Hi Amy, I'm not sure what the sceanrio is is. Is there a DHCP server on the ISA Firewall? If so, there never were any System Policy Rules that allow for this, you've always had to create your own rules. Tom Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- Microsoft Firewalls (ISA) ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Thursday, October 26, 2006 3:45 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] ISA DHCP Here's the promised update for the DHCP stops working issue after ISA SP2 install. More are starting to show up on the SBS yahoo group. The server that I've seen belongs to Eriq Neale. I know Tom Shinder knows him, he's a pretty competent guy from there in Texas. Original Client IP Client Username Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport HTTP Method URL MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Rule Filter Information Network Interface Raw IP Header Raw Payload Log Time Source Port Processing Time Bytes Sent Bytes Received HTTP Status Code Cache Information Log Record Type Destination IP Destination Port Protocol Action Client IP Source Network Destination Network Result Code Error Information 0.0.0.0 CC-SBS - UDP - - - - 10/26/2006 8:43:25 AM 68 0 0 0 0x0 Firewall 255.255.255.255 67 DHCP (request) Denied Connection 0.0.0.0 Internal Local Host 0xc004000d FWX_E_POLICY_RULES_DENIED 0x0 I also ran an ISA info. Checked the server against mine and the system policy rules for DHCP are identical. Checked the NIC configurations those look good too. Checked that .255 is part of the internal network. Checked binding order and where DHCP is bound. Everything checks out. If you recreate the DHCP system policy rules as firewall rules, DHCP works. Saw it with my own eyes. DHCP was working prior to ISA SP2 installation. I'm stumped. Anyone? p.s. I wish you guys would monitor the ISA MVP list as well. Amy Babinchak