Solved

ISA 2004 Server Stops Traffic, Requires Reboot

Posted on 2006-06-26
6
631 Views
Last Modified: 2008-02-01
Hi i am working with an ISA 2004 firewall that i did not personally setup. Every month or two i get a call and the client states that they cannot reach the internet. The box is reachable but it seems the web and firewall proxy services stop allowing traffic. A Reboot has fixed the problem everytime to date, but i want to try and resolve the issue.

The following errors appear around the time the issue occurs, but i also see them happening on a routine basis during normal operation:


LSASRV 40960

The Security System detected an authentication error for the server DNS/chngw01.chn.local.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".


The ISA server is not part of a domain (there is no domain), however it is running DNS. Currently i see that the internal network card is using itself as the dns server (and only itself) whole the external card is using 2 ISP dns servers. Is this correct?.

i would like to resolve the lsa error, but since i see it occur about every 15 minutes it may not be my real issue.

There are no other errors that occur around the time that they lose internet access.

The isa server is essentially configured to allow only a set of business approved websites (http) otherwise everything is allowed through
0
Comment
Question by:Baran711
  • 4
  • 2
6 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 16990046
Open the isa gui - click monitoring - alerts. Anything listed in there? If so, hightlight each alert, what text displays at the detail section at the bottom of the page?
Are your internal machines using the ISA box for DNS? If so, have you amended the ISA System policy to allow machines to talk to ISA?
0
 

Author Comment

by:Baran711
ID: 16991804
Under monitoring, alerts, i have a list of predefined alert types. There i can specify what actions to take if the alert criteria is mett. At this point they are all set to write to the event log. I do not see where you would actually view an alert that occured in the ISA 2004 GUI. The internal machines are using the ISA for DNS. Looking at the IP filter tables, all traffic is set to allow except for DHCP. Under protocol Rules, all IP traffic is enabled with the exception of 3 w32 virus definitions (sasser, netsky, and bagle)

Under site and content rule there is a filter that denies all traffic not in a business approved list. Under that there is an allow all.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16992264
That is bizarre; sounds more like ISA2000 rather than ISA2004. I'll be home in about three hours so will look at this further
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16994771
Baran, can you confirm you are on isa 2004? In the gui, select help in the top of the window; should say help about isa2004?
Site and Content rules do not exist in ISA2004, only ISA2000.

If it is isa2000, then yes; ISA should have a caching dns service installed.
If you are not running a domain, just a workgroup then I'm not sure how you are using Kerberos?
0
 

Author Comment

by:Baran711
ID: 16995117
yep it is 2000, i actually reposted earlier today after discovering this =).

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16995148
lol, yeah, just found your new post (only just got in from work about 30 minutes ago)
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now