Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ISA 2004 Domain controller question

Posted on 2006-07-19
5
Medium Priority
?
329 Views
Last Modified: 2013-11-16
Is it really that bad to have ISA running on the same box as the domain controller?  I hear conflicting opinions.  I havn't had a problem yet.  I'm not sure why it would matter but I'd like to get an another take on it.
0
Comment
Question by:hmcnasty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 17145363
This depend on how you are using ISA.

For example, SBS2000/2003 comes with ISA server (premium versions) and therefore sits on a DC anyway.

If you are using ISA on non-SBS systems but in a firewall mode, you should not have ISA on a DC in best practice. ISA (in a firewall mode) should be dedicated to running ISA services. To make it run as a DC as well requires many ports to be opened to allow dns, dhcp, pc, kerberos etc to talk to other controllers and the internal networks.

If you are using ISA in a proxy mode then it being on a DC is not so much of an issue.

Regards

Keith
ISA MCT
0
 

Author Comment

by:hmcnasty
ID: 17146753
Keith ,

Thank you I found out the hard way it does matter.  Up until today I've been using SBS 2003 on most of my clients and ISA works great so I assumed in a Server 2003 enterprise environment I could run ISA on the AD Exchange box.  Oh boy did it mess things up none of the built in policies worked.  It wouldn't even give out DHCP after I installed it.  I had to create a rule for eveyting .  It sucked. BUT ....I moved it on it's owns box and I am happy to say I am off and running.  I will however have a few questions abotu policies though.

Thank you very much.

Wes
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17146938
No problem Wes. If you are ever in the position where you literally have no choice.....

Click the firewall policy and look at the top of the screen. You will see a row of icons; select the last one (it toggles the system policy as visible/invisible). This will display another 17-18 rules for the system policy. This is where you would make the amendments for all the various connotations. As i said, it can be done but its yukky :)

Regards

Keith
0
 

Author Comment

by:hmcnasty
ID: 17147068
I'll tell you one I can't get is VPN outbound I have clients I VPN into and I can 't get it to go out. My rule: allow PPTP all networks to external allusers.  I figured that would do it .

W
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17149000
Open the gui.
Click on monitoring - logging - start query.
try the connection.
What do you see in the log?
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question