Re: My ISA server is sensitive...

• From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 28 Jan 2002 06:21:52 -0500

I did notice I was getting this still in the event logs when I
restarted:

Event Type:     Warning
Event Source:   Microsoft Firewall
Event Category: None
Event ID:       14163
Date:           1/26/2002
Time:           9:32:13 PM
User:           N/A
Computer:       TATLISA2
Description:
Server publishing rule [All TI Multi-Homed Webs] that maps 10.1.2.121:80
TCP to 216.0.216.135:80 for protocol [_http access] failed because the
port on the external interface is being used by another application.
The Firewall service failed to bind socket for the server on the
firewall since another process is using the same port. Check for any
other process using the same port and terminate if necessary.



I was under the impression the error above would not occur once I have
split the listeners. Should I not create a listener for the ip that is
being Web Published? Only the ones being server published?

I am going to redo this tonight and watch the logs closer to see what is
happening.


As always, thanks for the help.

Bryan Andrews - Trend Influence
404.523.8649 Office - 404.597.2316 Cell
[ http://www.trendinfluence.com ][ http://www.umix.net ]


 -----Original Message-----
From:   Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent:   Sunday, January 27, 2002 5:07 PM
To:     [ISAserver.org Discussion List]
Subject:        [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


ISA logs everything to three logs:
WEB....log = everything that the WEB proxy service sees
FW....log = everything that the Firewall service sees
IP....log = everything dropped (and optionally allowed) by the packet
filtering service
All three of these are stashed in \Program Files\Microsoft ISA
Server\ISALogs by default

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, January 27, 2002 13:22
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org


Which Web logs are you referring to?

Aol just says connecting and finally fails.


 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Sunday, January 27, 2002 1:03 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


You're saying that you change the incoming listener to "per IP" and
internal
AOL clients fail to connect?
Kewl!
What's in the WEB logs for that failing session?
What's the exact error the clients display (other than the AOL logo)?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, January 27, 2002 09:55
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org


I separated the incoming web listeners... for my external addresses.


 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, January 26, 2002 11:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


You separated which listeners; internal or external?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, January 26, 2002 18:55
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org


Wow, I finally got around to separating the listeners...

And all hell broke loose. I set up separate listeners for each ip with
integrated security, which was the default for all, and restarted for
good measure, and when it came back up, my aol client could not connect
(why would the listeners affect this????), so I checked from outside and
sure enough none of my sites were working...

So, I switched it back to 'use the same listener', which immediately
allowed me to get back out via aol, but still did not allow me to get in
from outside the network. Once I restarted the ISA box all was good.

This is SUPER frustrating and really indicative of all the issues I have
been having. I am really gunshy to even mess with the config because I
have sites that are being published thru this that must be available.

The listeners were set up as they should be (in my opinion). All I did
was click 'configure them individually', add each of them with
integrated authentication, restart the services, then ultimately the
server to no avail.

Any thoughts are appreciated.

This is a very clean Win2k server (nothing but win2k and ISA), brand new
on a dell powerapp server / appliance.

Thanks!



 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 09, 2002 9:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


Hi Bryan,
    Yes, separate usage of TCP-80 on the ISA external interface requires
that you define the incoming web request listener "per IP" and only use
those IPs that are not server publishing TCP-80.
  ..and no, it has no bearing on the outbound traffic.  The Outbound web
requests and Automatic discovery functionality is where that happens.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, January 08, 2002 14:42
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org


I hate to bring this up again but I am using this configuration (it
works) but I am not comfortable with it and am going to change it as it
should be.

So, since I am using both web publishing and server publishing (with an
incoming http protocol rule that I created), I should theoretically have
to set my listener  to 'configure listeners individually per ip
address'?

When doing this, I should only have to set up the ips that I am web
publishing and server publishing, correct? This has nothing to do with
any outbound access or any other protocols other than prort 80?

This seems fairly obvious, but I'd like to make certain before moving
forward.

Thanks.


 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, December 15, 2001 1:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


I too am having difficulty with that working as you describe; it breaks
all
the rules that ISA enforces so carefully.
Grab this: http://isaserver.org/images/isainfo.vb_ and send me the
results;
maybe something will pop out at me...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 14, 2001 20:17
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org


Any last thoughts on this (then I'll give up)?

Everything is working yet I have both server publishing and web
publishing and my listener is configured to 'use the same configuration
for all ip
addresses'.

Is this theoretically not supposed to work? Maybe this is what is giving
me issues when I monkey with it though...

It's just really hard to decide to fix something that isn't broken... at
the moment.


 -----Original Message-----
From: Bryan Andrews
Sent: Friday, December 14, 2001 7:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org




No I have not changed anything in this respect. I had just rolled back
to my last backup.

My listener is configured to 'use the same configuration for all ip
addresses'.

 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 10:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


Did you isolate that one IP from the incoming web requests listener?

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, December 13, 2001 18:54
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org



I am just wondering why everything is running ok now? I still have both
web publishing, server publishing, and my listener configured to 'use
the same configuration for
all ip addresses.

I believe that this could cause a problem but I am wondering why it does
not now...

I just hate to change anything until I understand the implications, and
the fact that it works now is a bit confusing to me...

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, December 13, 2001 8:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


This is the cause of your event logs and firewall and web service
failures.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, December 13, 2001 12:24
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org


So... I have my listener configured to 'use the same configuration for
all ip addresses' and I have both server and web publishing happening
right now.

Should this theoretically not work?

Bryan Andrews ~ Trend Influence
404.523.8649 Office ~ 404.597.2316 Cell

 -----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, December 12, 2001 10:07 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


That helps a lot..  really.

Event ID: 14163
The key phrase in the event log is: "The Firewall service failed to bind
socket for the server on the firewall since another process is using the
same port"
This event is generated because the server publishing rule [All TI
Multi-Homed Webs] is using the same port as the incoming web requests
listener (TCP-80).  By default, ISA listens to all external IPs on
TCP-80
for incoming web requests.  If you server-publish TCP-80 on one of those
IPs
without removing that IP from the Incoming Web Requests listener IP
list,
you'll create a resource conflict.

The other two events are probably caused by this one.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the book!

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, December 12, 2001 03:24
Subject: [isalist] Re: My ISA server is sensitive...


http://www.ISAserver.org



This is the event that I guess is the culprit. Most of the stuff I was
doing yesterday was creating some new client sets and destination sets.


Event Type: Warning
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14163
Date: 12/11/2001
Time: 7:39:24 PM
User: N/A
Computer: TATLISA2
Description:
Server publishing rule [All TI Multi-Homed Webs] that maps 10.1.2.121:80
TCP to 216.0.216.135:80 for protocol [_http access] failed because the
port on the external interface is being used by another application.
The Firewall service failed to bind socket for the server on the
firewall since another process is using the same port. Check for any
other process using the same port and terminate if necessary.


This is my server publishing rule that I publish all my webs on (not Web
Publishing).

I do however have a couple of web publishing rules as well for Exchange
and Others that I am not concerned about reporting for.




Event Type: Error
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 14079
Date: 12/11/2001
Time: 3:22:25 PM
User: N/A
Computer: TATLISA2
Description:
Due to an unexpected error, the service fwsrv stopped responding to all
requests. This occurred 1 time(s) in the past 13:53 hours. Try to stop
the service or kill the corresponding process if it does not respond,
and start it again. Check the Event Viewer for related error messages.

Not sure... is this the Web Proxy Service:

Event Type: Information
Event Source: DrWatson
Event Category: None
Event ID: 4097
Date: 12/11/2001
Time: 3:21:18 PM
User: N/A
Computer: TATLISA2
Description:
The application, wspsrv.exe, generated an application error The error
occurred on 12/11/2001 @ 15:21:17.302 The exception generated was
c0000005 at address 01024F7A (CKeepAlive::operator=)
Data:


Then I have hundreds of these before the others above (the day before my
recent major troubles though):

Event Type: Warning
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14152
Date: 12/10/2001
Time: 12:38:40 PM
User: N/A
Computer: TATLISA2
Description:
A User Datagram Protocol (UDP) packet was dropped because it was larger
than the maximum UDP packet allowed by the Firewall service.

I also have these periodically:

Event Type: Warning
Event Source: Microsoft ISA Firewall H.323 Filter
Event Category: None
Event ID: 14
Date: 12/12/2001
Time: 10:38:57 PM
User: N/A
Computer: TATLISA2
Description:
H.323 filter is not configured to register with an H.323 Gatekeeper,
attempting to find a gatekeeper using multicast discovery. Inbound H.323
calls will not succeed while the filter is not registered with a
gatekeeper. To configure the filter to use a particular gatekeeper, edit
the H.323 filter Call Control properties and enter the H.323 gatekeeper
to register with.





-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, December 11, 2001 10:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: My ISA server is sensitive...

http://www.ISAserver.org


No; you may be experiencing one or (heaven forbid) more known issues
with
ISA and publishing.
What event log entries do you see in the system and application event
logs?

Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/

----- Original Message -----
From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, December 11, 2001 18:51
Subject: [isalist] My ISA server is sensitive...


http://www.ISAserver.org


I don't know about anyone else here... but our ISAserver seems really
sensitive...

I mean, I feel like I know this thing pretty well... I have built it
twice now... We are using client sets and destination sets I believe the
way I am supposed to, and network is great - As long as I don't molest
it.

It seems like whenever I do anything much to it... it will get
tempermental and my webs will stop being published (I'll start to get
URL denied errors).

I am very careful to know what I have done and how to undo it. But it
seems more often than not I have to either restart it, or restore the
config. It has gotten to the point where I have to adhere by a very
strict SLA policy (of after midnight), which is not a bad rule, but
there are things that I should be able to do (and undo if I have to)
without disturbing normal network traffic.

Perhaps I am screwing something up, but when stopping and restarting the
services doesn't work, but restarting the box does, this gets very
frustrating and makes me think I am not screwing it up many of the
times...

Is this par for the course with ISA in anybody else's experience?

Thanks for any thoughts here...


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bandrews@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » My ISA server is sensitive...
• » RE: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » RE: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...
• » Re: My ISA server is sensitive...

1. Home
2. isalist
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---