RE: automatically detect isa server problem

• From: info <info@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Jul 2005 15:27:40 +0200

Hi Tom,

Its working!

Your questions lead to the solution.

After I set the "primary dns suffix" to fels.us, it worked.

I had not set this before. However, the connection specific dns suffix
from the only nic within my client was set to "fels.us" the whole time.

Apparently, that wasn't good enough.

Maybe this is good stuff to add to your wonderful book "isa server
2004".

Thanks.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, July 20, 2005 3:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: automatically detect isa server problem

http://www.ISAserver.org

Hi Jank,

Let's stay away from the nuclear option until we can't find out what's
going on.

Are the clients a member of the domain?

What is the primary DNS suffix on the clients?

What operating systems are you using for clients?

What is/are the DNS setting(s) on the ISA firewall's interface(s)

What are the DNS settings on the client's interface?

Can you do a NetMon capture on the client when you do a Detect Now at
the Client?

What OS is the DNS server on, the Windows Server 2003 DC?

Are you using the ISA Server 2004 Firewall client?

Thanks!

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> Sent: Wednesday, July 20, 2005 8:07 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
> 
> http://www.ISAserver.org
> 
> Since this is my home network, I was able to add the isa server to the
> domain "fels.us" in no time.
> 
> It did not solve the problem. I still need to do an explicit 
> "ping wpad"
> on the client, before I am able to automatically detect the 
> isa server.
> 
> Then I added the client to the domain and logged in to the domain.
> 
> Still not the solution.
> 
> I am willing to let you log on to my network with mstsc if you want to
> see the whole setup.
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> Sent: Wednesday, July 20, 2005 2:33 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: automatically detect isa server problem
> 
> http://www.ISAserver.org
> 
> ARRRGGG!
> 
> Join that ISA firewall to the domain ASAP. It's a more secure 
> config and
> then your Firewall clients will work (which is just one of the many
> reasons why a domain joined ISA firewall is more secure).
> 
> I always join ISA firewalls to the domain when appropriate. The only
> time when it wouldn't provide an enhanced security posture is 
> in a back
> to back config, when the front end isn't doing any auth chores and
> you're running an anonymous access DMZ between the front end and back
> end.
> 
> HTH,
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > Sent: Wednesday, July 20, 2005 7:29 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> > 
> > http://www.ISAserver.org
> > 
> > Firewall is a standalone server. (not member of any domain) 
> Client is
> > not member of any domain.
> > DNS server is AD domain controller. (this is my personal exchange
> > server, hence the AD.....)
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > Sent: Wednesday, July 20, 2005 2:19 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: automatically detect isa server problem
> > 
> > http://www.ISAserver.org
> > 
> > Hi Info,
> > 
> > Are the clients members of the same domain as the ISA firewall?
> > 
> > Tom
> > www.isaserver.org/shinder
> > Tom and Deb Shinder's Configuring ISA Server 2004
> > http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > Sent: Wednesday, July 20, 2005 7:15 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > > 
> > > http://www.ISAserver.org
> > > 
> > > It takes about 4 seconds before it syas: Failed to detect 
> > ISA Server.
> > > 
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > Sent: Wednesday, July 20, 2005 2:06 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: automatically detect isa server problem
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Hi Info,
> > > 
> > > OK, sounds good so far.
> > > 
> > > What happens when you click Detect Now?
> > > 
> > > Tom
> > > www.isaserver.org/shinder
> > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > >  
> > > 
> > > > -----Original Message-----
> > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > Sent: Wednesday, July 20, 2005 6:57 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > 
> > > > The configuration must almost be correct, since the 
> > autodetect does
> > > > work, after I do an explicit "ping wpad" from the client.
> > > > 
> > > > 
> > > > 
> > > > Dns is setup as follows:
> > > > 
> > > > Wpad                    alias (cname)    boss_lan.fels.us
> > > > Boss_lan                host (A)                10.1.0.1
> > > > Boss_dmz                host (A)                10.2.0.1
> > > > 
> > > > Default gateway of the client is 10.1.0.1
> > > > 
> > > > Client is on the "Internal" network.
> > > > 
> > > > "Internal" network settings on isa firewall:
> > > > 
> > > > Firewall client support is enabled.
> > > > Isa server name is set to "boss_lan.fels.us"
> > > > Automatically detect settings is selected.
> > > > 
> > > > Publish automatic discovery information is selected, 
> > default port 80
> > > > 
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > > Sent: Wednesday, July 20, 2005 1:26 PM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > What are they?
> > > > 
> > > > Tom
> > > > www.isaserver.org/shinder
> > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > > 
> > > >  
> > > > 
> > > > > -----Original Message-----
> > > > > From: jankees [mailto:jankees@xxxxxxx] On Behalf Of info
> > > > > Sent: Wednesday, July 20, 2005 6:22 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > > 
> > > > > http://www.ISAserver.org
> > > > > 
> > > > > Hi there,
> > > > > 
> > > > > I believe they are correct. What can I do?
> > > > > 
> > > > > -----Original Message-----
> > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
> > > > > Sent: Wednesday, July 20, 2005 1:12 PM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: automatically detect isa server problem
> > > > > 
> > > > > http://www.ISAserver.org
> > > > > 
> > > > > Hi Info,
> > > > > 
> > > > > Sounds like the Firewall client listener settings aren't 
> > > configured
> > > > > correctly.
> > > > > 
> > > > > HTH,
> > > > > 
> > > > > Tom
> > > > > www.isaserver.org/shinder
> > > > > Tom and Deb Shinder's Configuring ISA Server 2004
> > > > > http://tinyurl.com/3xqb7
> > > > > MVP -- ISA Firewalls
> > > > > 
> > > > >  
> > > > > 
> > > > > > -----Original Message-----
> > > > > > From: info@xxxxxxx [mailto:info@xxxxxxx] 
> > > > > > Sent: Wednesday, July 20, 2005 6:03 AM
> > > > > > To: [ISAserver.org Discussion List]
> > > > > > Subject: [isalist] automatically detect isa server problem
> > > > > > 
> > > > > > http://www.ISAserver.org
> > > > > > 
> > > > > > Hello,
> > > > > > 
> > > > > > I have a strange problem with "wpad".
> > > > > > 
> > > > > > My isa firewall client will not automatically detect the 
> > > > isa server.
> > > > > > Only after I explicitly do a "ping wpad" from the firewall 
> > > > > > client, the dns
> > > > > > cache is filled on the client with the wpad entry. 
> Only then, 
> > > > > > the firewall
> > > > > > client can "automatically" detect the isa server.
> > > > > > 
> > > > > > Why do I have to explicitly do a "ping wpad". According to 
> > > > > > the manual, the
> > > > > > firewall client is supposed to do it.
> > > > > > 
> > > > > > In my scenario, there is only 1 isa server and the 
> dns server 
> > > > > > is running
> > > > > > on a different server.
> > > > > > 
> > > > > > ------------------------------------------------------
> > > > > > List Archives: 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > > ISA Server Newsletter: 
> > > > http://www.isaserver.org/pages/newsletter.asp
> > > > > > ISA Server FAQ: 
> > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > > ------------------------------------------------------
> > > > > > Other Internet Software Marketing Sites:
> > > > > > World of Windows Networking: 
> http://www.windowsnetworking.com
> > > > > > Leading Network Software Directory: 
> http://www.serverfiles.com
> > > > > > No.1 Exchange Server Resource Site: 
> http://www.msexchange.org
> > > > > > Windows Security Resource Site: 
> http://www.windowsecurity.com/
> > > > > > Network Security Library: http://www.secinf.net/
> > > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > > ------------------------------------------------------
> > > > > > You are currently subscribed to this ISAserver.org 
> Discussion 
> > > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > > To unsubscribe visit 
> > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > > 
> > > > > > 
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org 
> > > > Discussion List as:
> > > > > info@xxxxxxx
> > > > > To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Other Internet Software Marketing Sites:
> > > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > > Network Security Library: http://www.secinf.net/
> > > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org Discussion 
> > > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org 
> > > Discussion List as:
> > > > info@xxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > World of Windows Networking: http://www.windowsnetworking.com
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion 
> > > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > > To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org 
> > Discussion List as:
> > > info@xxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion 
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > info@xxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion 
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> info@xxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
info@xxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem
• » RE: automatically detect isa server problem

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---