Resolving an FTP connectivity issue on an ISA Server

Background info:
Active Directory environment:
WebMarshal Server & ISA(Version 3.0.3.24) reside on the same box. Win2000 Server SP4

There was an issue with WebMarshal not applying our configured rules. At some point I think it became corrupt.
We resolved this issue quickly, however I have noticed that all FTP and access to HTTPS sites are now blocked.

When I attempt access.
Pop - up Message reads:
The Folder "ftp://ftp.address here.net/" is read-only because the proxy server is not set up to allow full access. Contact you administrator.

Additional info on web page once the Pop-up has been acknowledged

HTTP 502 Proxy Error - The login request was denied. The logon account might have been disabled or logon information might have changed. Log on again to verify that the information was typed correctly. If the problem continues, report the problem to the administrator of the Internet server you are requesting. (12015)
Internet Security and Acceleration Server

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Background:
The gateway could not retrieve the requested page.

ISA Server: ISA.lan.etc.ect
Via:

Time: 5/31/2006

Bearing in mind I have a very slight knowledge of ISA and it's workings, I have checked what I can, and checked the FTP protocol is still enabled. We have several sites we use, which points to some kind of config error, however, I know that prior to this WebMarshal hiccup, everything was Ok.

Would anyone be able to advise, where I start to find a solution.

G
gavin_dAsked:
Who is Participating?
 
Keith AlabasterEnterprise ArchitectCommented:
the fact you are getting a 12015 suggests you are still running ISA2000. I'll make the assumption that you have installed SP1, Feature Pack 1 and SP2?

Never used webmarshall so you may have to help me out on this bit.
Are you running ISA2000 in cache mode, firewall mode or integrated?

http://www.microsoft.com/technet/prodtechnol/isa/2000/maintain/isa2kupd.mspx
Feature Pack (FP) 1 fixed many 502 errors; I am wondering if webmarshall's hiccup has impacted these updates?

This is a useful troubleshooting section to start with.
http://www.microsoft.com/technet/prodtechnol/isa/2000/proddocs/isadocs/cmt_trblaccess.mspx?mfr=true

0
 
Keith AlabasterEnterprise ArchitectCommented:
Question moved to Firewalls Topic Area

keith_alabaster
EE Page Editor
0
 
gavin_dAuthor Commented:
Hi Keith,

Apologies for posting in the incorrect area.

Bear with me on this.......Our IT Manager has left the company, and I am trying to resolve this issue.

Yes I thnk it is ISA2000, though how I can check that I do not know.
From what I can see it is Standard Edition, running in Integrated Mode.
It was commissioned on or arround Jan 2002, and I am presuming it would have the SP and Feature Packs installed.
Is there anyway to check this on the Server? And or check that these upates have not been impacted, as you put it?

I will look at the links you have supplied, thank you, and will get back to you.

Gavin
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Keith AlabasterEnterprise ArchitectCommented:
No sweat. explore c:\program files or open the gui and check the help section. It will tell you the version of ISA.
If its integrated mode, its definitely isa2000; no such thing in isa 2004 or 2006.

In the conrol panel, select the add/remove programs. You will see the service packs etc listed if they have been added :)
0
 
gavin_dAuthor Commented:
Thanks will check there.

As an added incentive to finding a solution, my IT Manager, has left the company, suddenly today.
I have yet to find out why.......
0
 
gavin_dAuthor Commented:
Hi Keith,

It is running ISA Sever SP1 + Hot fixes.

I will download the SP2 from the link you gave me.
Should I still apply this prior to solving the connectivity issue, or do you think this should be applied retrospectively?

Gavin
0
 
Keith AlabasterEnterprise ArchitectCommented:
There is also a feature pack 1 for ISA2000. You will likely find it on the downloads page as well. I would certainly install the service packs and MS updates first.
0
 
gavin_dAuthor Commented:
Thanks.

I have downloaded the feature pack and will consider applying it after the service pack update.
My only concern is that if there is an issue when I apply these and I am required to do some configuration, it may all fall down.

Is it usual for these packs to apply, without requiring user intervention?

Guess I am worried I do more damage, before I get the FTP issue addressed first.

My first available time slot, to take this server off-line will be 01.30GMT Thurday.

Gavin.
0
 
Keith AlabasterEnterprise ArchitectCommented:
At the end of the day Gavin this has to be your call. The Service Packs install without intervention. The problem is also that ISA2000 is no longer a main stream product and is also out of mainstraem support (ended Aril 2006). 2004 is the current and ISA2006 is about to be released. That said, I have never had a problem with FTP on any ISA platform so we should be able to get it to work. (webmarshal is new to me though).

The bestwe can do really is to backup the ISA config before you start. Put the first service pack on and then lets see how we get on. It certainly won't make your ftp any worse....

0
 
gavin_dAuthor Commented:
Keith, cheers for that.

My anticipated work on the ISA was interupted by other more urgent wrok that appeared on Thursday / Thursday night.

I will have to postpone it to Thursday again, unless I can schedule in some downtime soon.

Gavin
0
 
Keith AlabasterEnterprise ArchitectCommented:
OK. I'll be around :)
0
 
gavin_dAuthor Commented:
Keith,

I must apologies for the lack of movement on this issue. I had a production server completely die on me and it has taken a lot of my time to get it re-built and the third party workflow re-instated and correctly configured on it.

I now have only this Thursday night, to tackle the ISA issue before I have a two-week break. If I do not get the issue resolved by then, in fairness to yourself, who has been very informative and helpful, I will close the question and award t he points.

I will probably have to open a new question when I get back.

Once again many thanks.

Gavin
0
 
Keith AlabasterEnterprise ArchitectCommented:
:) Thanks Gavin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.