Resolving an FTP connectivity issue on an ISA Server
Background info:
Active Directory environment:
WebMarshal Server & ISA(Version 3.0.3.24) reside on the same box. Win2000 Server SP4
There was an issue with WebMarshal not applying our configured rules. At some point I think it became corrupt.
We resolved this issue quickly, however I have noticed that all FTP and access to HTTPS sites are now blocked.
When I attempt access.
Pop - up Message reads:
The Folder "ftp://ftp.address here.net/" is read-only because the proxy server is not set up to allow full access. Contact you administrator.
Additional info on web page once the Pop-up has been acknowledged
HTTP 502 Proxy Error - The login request was denied. The logon account might have been disabled or logon information might have changed. Log on again to verify that the information was typed correctly. If the problem continues, report the problem to the administrator of the Internet server you are requesting. (12015)
Internet Security and Acceleration Server
--------------------------
Technical Information (for support personnel)
Background:
The gateway could not retrieve the requested page.
ISA Server: ISA.lan.etc.ect
Via:
Time: 5/31/2006
Bearing in mind I have a very slight knowledge of ISA and it's workings, I have checked what I can, and checked the FTP protocol is still enabled. We have several sites we use, which points to some kind of config error, however, I know that prior to this WebMarshal hiccup, everything was Ok.
Would anyone be able to advise, where I start to find a solution.
G
Active Directory environment:
WebMarshal Server & ISA(Version 3.0.3.24) reside on the same box. Win2000 Server SP4
There was an issue with WebMarshal not applying our configured rules. At some point I think it became corrupt.
We resolved this issue quickly, however I have noticed that all FTP and access to HTTPS sites are now blocked.
When I attempt access.
Pop - up Message reads:
The Folder "ftp://ftp.address here.net/" is read-only because the proxy server is not set up to allow full access. Contact you administrator.
Additional info on web page once the Pop-up has been acknowledged
HTTP 502 Proxy Error - The login request was denied. The logon account might have been disabled or logon information might have changed. Log on again to verify that the information was typed correctly. If the problem continues, report the problem to the administrator of the Internet server you are requesting. (12015)
Internet Security and Acceleration Server
--------------------------
Technical Information (for support personnel)
Background:
The gateway could not retrieve the requested page.
ISA Server: ISA.lan.etc.ect
Via:
Time: 5/31/2006
Bearing in mind I have a very slight knowledge of ISA and it's workings, I have checked what I can, and checked the FTP protocol is still enabled. We have several sites we use, which points to some kind of config error, however, I know that prior to this WebMarshal hiccup, everything was Ok.
Would anyone be able to advise, where I start to find a solution.
G
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Keith,
Apologies for posting in the incorrect area.
Bear with me on this.......Our IT Manager has left the company, and I am trying to resolve this issue.
Yes I thnk it is ISA2000, though how I can check that I do not know.
From what I can see it is Standard Edition, running in Integrated Mode.
It was commissioned on or arround Jan 2002, and I am presuming it would have the SP and Feature Packs installed.
Is there anyway to check this on the Server? And or check that these upates have not been impacted, as you put it?
I will look at the links you have supplied, thank you, and will get back to you.
Gavin
Apologies for posting in the incorrect area.
Bear with me on this.......Our IT Manager has left the company, and I am trying to resolve this issue.
Yes I thnk it is ISA2000, though how I can check that I do not know.
From what I can see it is Standard Edition, running in Integrated Mode.
It was commissioned on or arround Jan 2002, and I am presuming it would have the SP and Feature Packs installed.
Is there anyway to check this on the Server? And or check that these upates have not been impacted, as you put it?
I will look at the links you have supplied, thank you, and will get back to you.
Gavin
No sweat. explore c:\program files or open the gui and check the help section. It will tell you the version of ISA.
If its integrated mode, its definitely isa2000; no such thing in isa 2004 or 2006.
In the conrol panel, select the add/remove programs. You will see the service packs etc listed if they have been added :)
If its integrated mode, its definitely isa2000; no such thing in isa 2004 or 2006.
In the conrol panel, select the add/remove programs. You will see the service packs etc listed if they have been added :)
ASKER
Thanks will check there.
As an added incentive to finding a solution, my IT Manager, has left the company, suddenly today.
I have yet to find out why.......
As an added incentive to finding a solution, my IT Manager, has left the company, suddenly today.
I have yet to find out why.......
ASKER
Hi Keith,
It is running ISA Sever SP1 + Hot fixes.
I will download the SP2 from the link you gave me.
Should I still apply this prior to solving the connectivity issue, or do you think this should be applied retrospectively?
Gavin
It is running ISA Sever SP1 + Hot fixes.
I will download the SP2 from the link you gave me.
Should I still apply this prior to solving the connectivity issue, or do you think this should be applied retrospectively?
Gavin
There is also a feature pack 1 for ISA2000. You will likely find it on the downloads page as well. I would certainly install the service packs and MS updates first.
ASKER
Thanks.
I have downloaded the feature pack and will consider applying it after the service pack update.
My only concern is that if there is an issue when I apply these and I am required to do some configuration, it may all fall down.
Is it usual for these packs to apply, without requiring user intervention?
Guess I am worried I do more damage, before I get the FTP issue addressed first.
My first available time slot, to take this server off-line will be 01.30GMT Thurday.
Gavin.
I have downloaded the feature pack and will consider applying it after the service pack update.
My only concern is that if there is an issue when I apply these and I am required to do some configuration, it may all fall down.
Is it usual for these packs to apply, without requiring user intervention?
Guess I am worried I do more damage, before I get the FTP issue addressed first.
My first available time slot, to take this server off-line will be 01.30GMT Thurday.
Gavin.
At the end of the day Gavin this has to be your call. The Service Packs install without intervention. The problem is also that ISA2000 is no longer a main stream product and is also out of mainstraem support (ended Aril 2006). 2004 is the current and ISA2006 is about to be released. That said, I have never had a problem with FTP on any ISA platform so we should be able to get it to work. (webmarshal is new to me though).
The bestwe can do really is to backup the ISA config before you start. Put the first service pack on and then lets see how we get on. It certainly won't make your ftp any worse....
The bestwe can do really is to backup the ISA config before you start. Put the first service pack on and then lets see how we get on. It certainly won't make your ftp any worse....
ASKER
Keith, cheers for that.
My anticipated work on the ISA was interupted by other more urgent wrok that appeared on Thursday / Thursday night.
I will have to postpone it to Thursday again, unless I can schedule in some downtime soon.
Gavin
My anticipated work on the ISA was interupted by other more urgent wrok that appeared on Thursday / Thursday night.
I will have to postpone it to Thursday again, unless I can schedule in some downtime soon.
Gavin
OK. I'll be around :)
ASKER
Keith,
I must apologies for the lack of movement on this issue. I had a production server completely die on me and it has taken a lot of my time to get it re-built and the third party workflow re-instated and correctly configured on it.
I now have only this Thursday night, to tackle the ISA issue before I have a two-week break. If I do not get the issue resolved by then, in fairness to yourself, who has been very informative and helpful, I will close the question and award t he points.
I will probably have to open a new question when I get back.
Once again many thanks.
Gavin
I must apologies for the lack of movement on this issue. I had a production server completely die on me and it has taken a lot of my time to get it re-built and the third party workflow re-instated and correctly configured on it.
I now have only this Thursday night, to tackle the ISA issue before I have a two-week break. If I do not get the issue resolved by then, in fairness to yourself, who has been very informative and helpful, I will close the question and award t he points.
I will probably have to open a new question when I get back.
Once again many thanks.
Gavin
:) Thanks Gavin
keith_alabaster
EE Page Editor