Re: RRAS Problems after NT4 Domain Upgrade to 2003

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 15 Sep 2004 23:28:34 -0500

Hi Michael,

You already have the infrastructure set up for a split DNS, as your
internal domain is a subdomain of your external domain. Just mirror your
public records on the Internal domain but map them public servers to
their Internal addresses. No reason to add new servers. You're not in a
pinch like those with .local illegal TLDs, but even in that case, you
can create a second domain to support the split DNS and not require
additional servers. My only reservation in those circumstances is when
they want to host their own public records, and they want to host them
on the same machines they use to host their private records.

HTH,
Tom 

-----Original Message-----
From: Michael Ellis [mailto:isalist@xxxxxxxx] 
Sent: Tuesday, September 14, 2004 8:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003

http://www.ISAserver.org

Tom's article is written for the case where you use your public domain
name for the internal network as well.  In my case we use "pesa.com" for
the external domain name and "hsv.pesa.com" for the internal domain.
The domain name "hsv.pesa.com" is only used by internal clients - it is
not publicly accessible.

For name resolution I have internal DNS servers (W2K3) set to resolve
*.hsv.pesa.com and to forward anything else to our ISP's DNS servers for
resolution.  I'm no expert on DNS and would like to know more.  Can you
point me to a good resource on Windows DNS?  It seems that for my case I
should be able to use my existing DNS server to redirect *certain*
public names to an internal host while allowing other public names to be
resolved by the external DNS servers.  For example, I host our mail
server
(mail.pesa.com) but not our web server (www.pesa.com).  I would like to
redirect internal clients to mailserver.hsv.pesa.com while allowing the
www.pesa.com to be resolved externally.  How can I do this with my
existing DNS server?  For that matter, how can I intercept and redirect
any arbitrary host name using Win 2K3 DNS?

I'm not ignoring the split DNS approach, but I'm running a small network
and would not like to deploy additional servers if at all possible.

--
Michael Ellis

----- Original Message -----
From: Jim Harrison
To: [ISAserver.org Discussion List]
Sent: Monday, September 13, 2004 4:15 PM
Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003


http://www.ISAserver.org

That scenario was never supported anyway.
It's the "isotropic IP bounce" technique that causes your ISA to lose
its 
mind over time.
Use Tom's split DNS article and your life will be much easier.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

----- Original Message ----- 
From: "Michael Ellis" <isalist@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 13:01
Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003


http://www.ISAserver.org

Glad to be of service.  I more or less stumbled upon the SP2 solution
after
scouring the MS KB, Googling in vain and asking for suggestions here (no
responses were forthcoming).  I should also note that applying SP2
"broke" a
feature that the good folks here rather bluntly told me not to do.
Before
SP2 I was able to point an application running on an internal client to
the
public IP address of a server hosted internally and have ISA loop data
back
to my server.  Alas, this (seemingly unsupported) feature no longer
works.

Michael Ellis

----- Original Message ----- 
From: Paul Crisp
To: [ISAserver.org Discussion List]
Sent: Monday, September 13, 2004 2:44 PM
Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003


http://www.ISAserver.org

All sorted, thanks again Michael. Seems that SP2 done the
trick.............. why oh why don't MS update their knowledge base to
include the information about ISA SP2, could have saved me half the day
!!

Cheers again

Paul
----- Original Message ----- 
From: "Paul Crisp" <PCrisp@xxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 13, 2004 3:14 PM
Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003


> http://www.ISAserver.org
>
> Hmmm, first point i have done already. I'll double check that SP2 is
> installed and look at the remote access policy.
>
> Cheers Michael
>
> ----- Original Message ----- 
> From: "Michael Ellis" <isalist@xxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Monday, September 13, 2004 2:11 PM
> Subject: [isalist] Re: RRAS Problems after NT4 Domain Upgrade to 2003
>
>
>> http://www.ISAserver.org
>>
>> Make sure that the ISA machine has been added to the "RAS and IAS
>> Servers"
>> group, and make sure that ISA server SP2 has been installed.  These
> two
>> items seemed to fix the problem for me.
>>
>> Also take a look at the Remote Access Policy for your domain.
>>
>> -- 
>> Michael Ellis
>>
>>
>> ----- Original Message ----- 
>> From: Paul Crisp
>> To: [ISAserver.org Discussion List]
>> Sent: Monday, September 13, 2004 6:31 AM
>> Subject: [isalist] RRAS Problems after NT4 Domain Upgrade to 2003
>>
>>
>> http://www.ISAserver.org
>>
>> Upgrade our NT4 domain on Friday, went through no problem (pheww).
>> Now Monday morning, and finding our VPN users can no longer connect
to
>> the
>> network I'm getting the following error
>>
>> Error 930: the authentifcation server did not respond to
> authentication
>> requests in a timely fashion
>>
>> Running ISA 2000 by the way on a Windows 2000 server. Have looked at
> the
>> MS
>> articles and everything seems fine, anyone got any tips or pointers
>>
>> Cheers in advance
>>
>> Paul Crisp
>> Snr Network Support Analyst
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 Exchange Server Resource Site: http://www.msexchange.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> isalist@xxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
>> ------------------------------------------------------
>> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 Exchange Server Resource Site: http://www.msexchange.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this ISAserver.org Discussion List
as:
>> pcrisp@xxxxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> pcrisp@xxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
isalist@xxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003
• » Re: RRAS Problems after NT4 Domain Upgrade to 2003

1. Home
2. isalist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---