You might want to check for morphed policy objects if there is more than one DC in the environment. That can happen when Sysvol directories and files have been replicated to other servers and are exact copies of each but FRS can't tell which is the most recent. When that happens, you end up with duplicate directories which can cause these kinds of problems. Cordially yours, Jerry G. Young II MCSE (4.0/W2K) Atlanta EES Implementation Team Lead HHS Engineering Unisys 11493 Sunset Hills Rd. Reston, VA 20190 Office: 703-579-2727 Cell: 703-625-1468 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. ________________________________ From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Sat 28/01/2006 1:23 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Server cant be pinged SOLVED http://www.ISAserver.org LOL!!! Carlton Draught for everyone!!! On my customer, he used an old HP Netserver LC3 as his ISA server. I really don't know how that policy got messed up, but I had to set it on the DC so it would be applied on the ISA Box. So I created an OU with just ISA on it, created the GPO setting those two users on Generate Security Audits and it all worked again. I can't undestand how the whole domain lost that policy. Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. >>> tshinder@xxxxxxxxxxx 27/1/2006 00:02 >>> http://www.ISAserver.org Wow! Beers all around for Tiago! Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Michael Ross [mailto:mross@xxxxxxxxxxx] <mailto:mross@xxxxxxxxxxx%5d> > Sent: Thursday, January 26, 2006 6:31 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Server cant be pinged SOLVED > > http://www.ISAserver.org > > BINGO > > Looks like I had to open that policy, make sure it was right, > then close it. > Now its working!!!!!! > > -----Original Message----- > From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] > <mailto:Tiago@xxxxxxxxxxxxxxx%5d> > Sent: Thursday, January 26, 2006 6:07 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Server cant be pinged > > http://www.ISAserver.org > > Same Behavior that I saw on a customer of mine. > > The firewall service wouldn't go up and as Jim stated a long > time ago, ISA 2004 will enter a "Network Brick" mode, that > it'll be able to access anything, but anything won't be able > to access ISA. > > I had that issue back some time ago when an specific GPO > change made my customer's ISA stop starting... > > Together with Microsoft's folks, we diagnosed that there's a > policy locally on your ISA Box named "Generate Security > audits", and in that policy you must have two accounts listed: > > NETWORK SERVICE > LOCAL SERVICE > > It's just a tip of what may be happening. But by the symptoms > you described, either: > > -You have a rule configuration problem > -ISA isn't loading its own rules > -ISA installation gone FUBAR for whatever reason -Conflict > with another firewall installed (E.G.: Trend or McAffee ones > that go up together with the AV) > > > > Tiago de Aviz > SoftSell - Curitiba > (41) 3340-2363 > www.softsell.com.br > > Esta mensagem, incluindo seus anexos, tem caráter > confidencial e seu conteúdo é restrito ao destinatário da > mensagem. Caso você tenha recebido esta mensagem por engano, > queira por favor retorná-la ao destinatário e apagá-la de > seus arquivos. Qualquer uso não autorizado, replicação ou > disseminação desta mensagem ou parte dela é expressamente > proibido. A SoftSell não é responsável pelo conteúdo ou a > veracidade desta informação. > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gerald.young@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx