Solved

ISA 2004 Server Stops Traffic, Requires Reboot

Posted on 2006-06-26
6
632 Views
Last Modified: 2008-02-01
Hi i am working with an ISA 2004 firewall that i did not personally setup. Every month or two i get a call and the client states that they cannot reach the internet. The box is reachable but it seems the web and firewall proxy services stop allowing traffic. A Reboot has fixed the problem everytime to date, but i want to try and resolve the issue.

The following errors appear around the time the issue occurs, but i also see them happening on a routine basis during normal operation:


LSASRV 40960

The Security System detected an authentication error for the server DNS/chngw01.chn.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".


The ISA server is not part of a domain (there is no domain), however it is running DNS. Currently i see that the internal network card is using itself as the dns server (and only itself) whole the external card is using 2 ISP dns servers. Is this correct?.

i would like to resolve the lsa error, but since i see it occur about every 15 minutes it may not be my real issue.

There are no other errors that occur around the time that they lose internet access.

The isa server is essentially configured to allow only a set of business approved websites (http) otherwise everything is allowed through
0
Comment
Question by:Baran711
  • 4
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 16990046
Open the isa gui - click monitoring - alerts. Anything listed in there? If so, hightlight each alert, what text displays at the detail section at the bottom of the page?
Are your internal machines using the ISA box for DNS? If so, have you amended the ISA System policy to allow machines to talk to ISA?
0
 

Author Comment

by:Baran711
ID: 16991804
Under monitoring, alerts, i have a list of predefined alert types. There i can specify what actions to take if the alert criteria is mett. At this point they are all set to write to the event log. I do not see where you would actually view an alert that occured in the ISA 2004 GUI. The internal machines are using the ISA for DNS. Looking at the IP filter tables, all traffic is set to allow except for DHCP. Under protocol Rules, all IP traffic is enabled with the exception of 3 w32 virus definitions (sasser, netsky, and bagle)

Under site and content rule there is a filter that denies all traffic not in a business approved list. Under that there is an allow all.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16992264
That is bizarre; sounds more like ISA2000 rather than ISA2004. I'll be home in about three hours so will look at this further
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16994771
Baran, can you confirm you are on isa 2004? In the gui, select help in the top of the window; should say help about isa2004?
Site and Content rules do not exist in ISA2004, only ISA2000.

If it is isa2000, then yes; ISA should have a caching dns service installed.
If you are not running a domain, just a workgroup then I'm not sure how you are using Kerberos?
0
 

Author Comment

by:Baran711
ID: 16995117
yep it is 2000, i actually reposted earlier today after discovering this =).

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16995148
lol, yeah, just found your new post (only just got in from work about 30 minutes ago)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now