I had this problem myself.. Clients would run slow and then just hang. I'm running a back to back setup. My external ISA is for firewall only. My internal ISA machine is integrated and I'm using AD. Later tonight I'll email out what I did and see if this will help with your issues. I am going to hang out with my Son for the afternoon! Right now I would play with the caching options, up stream server, and Routing options to your internal and external NICS. It was funny that when I added dummy routes to both my internal and external NICS on my (Internal ISA) the client caching problems disappeared. And when I look at the proxy and web logs I have messages stating that information was retrieved from the cache. Joseph -----Original Message----- From: Thomas W. Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, September 09, 2001 12:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Web Proxy and other woes http://www.ISAserver.org Hi Perry, Sounds like you day is going like mine. I've already wasted 36 hours on a problem, and it looks like at least another 36 to get it resolved. It should not be that hard to get it going. If you have wiped out IIS on the ISA server (OK, just disabled IIS), get other servers off the ISA Server (like SQL and Exchange and Quake), make sure the LAT is configured right and make sure the DNS setttings on the ISA Server are configured correctly, it should just work. Some of your problems sounds like the evil droppings of the Security Wizard. Did you run that? HTH, Tom www.isaserver.org/shinder Thomas W Shinder, M.D., MCSE, MCT -----Original Message----- From: Perry H. Sweetser [mailto:perryhs@xxxxxxxxx] Sent: Sunday, September 09, 2001 1:01 PM To: [ISAserver.org Discussion List] Subject: [isalist] Web Proxy and other woes http://www.ISAserver.org We are using BackOffice servers in native mode with only w2k clients. I thought I was doing the right thing by reading Dr. Shindler's excellent book BEFORE installing and configuring ISA 2000, but now I don't know. I have a problem to be sure, and there is probably a simple reason for it, but for the life of me I can't figure it out. Back Office installs ISA in integrated mode, which was what I wanted. I configured what I considered to be the necessary rules for the domain using secure NAT clients with a standalone ISA server: client sets destination sets protocol rules routing rules I then tested this configuration by setting the client's default gateway to point to the ISA server, thus making it a secure NAT client. The client worked just fine. However, to be on the safe side, as Dr. Shindler points out in his book and in the article published in the learning zone, I set the client's IE5 settings to use the Web proxy service at the default 8080 port on the ISA server. IE6 hung. I also tried this with Opera 5.12 and Netscape 6.1. They hung too. (I noticed that Manfred Fink reported something similar and was advised to check his DNS settings. I will come back to this point.) So I've spent the last 5 days configuring and reconfiguring ISA, as well as uninstalling and reinstalling. These 5 days produced meager, if interesting results, which I will sum up as follows: I turned on all of the logging options first to see if I could uncover any errors in this manner. Fortunately (or unfortunately?), the event log reports no errors or alerts, and the report files produced by ISA show that there has been no activity. At this point I got suspicious, as I recalled that I had never seen any client reported in the \monitoring\sessions window. I don't recall reading anywhere about what I should see in this window, but when I am "successfully" running a secure NAT client without the Web Proxy setting activated, I don't see anything in this window. Dr. Shindler mentions that NAT clients are "transparent" to ISA but I was wondering if this transparency includes not showing up in the session window... So I used performance monitor to monitor disk activity on the separate disk that I am using for the cache. I figured that if the NAT client is getting through, there must be some caching going on, but performance monitor reported no disk activty for the cache disk whatsoever. At this point I tried using the scheduled download option to see if that would affect anything, and it did - it gave me the first and only warning message in the event log - event ID 13107, which reported that the download was stopped with 0 pages visited - without giving me a reason for why it was stopped. I rechecked my routing options - yes, HTTP was being routed to the ISA proxy, so I figured I had configured one of the rules incorrectly. I tried several changes to the rules, stopping and restarting the server, but nothing helped. I checked the DNS configuration (we use an internal DNS which is integrated with AD) and this was ok, as well as our DHCP server and option settings. I tried using one client with static settings (without DHCP delivery) on the NIC, but that did no good either. So I completely uninstalled ISA and reinstalled it in caching only mode only to see if any of the protocols were misconfigured. This made configuration much simpler since there were so few options to configure. My client still did not work, so I did the only thing left to do - I configured all of the rules to allow everything for everybody at all times and everywhere. Guess what? My client with the static NIC information now worked and showed up in the sessions window. At this point I had thought I had solved part of the problem, so I closed IE6 on the client and went upstairs for a cup of coffee. When I came back, I thought I would test the client against ISA again for speed - to see if the pages that I had visited when I first had connected came back at super something speeds or whatever... Guess what? The client hung again. In fact, I was never able to get the client to talk to ISA again despite rebooting both client and server. The logs show that the client was successfully logged in the first time, but there is no subsequent report, no errors, no nothing.... So my question to all of you who know ISA real well is WHAT THE HECK IS GOING ON HERE? Is there something so simple I have forgotten that rates for 2000 ISA demerit points or what? I would appreciate any advice, hints or reprimands on this one. Otherwise I will have to go back to Iplanet's Proxy Server, which we were using before we upgraded to BackOffice. By the way, you have a very nice and informative site here! phs ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')