RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...

• From: Marvin Cummings <MarvinC@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 22 Oct 2004 11:07:34 -0400

Ok, help me clear up something here:
Does the Inbound web listener use the external or internal IP to
listen for inbound requests? I thought it was the external.
Placing the external on a different subnet doesn't require changes to
be made to the router?
Proceeding to change external IP.


On Fri, 22 Oct 2004 11:47:20 -0300, Steve Moffat <steve@xxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> External and internal need to be different subnets.
> 
> 
> 
> -----Original Message-----
> From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx]
> Sent: Friday, October 22, 2004 11:35 AM
> To: ISA Mailing List
> Subject: [isalist] RE: The kerberos subsystem encountered a PAC
> verification failure...ISA2K & W2k3...
> 
> http://www.ISAserver.org
> 
> Correct. The site's accesible externally and internally nwo that I've
> added it to my host file. My settings are listed as follows:
> Back to Split-DNS
> Internal IP: 192.168.1.8
> External IP: 192.168.1.2
> Router IP: 192.168.1.1
> LAT: 192.168.1.0 - 192.168.1.255
> Web Listener Config:
>   IP: 192.168.1.2
>   TCP Port: 80
>   SSL port: 443
>   Enable SSL Listeners box checked
> Web Listener Properties Sheet:
>   Server: ISA server
>   IP Address: 192.168.1.2 - Maybe this is the problem????
>   Use a server certificate to authenticate to web clients - box
> unchecked
>   Authentication: Basic with this domain - box unchecked
>   Integrated box checked
> 
> thnks
> 
> On Fri, 22 Oct 2004 05:09:49 -0500, Thomas W Shinder
> <tshinder@xxxxxxxxxxx> wrote:
> > http://www.ISAserver.org
> >
> > Hi Marvin,
> >
> > I thought the other day we demonstrated that your site actually did
> > work. We were presented with a certificate and a log on dialog box.
> > Can't say what would have happened after that, though.
> >
> > What is the:
> >
> > EXACT IP address information on each of the ISA firewall's interfaces
> > EXACT IP address information on each of the interfaces on the device
> > in front of the ISA firewall EXACT configuration of the Web Publishing
> 
> > Rule
> >
> > Thanks!
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> >
> > -----Original Message-----
> > From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx]
> > Sent: Friday, October 22, 2004 3:35 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] The kerberos subsystem encountered a PAC
> > verification failure...ISA2K & W2k3...
> >
> > http://www.ISAserver.org
> >
> > Anyone come across the following errors in their event log:
> >
> > Event ID: 5719
> > This computer was not able to set up a secure session with a domain
> > controller in domain mydomain due to the following:
> > There are currently no logon servers available to service the logon
> > request.
> > This may lead to authentication problems. Make sure that this computer
> 
> > is connected to the network. If the problem persists, please contact
> > your domain administrator.
> >
> > ADDITIONAL INFO
> > If this computer is a domain controller for the specified domain, it
> > sets up the secure session to the primary domain controller emulator
> > in the specified domain. Otherwise, this computer sets up the secure
> > session to any domain controller in the specified domain.
> >
> > Event ID: 7
> > The kerberos subsystem encountered a PAC verification failure.  This
> > indicates that the PAC from the client nuisasrvr$ in realm
> > my.domain.com had a PAC which failed to verify or was modified.
> > Contact your system administrator.
> >
> > This ISA server computer isn't a domain controller and I can access
> > the domain controller fine. The ISA server passes a netdiag fine so
> > I'm kinda lost on where to check next.
> >
> > Any responses are appreciated.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> >
> >
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> > Security Resource Site: http://www.windowsecurity.com/ Network
> > Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> 
> > marvinc@xxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> steve@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> This E-Mail is confidential. It is not intended to be read, copied, disclosed 
> or used by any person other than the recipient named above.
> 
> Unauthorised use, disclosure, or copying is strictly prohibited and may be 
> unlawful. Optimum IT Solutions Ltd disclaims any liability for any action 
> taken in connection of this E-Mail. The comments or statements expressed in 
> this E-Mail are not necessarily those of Optimum IT Solutions Ltd or its 
> subsidiaries or affiliates.
> 
> administrator@xxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> marvinc@xxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

Other related posts:

• » The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...

1. Home
2. isalist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---