Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ISA 2004 Server Stops Traffic, Requires Reboot

Posted on 2006-06-26
6
Medium Priority
?
641 Views
Last Modified: 2008-02-01
Hi i am working with an ISA 2004 firewall that i did not personally setup. Every month or two i get a call and the client states that they cannot reach the internet. The box is reachable but it seems the web and firewall proxy services stop allowing traffic. A Reboot has fixed the problem everytime to date, but i want to try and resolve the issue.

The following errors appear around the time the issue occurs, but i also see them happening on a routine basis during normal operation:


LSASRV 40960

The Security System detected an authentication error for the server DNS/chngw01.chn.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".


The ISA server is not part of a domain (there is no domain), however it is running DNS. Currently i see that the internal network card is using itself as the dns server (and only itself) whole the external card is using 2 ISP dns servers. Is this correct?.

i would like to resolve the lsa error, but since i see it occur about every 15 minutes it may not be my real issue.

There are no other errors that occur around the time that they lose internet access.

The isa server is essentially configured to allow only a set of business approved websites (http) otherwise everything is allowed through
0
Comment
Question by:Baran711
  • 4
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 16990046
Open the isa gui - click monitoring - alerts. Anything listed in there? If so, hightlight each alert, what text displays at the detail section at the bottom of the page?
Are your internal machines using the ISA box for DNS? If so, have you amended the ISA System policy to allow machines to talk to ISA?
0
 

Author Comment

by:Baran711
ID: 16991804
Under monitoring, alerts, i have a list of predefined alert types. There i can specify what actions to take if the alert criteria is mett. At this point they are all set to write to the event log. I do not see where you would actually view an alert that occured in the ISA 2004 GUI. The internal machines are using the ISA for DNS. Looking at the IP filter tables, all traffic is set to allow except for DHCP. Under protocol Rules, all IP traffic is enabled with the exception of 3 w32 virus definitions (sasser, netsky, and bagle)

Under site and content rule there is a filter that denies all traffic not in a business approved list. Under that there is an allow all.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16992264
That is bizarre; sounds more like ISA2000 rather than ISA2004. I'll be home in about three hours so will look at this further
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16994771
Baran, can you confirm you are on isa 2004? In the gui, select help in the top of the window; should say help about isa2004?
Site and Content rules do not exist in ISA2004, only ISA2000.

If it is isa2000, then yes; ISA should have a caching dns service installed.
If you are not running a domain, just a workgroup then I'm not sure how you are using Kerberos?
0
 

Author Comment

by:Baran711
ID: 16995117
yep it is 2000, i actually reposted earlier today after discovering this =).

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16995148
lol, yeah, just found your new post (only just got in from work about 30 minutes ago)
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question