RE: Web Proxy and other woes

• From: "cismic" <cismic@xxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 9 Sep 2001 13:22:50 -0700

I had this problem myself..
Clients would run slow and then just hang.

I'm running a back to back setup.  My external ISA is for firewall only.
My internal ISA machine is integrated and I'm using AD.

Later tonight I'll email out what I did and see if this will help with
your issues. I am going to hang out with my Son for the afternoon!

Right now I would play with the caching options, up stream server, and
Routing options to your internal and external NICS. It was funny that
when I added dummy routes to both my internal and external NICS on my
(Internal ISA) the client caching problems disappeared. And when I look
at the proxy and web logs I have messages stating that information was
retrieved from the cache.

Joseph


-----Original Message-----
From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Sunday, September 09, 2001 12:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Web Proxy and other woes

http://www.ISAserver.org


Hi Perry,

Sounds like you day is going like mine. I've already wasted 36 hours on
a problem, and it looks like at least another 36 to get it resolved.

It should not be that hard to get it going. If you have wiped out IIS on
the ISA server (OK, just disabled IIS), get other servers off the ISA
Server (like SQL and Exchange and Quake), make sure the LAT is
configured right and make sure the DNS setttings on the ISA Server are
configured correctly, it should just work.

Some of your problems sounds like the evil droppings of the Security
Wizard.  Did you run that?

HTH,
Tom
www.isaserver.org/shinder


Thomas W Shinder, M.D., MCSE, MCT
 


-----Original Message-----
From: Perry H. Sweetser [mailto:perryhs@xxxxxxxxx]
Sent: Sunday, September 09, 2001 1:01 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Web Proxy and other woes


http://www.ISAserver.org


We are using BackOffice servers in native mode with only
w2k clients. I thought I was doing the right thing by reading
Dr. Shindler's excellent book BEFORE installing and 
configuring ISA 2000, but now I don't know. I have a problem
to be sure, and there is probably a simple reason for it,
but for the life of me I can't figure it out.

Back Office installs ISA in integrated mode, which was what
I wanted. I configured what I considered to be the necessary
rules for the domain using secure NAT clients with a standalone
ISA server:

client sets
destination sets
protocol rules
routing rules

I then tested this configuration by setting the client's
default gateway to point to the ISA server, thus making it a
secure NAT client.

The client worked just fine. However, to be on the safe
side, as Dr. Shindler points out in his book and in the
article published in the learning zone, I set the client's
IE5 settings to use the Web proxy service at the default 8080
port on the ISA server. IE6 hung. I also tried this with
Opera 5.12 and Netscape 6.1. They hung too. (I noticed that
Manfred Fink reported something similar and was advised to
check his DNS settings. I will come back to this point.)

So I've spent the last 5 days configuring and reconfiguring
ISA, as well as uninstalling and reinstalling. These 5 days
produced meager, if interesting results, which I will sum
up as follows:

I turned on all of the logging options first to see if I could
uncover any errors in this manner. Fortunately (or unfortunately?),
the event log reports no errors or alerts, and the report
files produced by ISA show that there has been no activity.

At this point I got suspicious, as I recalled that I had
never seen any client reported in the \monitoring\sessions
window. I don't recall reading anywhere about what I should
see in this window, but when I am "successfully" running a
secure NAT client without the Web Proxy setting activated, I
don't see anything in this window. Dr. Shindler mentions that
NAT clients are "transparent" to ISA but I was wondering if
this transparency includes not showing up in the session
window...

So I used performance monitor to monitor disk activity on
the separate disk that I am using for the cache. I figured that
if the NAT client is getting through, there must be some
caching going on, but performance monitor reported no disk
activty for the cache disk whatsoever.

At this point I tried using the scheduled download option
to see if that would affect anything, and it did - it gave
me the first and only warning message in the event log -
event ID 13107, which reported that the download was stopped
with 0 pages visited - without giving me a reason for why it
was stopped.

I rechecked my routing options - yes, HTTP was being routed
to the ISA proxy, so I figured I had configured one of the
rules incorrectly. I tried several changes to the rules,
stopping and restarting the server, but nothing helped.

I checked the DNS configuration (we use an internal DNS
which is integrated with AD) and this was ok, as well as
our DHCP server and option settings. I tried using one
client with static settings (without DHCP delivery) on the
NIC, but that did no good either.

So I completely uninstalled ISA and reinstalled it in caching
only mode only to see if any of the protocols were misconfigured.
This made configuration much simpler since there were so few
options to configure.

My client still did not work, so I did the only thing left to
do - I configured all of the rules to allow everything for
everybody at all times and everywhere. Guess what? My client
with the static NIC information now worked and showed up in
the sessions window.

At this point I had thought I had solved part of the problem,
so I closed IE6 on the client and went upstairs for a cup of 
coffee. When I came back, I thought I would test the client against
ISA again for speed - to see if the pages that I had visited
when I first had connected came back at super something speeds
or whatever...

Guess what? The client hung again. In fact, I was never able
to get the client to talk to ISA again despite rebooting both
client and server. The logs show that the client was successfully
logged in the first time, but there is no subsequent report, no
errors, no nothing....

So my question to all of you who know ISA real well is WHAT
THE HECK IS GOING ON HERE? Is there something so simple I have 
forgotten that rates for 2000 ISA demerit points or what?

I would appreciate any advice, hints or reprimands on this one.
Otherwise I will have to go back to Iplanet's Proxy Server, which
we were using before we upgraded to BackOffice.

By the way, you have a very nice and informative site here!

phs

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Web Proxy and other woes
• » RE: Web Proxy and other woes
• » RE: Web Proxy and other woes
• » RE: Web Proxy and other woes

1. Home
2. isalist
3. Archive
4. 09-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---