I did notice I was getting this still in the event logs when I restarted: Event Type: Warning Event Source: Microsoft Firewall Event Category: None Event ID: 14163 Date: 1/26/2002 Time: 9:32:13 PM User: N/A Computer: TATLISA2 Description: Server publishing rule [All TI Multi-Homed Webs] that maps 10.1.2.121:80 TCP to 216.0.216.135:80 for protocol [_http access] failed because the port on the external interface is being used by another application. The Firewall service failed to bind socket for the server on the firewall since another process is using the same port. Check for any other process using the same port and terminate if necessary. I was under the impression the error above would not occur once I have split the listeners. Should I not create a listener for the ip that is being Web Published? Only the ones being server published? I am going to redo this tonight and watch the logs closer to see what is happening. As always, thanks for the help. Bryan Andrews - Trend Influence 404.523.8649 Office - 404.597.2316 Cell [ http://www.trendinfluence.com ][ http://www.umix.net ] -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, January 27, 2002 5:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org ISA logs everything to three logs: WEB....log = everything that the WEB proxy service sees FW....log = everything that the Firewall service sees IP....log = everything dropped (and optionally allowed) by the packet filtering service All three of these are stashed in \Program Files\Microsoft ISA Server\ISALogs by default Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, January 27, 2002 13:22 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org Which Web logs are you referring to? Aol just says connecting and finally fails. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Sunday, January 27, 2002 1:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org You're saying that you change the incoming listener to "per IP" and internal AOL clients fail to connect? Kewl! What's in the WEB logs for that failing session? What's the exact error the clients display (other than the AOL logo)? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Sunday, January 27, 2002 09:55 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org I separated the incoming web listeners... for my external addresses. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, January 26, 2002 11:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org You separated which listeners; internal or external? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Saturday, January 26, 2002 18:55 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org Wow, I finally got around to separating the listeners... And all hell broke loose. I set up separate listeners for each ip with integrated security, which was the default for all, and restarted for good measure, and when it came back up, my aol client could not connect (why would the listeners affect this????), so I checked from outside and sure enough none of my sites were working... So, I switched it back to 'use the same listener', which immediately allowed me to get back out via aol, but still did not allow me to get in from outside the network. Once I restarted the ISA box all was good. This is SUPER frustrating and really indicative of all the issues I have been having. I am really gunshy to even mess with the config because I have sites that are being published thru this that must be available. The listeners were set up as they should be (in my opinion). All I did was click 'configure them individually', add each of them with integrated authentication, restart the services, then ultimately the server to no avail. Any thoughts are appreciated. This is a very clean Win2k server (nothing but win2k and ISA), brand new on a dell powerapp server / appliance. Thanks! -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, January 09, 2002 9:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org Hi Bryan, Yes, separate usage of TCP-80 on the ISA external interface requires that you define the incoming web request listener "per IP" and only use those IPs that are not server publishing TCP-80. ..and no, it has no bearing on the outbound traffic. The Outbound web requests and Automatic discovery functionality is where that happens. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, January 08, 2002 14:42 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org I hate to bring this up again but I am using this configuration (it works) but I am not comfortable with it and am going to change it as it should be. So, since I am using both web publishing and server publishing (with an incoming http protocol rule that I created), I should theoretically have to set my listener to 'configure listeners individually per ip address'? When doing this, I should only have to set up the ips that I am web publishing and server publishing, correct? This has nothing to do with any outbound access or any other protocols other than prort 80? This seems fairly obvious, but I'd like to make certain before moving forward. Thanks. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, December 15, 2001 1:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org I too am having difficulty with that working as you describe; it breaks all the rules that ISA enforces so carefully. Grab this: http://isaserver.org/images/isainfo.vb_ and send me the results; maybe something will pop out at me... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, December 14, 2001 20:17 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org Any last thoughts on this (then I'll give up)? Everything is working yet I have both server publishing and web publishing and my listener is configured to 'use the same configuration for all ip addresses'. Is this theoretically not supposed to work? Maybe this is what is giving me issues when I monkey with it though... It's just really hard to decide to fix something that isn't broken... at the moment. -----Original Message----- From: Bryan Andrews Sent: Friday, December 14, 2001 7:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org No I have not changed anything in this respect. I had just rolled back to my last backup. My listener is configured to 'use the same configuration for all ip addresses'. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, December 13, 2001 10:13 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org Did you isolate that one IP from the incoming web requests listener? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, December 13, 2001 18:54 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org I am just wondering why everything is running ok now? I still have both web publishing, server publishing, and my listener configured to 'use the same configuration for all ip addresses. I believe that this could cause a problem but I am wondering why it does not now... I just hate to change anything until I understand the implications, and the fact that it works now is a bit confusing to me... -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, December 13, 2001 8:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org This is the cause of your event logs and firewall and web service failures. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, December 13, 2001 12:24 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org So... I have my listener configured to 'use the same configuration for all ip addresses' and I have both server and web publishing happening right now. Should this theoretically not work? Bryan Andrews ~ Trend Influence 404.523.8649 Office ~ 404.597.2316 Cell -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, December 12, 2001 10:07 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org That helps a lot.. really. Event ID: 14163 The key phrase in the event log is: "The Firewall service failed to bind socket for the server on the firewall since another process is using the same port" This event is generated because the server publishing rule [All TI Multi-Homed Webs] is using the same port as the incoming web requests listener (TCP-80). By default, ISA listens to all external IPs on TCP-80 for incoming web requests. If you server-publish TCP-80 on one of those IPs without removing that IP from the Incoming Web Requests listener IP list, you'll create a resource conflict. The other two events are probably caused by this one. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the book! ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, December 12, 2001 03:24 Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org This is the event that I guess is the culprit. Most of the stuff I was doing yesterday was creating some new client sets and destination sets. Event Type: Warning Event Source: Microsoft Firewall Event Category: None Event ID: 14163 Date: 12/11/2001 Time: 7:39:24 PM User: N/A Computer: TATLISA2 Description: Server publishing rule [All TI Multi-Homed Webs] that maps 10.1.2.121:80 TCP to 216.0.216.135:80 for protocol [_http access] failed because the port on the external interface is being used by another application. The Firewall service failed to bind socket for the server on the firewall since another process is using the same port. Check for any other process using the same port and terminate if necessary. This is my server publishing rule that I publish all my webs on (not Web Publishing). I do however have a couple of web publishing rules as well for Exchange and Others that I am not concerned about reporting for. Event Type: Error Event Source: Microsoft ISA Server Control Event Category: None Event ID: 14079 Date: 12/11/2001 Time: 3:22:25 PM User: N/A Computer: TATLISA2 Description: Due to an unexpected error, the service fwsrv stopped responding to all requests. This occurred 1 time(s) in the past 13:53 hours. Try to stop the service or kill the corresponding process if it does not respond, and start it again. Check the Event Viewer for related error messages. Not sure... is this the Web Proxy Service: Event Type: Information Event Source: DrWatson Event Category: None Event ID: 4097 Date: 12/11/2001 Time: 3:21:18 PM User: N/A Computer: TATLISA2 Description: The application, wspsrv.exe, generated an application error The error occurred on 12/11/2001 @ 15:21:17.302 The exception generated was c0000005 at address 01024F7A (CKeepAlive::operator=) Data: Then I have hundreds of these before the others above (the day before my recent major troubles though): Event Type: Warning Event Source: Microsoft Firewall Event Category: None Event ID: 14152 Date: 12/10/2001 Time: 12:38:40 PM User: N/A Computer: TATLISA2 Description: A User Datagram Protocol (UDP) packet was dropped because it was larger than the maximum UDP packet allowed by the Firewall service. I also have these periodically: Event Type: Warning Event Source: Microsoft ISA Firewall H.323 Filter Event Category: None Event ID: 14 Date: 12/12/2001 Time: 10:38:57 PM User: N/A Computer: TATLISA2 Description: H.323 filter is not configured to register with an H.323 Gatekeeper, attempting to find a gatekeeper using multicast discovery. Inbound H.323 calls will not succeed while the filter is not registered with a gatekeeper. To configure the filter to use a particular gatekeeper, edit the H.323 filter Call Control properties and enter the H.323 gatekeeper to register with. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Tuesday, December 11, 2001 10:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: My ISA server is sensitive... http://www.ISAserver.org No; you may be experiencing one or (heaven forbid) more known issues with ISA and publishing. What event log entries do you see in the system and application event logs? Jim Harrison MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Bryan Andrews" <bandrews@xxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, December 11, 2001 18:51 Subject: [isalist] My ISA server is sensitive... http://www.ISAserver.org I don't know about anyone else here... but our ISAserver seems really sensitive... I mean, I feel like I know this thing pretty well... I have built it twice now... We are using client sets and destination sets I believe the way I am supposed to, and network is great - As long as I don't molest it. It seems like whenever I do anything much to it... it will get tempermental and my webs will stop being published (I'll start to get URL denied errors). I am very careful to know what I have done and how to undo it. But it seems more often than not I have to either restart it, or restore the config. It has gotten to the point where I have to adhere by a very strict SLA policy (of after midnight), which is not a bad rule, but there are things that I should be able to do (and undo if I have to) without disturbing normal network traffic. Perhaps I am screwing something up, but when stopping and restarting the services doesn't work, but restarting the box does, this gets very frustrating and makes me think I am not screwing it up many of the times... Is this par for the course with ISA in anybody else's experience? Thanks for any thoughts here... ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bandrews@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')