RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 22 Oct 2004 12:57:10 -0300
The inbound listens on the external......the easiest way is to leave the
external on the 192.168.1.0 subnet (in case you ever have to reset the
linksys to default), and make the internal subnet different.
S
-----Original Message-----
From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx]
Sent: Friday, October 22, 2004 12:08 PM
To: ISA Mailing List
Subject: [isalist] RE: The kerberos subsystem encountered a PAC
verification failure...ISA2K & W2k3...
http://www.ISAserver.org
Ok, help me clear up something here:
Does the Inbound web listener use the external or internal IP to listen
for inbound requests? I thought it was the external.
Placing the external on a different subnet doesn't require changes to be
made to the router?
Proceeding to change external IP.
On Fri, 22 Oct 2004 11:47:20 -0300, Steve Moffat <steve@xxxxxxxxxx>
wrote:
> http://www.ISAserver.org
>
> External and internal need to be different subnets.
>
>
>
> -----Original Message-----
> From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx]
> Sent: Friday, October 22, 2004 11:35 AM
> To: ISA Mailing List
> Subject: [isalist] RE: The kerberos subsystem encountered a PAC
> verification failure...ISA2K & W2k3...
>
> http://www.ISAserver.org
>
> Correct. The site's accesible externally and internally nwo that I've
> added it to my host file. My settings are listed as follows:
> Back to Split-DNS
> Internal IP: 192.168.1.8
> External IP: 192.168.1.2
> Router IP: 192.168.1.1
> LAT: 192.168.1.0 - 192.168.1.255
> Web Listener Config:
> IP: 192.168.1.2
> TCP Port: 80
> SSL port: 443
> Enable SSL Listeners box checked
> Web Listener Properties Sheet:
> Server: ISA server
> IP Address: 192.168.1.2 - Maybe this is the problem????
> Use a server certificate to authenticate to web clients - box
> unchecked
> Authentication: Basic with this domain - box unchecked
> Integrated box checked
>
> thnks
>
> On Fri, 22 Oct 2004 05:09:49 -0500, Thomas W Shinder
> <tshinder@xxxxxxxxxxx> wrote:
> > http://www.ISAserver.org
> >
> > Hi Marvin,
> >
> > I thought the other day we demonstrated that your site actually did
> > work. We were presented with a certificate and a log on dialog box.
> > Can't say what would have happened after that, though.
> >
> > What is the:
> >
> > EXACT IP address information on each of the ISA firewall's
> > interfaces EXACT IP address information on each of the interfaces on
> > the device in front of the ISA firewall EXACT configuration of the
> > Web Publishing
>
> > Rule
> >
> > Thanks!
> >
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> >
> > -----Original Message-----
> > From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx]
> > Sent: Friday, October 22, 2004 3:35 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] The kerberos subsystem encountered a PAC
> > verification failure...ISA2K & W2k3...
> >
> > http://www.ISAserver.org
> >
> > Anyone come across the following errors in their event log:
> >
> > Event ID: 5719
> > This computer was not able to set up a secure session with a domain
> > controller in domain mydomain due to the following:
> > There are currently no logon servers available to service the logon
> > request.
> > This may lead to authentication problems. Make sure that this
> > computer
>
> > is connected to the network. If the problem persists, please contact
> > your domain administrator.
> >
> > ADDITIONAL INFO
> > If this computer is a domain controller for the specified domain, it
> > sets up the secure session to the primary domain controller emulator
> > in the specified domain. Otherwise, this computer sets up the secure
> > session to any domain controller in the specified domain.
> >
> > Event ID: 7
> > The kerberos subsystem encountered a PAC verification failure. This
> > indicates that the PAC from the client nuisasrvr$ in realm
> > my.domain.com had a PAC which failed to verify or was modified.
> > Contact your system administrator.
> >
> > This ISA server computer isn't a domain controller and I can access
> > the domain controller fine. The ISA server passes a netdiag fine so
> > I'm kinda lost on where to check next.
> >
> > Any responses are appreciated.
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > tshinder@xxxxxxxxxxxxxxxxxx
> >
> >
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> > Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
>
> > marvinc@xxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> steve@xxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.
>
> Unauthorised use, disclosure, or copying is strictly prohibited and
may be unlawful. Optimum IT Solutions Ltd disclaims any liability for
any action taken in connection of this E-Mail. The comments or
statements expressed in this E-Mail are not necessarily those of Optimum
IT Solutions Ltd or its subsidiaries or affiliates.
>
> administrator@xxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> marvinc@xxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
