Solved

ISA 2004 Server Stops Traffic, Requires Reboot

Posted on 2006-06-26
6
639 Views
Last Modified: 2008-02-01
Hi i am working with an ISA 2004 firewall that i did not personally setup. Every month or two i get a call and the client states that they cannot reach the internet. The box is reachable but it seems the web and firewall proxy services stop allowing traffic. A Reboot has fixed the problem everytime to date, but i want to try and resolve the issue.

The following errors appear around the time the issue occurs, but i also see them happening on a routine basis during normal operation:


LSASRV 40960

The Security System detected an authentication error for the server DNS/chngw01.chn.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".


The ISA server is not part of a domain (there is no domain), however it is running DNS. Currently i see that the internal network card is using itself as the dns server (and only itself) whole the external card is using 2 ISP dns servers. Is this correct?.

i would like to resolve the lsa error, but since i see it occur about every 15 minutes it may not be my real issue.

There are no other errors that occur around the time that they lose internet access.

The isa server is essentially configured to allow only a set of business approved websites (http) otherwise everything is allowed through
0
Comment
Question by:Baran711
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 16990046
Open the isa gui - click monitoring - alerts. Anything listed in there? If so, hightlight each alert, what text displays at the detail section at the bottom of the page?
Are your internal machines using the ISA box for DNS? If so, have you amended the ISA System policy to allow machines to talk to ISA?
0
 

Author Comment

by:Baran711
ID: 16991804
Under monitoring, alerts, i have a list of predefined alert types. There i can specify what actions to take if the alert criteria is mett. At this point they are all set to write to the event log. I do not see where you would actually view an alert that occured in the ISA 2004 GUI. The internal machines are using the ISA for DNS. Looking at the IP filter tables, all traffic is set to allow except for DHCP. Under protocol Rules, all IP traffic is enabled with the exception of 3 w32 virus definitions (sasser, netsky, and bagle)

Under site and content rule there is a filter that denies all traffic not in a business approved list. Under that there is an allow all.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16992264
That is bizarre; sounds more like ISA2000 rather than ISA2004. I'll be home in about three hours so will look at this further
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16994771
Baran, can you confirm you are on isa 2004? In the gui, select help in the top of the window; should say help about isa2004?
Site and Content rules do not exist in ISA2004, only ISA2000.

If it is isa2000, then yes; ISA should have a caching dns service installed.
If you are not running a domain, just a workgroup then I'm not sure how you are using Kerberos?
0
 

Author Comment

by:Baran711
ID: 16995117
yep it is 2000, i actually reposted earlier today after discovering this =).

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16995148
lol, yeah, just found your new post (only just got in from work about 30 minutes ago)
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question