The inbound listens on the external......the easiest way is to leave the external on the 192.168.1.0 subnet (in case you ever have to reset the linksys to default), and make the internal subnet different. S -----Original Message----- From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx] Sent: Friday, October 22, 2004 12:08 PM To: ISA Mailing List Subject: [isalist] RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3... http://www.ISAserver.org Ok, help me clear up something here: Does the Inbound web listener use the external or internal IP to listen for inbound requests? I thought it was the external. Placing the external on a different subnet doesn't require changes to be made to the router? Proceeding to change external IP. On Fri, 22 Oct 2004 11:47:20 -0300, Steve Moffat <steve@xxxxxxxxxx> wrote: > http://www.ISAserver.org > > External and internal need to be different subnets. > > > > -----Original Message----- > From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx] > Sent: Friday, October 22, 2004 11:35 AM > To: ISA Mailing List > Subject: [isalist] RE: The kerberos subsystem encountered a PAC > verification failure...ISA2K & W2k3... > > http://www.ISAserver.org > > Correct. The site's accesible externally and internally nwo that I've > added it to my host file. My settings are listed as follows: > Back to Split-DNS > Internal IP: 192.168.1.8 > External IP: 192.168.1.2 > Router IP: 192.168.1.1 > LAT: 192.168.1.0 - 192.168.1.255 > Web Listener Config: > IP: 192.168.1.2 > TCP Port: 80 > SSL port: 443 > Enable SSL Listeners box checked > Web Listener Properties Sheet: > Server: ISA server > IP Address: 192.168.1.2 - Maybe this is the problem???? > Use a server certificate to authenticate to web clients - box > unchecked > Authentication: Basic with this domain - box unchecked > Integrated box checked > > thnks > > On Fri, 22 Oct 2004 05:09:49 -0500, Thomas W Shinder > <tshinder@xxxxxxxxxxx> wrote: > > http://www.ISAserver.org > > > > Hi Marvin, > > > > I thought the other day we demonstrated that your site actually did > > work. We were presented with a certificate and a log on dialog box. > > Can't say what would have happened after that, though. > > > > What is the: > > > > EXACT IP address information on each of the ISA firewall's > > interfaces EXACT IP address information on each of the interfaces on > > the device in front of the ISA firewall EXACT configuration of the > > Web Publishing > > > Rule > > > > Thanks! > > > > Tom > > www.isaserver.org/shinder > > Tom and Deb Shinder's Configuring ISA Server 2004 > > http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > > -----Original Message----- > > From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx] > > Sent: Friday, October 22, 2004 3:35 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] The kerberos subsystem encountered a PAC > > verification failure...ISA2K & W2k3... > > > > http://www.ISAserver.org > > > > Anyone come across the following errors in their event log: > > > > Event ID: 5719 > > This computer was not able to set up a secure session with a domain > > controller in domain mydomain due to the following: > > There are currently no logon servers available to service the logon > > request. > > This may lead to authentication problems. Make sure that this > > computer > > > is connected to the network. If the problem persists, please contact > > your domain administrator. > > > > ADDITIONAL INFO > > If this computer is a domain controller for the specified domain, it > > sets up the secure session to the primary domain controller emulator > > in the specified domain. Otherwise, this computer sets up the secure > > session to any domain controller in the specified domain. > > > > Event ID: 7 > > The kerberos subsystem encountered a PAC verification failure. This > > indicates that the PAC from the client nuisasrvr$ in realm > > my.domain.com had a PAC which failed to verify or was modified. > > Contact your system administrator. > > > > This ISA server computer isn't a domain controller and I can access > > the domain controller fine. The ISA server passes a netdiag fine so > > I'm kinda lost on where to check next. > > > > Any responses are appreciated. > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx > > > > > > To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax > > Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > > marvinc@xxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > steve@xxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient named above. > > Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum IT Solutions Ltd disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum IT Solutions Ltd or its subsidiaries or affiliates. > > administrator@xxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > marvinc@xxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx