We help IT Professionals succeed at work.

MS ISA Server events

1,552 Views
Last Modified: 2008-11-18
Have a server with MS ISA Server installed, two NIC but only using one NIC. Because I want use Firewall client teh ISA Server was installed in Integrated mode. Want to get rid of annoying events in the Application Log:

Event Type:      Error
Event Source:      Microsoft Web Proxy
Event Category:      None
Event ID:      14120
Date:            2/15/2004
Time:            4:44:31 PM
User:            N/A
Computer:      SERVER1
Description:
The ISA Server services cannot create a packet filter 212.72.49.70. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.
Data:
0000: 15 00 00 00               ....    
Comment
Watch Question

Top Expert 2004

Commented:

Author

Commented:
no, doesn't work.
Top Expert 2004

Commented:
The m$ site solution is to add more then one NIC into the computer running the ISA server to be able to creat the packet filter
also
Does your Proxy have 2 NICs?  If so, on the external NIC remove MS Networks, File Sharing and disable NetBIOS over TCP/IP.
Top Expert 2004

Commented:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q288/3/96.ASP&NoWebContent=1

ISA Server Event 14120 Is Logged and Packet Filter Cannot Be Created
View products that this article applies to.
This article was previously published under Q288396
SYMPTOMS
The following error is logged in Event Viewer because there is a conflict with the Local Address Table (LAT) in Internet Security and Acceleration (ISA) Server 2000 and the routing table:

Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14120
Date: 4/18/2001
Time: 2:08:35 PM
User: N/A
Computer: computer name
Description:

The ISA Server services cannot create a packet filter 24.25.66.26. This event occurs when there is a conflict between the LAT configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.

Data:
0000: 41 01 00 c0
The data area also translates to error "0xc000141", or "(dec): 3072 321". If the LAT does not have a conflict with the local routing table (for example, if you set the LAT correctly to only include the IP addresses of all internal interfaces) you may see this event error under the following circumstances:
You have configured ISA Web publishing to an internal Web server, or to the local IIS server on the ISA server.
An internal client requests the Web site using a fully qualified domain name (FQDN) that resolves to the external IP address of ISA.
ISA has both NICs in the same segment and outbound packets go out through the same NIC where the client's request arrived (because that is where the default gateway is configured).
CAUSE
This behavior occurs because when the ISA Web service listens on the external IP address on behalf of the Web server, and the internal client tries to access that service, Web proxy tries to create a packet filter for that address because the proxy views that the address as external (which it is). The packet filter driver fails to create the filter because the address is not reachable through the external interface; instead, the address is reachable through the loopback interface. The result is the event log entry.
RESOLUTION
Although you can ignore this event, you can also resolve this behavior. To do so, on the DNS server that is being used for internal name resolution, create a host record (A record) for the fully qualified domain name that is used by internal users and that resolves to the internal IP address or the IP address of the Web server on which the Web site is hosted.
The information in this article applies to:
Microsoft Internet Security and Acceleration Server 2000

Author

Commented:
The server has two NICS, one is disabled because the ISA server is only used as proxy server, not as firewall. Just have a router on the LAN with firewall capabilities. I read this about create a host record (A record) but how to do this suppose that the local domain (AD) = domain.local, server name = SERVER1. So what is the FQDN? Is that "just" domain.local? I see this record in the DNS server already.....
Top Expert 2004

Commented:

Author

Commented:
A record is already in DNS.
Top Expert 2004

Commented:
Please post it
thanks

Author

Commented:
Host (A)

Parent domain:  domain.local
Host (uses parent if blank): (same as parent folder)
IP Adress: 192.168.1.10

Delete this record.......: X (checked)
Top Expert 2004
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    Accept: stevenlewis {http:#10377984}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

grblades
EE Cleanup Volunteer
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.