Given the "reverse NAT" entry, I'd say youhave a corrupted server publlishing rule. Use "AD Users and Computers" in "Advanced" view mode and drill down to the object listed in CN=2F3B145E-C008-43E0-8AE1-720F62173C0B}. You'll see the name of the SPR that's choking. Use the ISA managament MMC to remove and recreate the SPR and all will be well. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: John C. Shepard To: [ISAserver.org Discussion List] Sent: Tuesday, April 23, 2002 8:41 AM Subject: [isalist] RE: Packet filter weirdness http://www.ISAserver.org This shows up in the Application Log occasionally, related or not. Event Type: Error Event Source: Microsoft Firewall Event Category: None Event ID: 11001 Date: 4/23/2002 Time: 8:33:43 AM User: N/A Computer: CERBERUS Description: Microsoft Firewall failed. The failure occurred during Initialization of reverse Network Address Translation (NAT). because the configuration property ClientSetsExcluded of the key LDAP://dc1.seattle.atinera.local/CN={013C3867-DCB6-470A-884D-1DBA2708ACBF},C N=PNATServerMappings,CN=Publishing,CN={2F3B145E-C008-43E0-8AE1-720F62173C0B} ,CN=Arrays,CN=Fpc,CN=System,DC=seattle,DC=atinera,DC=local could not be accessed. Use the source location 3.1061.3.0.1200.166 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified. Data: 0000: 02 00 07 80 ...? -----Original Message----- From: John C. Shepard Sent: Tuesday, April 23, 2002 8:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] Packet filter weirdness http://www.ISAserver.org Has anyone gotten Filters to work on a 2nd or 3rd IP address for the external NIC? They seem to work perfectly for the first IP address but not for any other IP: External NIC: IP 1: 123.123.123.1 IP 2: 123.123.123.2 Filters: #1: Allow, ICMP ping response, External IP 123.123.123.1, All remote computers #2: Allow, ICMP ping query, External IP 123.123.123.1, All remote computers #3: Allow, ICMP ping response, External IP 123.123.123.2, All remote computers #4: Allow, ICMP ping query, External IP 123.123.123.2, All remote computers Results: Can ping 123.123.123.1 fine, but canot ping 123.123.123.2. It's almost like packet filters bind on nothing but the first IP. That is not the case with Server Publishing Rules. They work fine on the second IP. What is the explanation? John ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jshepard@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')