is happy too.
On my WinXP box on the private range, Outlook 2003 is as happy as you
like, open it, connect, send receive whatever.
On my W2K3 Member Server on said private range however it comes up as
disconnected, and won't send receive.
I got the bright idea of publishing Exchange RPC to the internal LAN,
and that did nae help.
If I start a logging query, I note a bunch of entries basically like:
Local IP 135 RPC (All Interfaces) Initiated
Connection No Rule Shows in the rule column Client IP
Local IP 135 RPC (All Interfaces) Closed
Connection again no rule referenced
Client IP
This repeats a few times, but that is all that happens. A send/receive
in outlook just says the server is unavailable.
In Event Spewer on the same W2K3 member server (and on the XP box for
that matter) Group Policy will not apply as the RPC failed, and thus the
computer does not know its own name, (poor amnesiatic little thingy) The
Event ID is 1053, but that did not bring a lot up on a google search
that I could relate to the scenario I have set up here. I tried
publishing internally an RPC Server to the private IP and that made no
diff either.
OK< so I am doing this all totally wrong, and I should stick a
bridgehead in a DMZ, route mail to that, then have another SMTP
connector to a mail server on the private LAN that actually has the
mailboxes, or any other configuration other than the one I have. But
this is the one I have, and I would like to make it work J I have one
puter I can run all this stuff on and blow away at my leisure if it goes
boom, the other two, not so easy to do so, therefore mesa putting me's
eggs in da big basket.
Any feedback will be greatly appreciated, other than the obvious 'you
should not set it up that way' LOL
Cheers
Clayton
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
clayton.doige@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
greg@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
clayton.doige@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
