Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ISA 2004 Server Stops Traffic, Requires Reboot

Posted on 2006-06-26
6
Medium Priority
?
640 Views
Last Modified: 2008-02-01
Hi i am working with an ISA 2004 firewall that i did not personally setup. Every month or two i get a call and the client states that they cannot reach the internet. The box is reachable but it seems the web and firewall proxy services stop allowing traffic. A Reboot has fixed the problem everytime to date, but i want to try and resolve the issue.

The following errors appear around the time the issue occurs, but i also see them happening on a routine basis during normal operation:


LSASRV 40960

The Security System detected an authentication error for the server DNS/chngw01.chn.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".


The ISA server is not part of a domain (there is no domain), however it is running DNS. Currently i see that the internal network card is using itself as the dns server (and only itself) whole the external card is using 2 ISP dns servers. Is this correct?.

i would like to resolve the lsa error, but since i see it occur about every 15 minutes it may not be my real issue.

There are no other errors that occur around the time that they lose internet access.

The isa server is essentially configured to allow only a set of business approved websites (http) otherwise everything is allowed through
0
Comment
Question by:Baran711
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16990046
Open the isa gui - click monitoring - alerts. Anything listed in there? If so, hightlight each alert, what text displays at the detail section at the bottom of the page?
Are your internal machines using the ISA box for DNS? If so, have you amended the ISA System policy to allow machines to talk to ISA?
0
 

Author Comment

by:Baran711
ID: 16991804
Under monitoring, alerts, i have a list of predefined alert types. There i can specify what actions to take if the alert criteria is mett. At this point they are all set to write to the event log. I do not see where you would actually view an alert that occured in the ISA 2004 GUI. The internal machines are using the ISA for DNS. Looking at the IP filter tables, all traffic is set to allow except for DHCP. Under protocol Rules, all IP traffic is enabled with the exception of 3 w32 virus definitions (sasser, netsky, and bagle)

Under site and content rule there is a filter that denies all traffic not in a business approved list. Under that there is an allow all.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16992264
That is bizarre; sounds more like ISA2000 rather than ISA2004. I'll be home in about three hours so will look at this further
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16994771
Baran, can you confirm you are on isa 2004? In the gui, select help in the top of the window; should say help about isa2004?
Site and Content rules do not exist in ISA2004, only ISA2000.

If it is isa2000, then yes; ISA should have a caching dns service installed.
If you are not running a domain, just a workgroup then I'm not sure how you are using Kerberos?
0
 

Author Comment

by:Baran711
ID: 16995117
yep it is 2000, i actually reposted earlier today after discovering this =).

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16995148
lol, yeah, just found your new post (only just got in from work about 30 minutes ago)
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question